xorist | 20c010a4f163e1548d5654967452effb7ec18b60034077ff7b2ace4d39dfaa94

Analysis

max time kernel
100s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Size

13KB
MD5

309a8303b385958cffe14970238f0ffa
SHA1

ea36ae363736b33c28fdb123c762bea15f30bca4
SHA256

20c010a4f163e1548d5654967452effb7ec18b60034077ff7b2ace4d39dfaa94
SHA512

5ec1163786650a9a0abad0cd15c2e832c645b401885e756321ffb55f861faf53782e1947704d63ce1a2f616175ad8ef514916add3fe8c24f8c1d6d7961e19ad9
SSDEEP

192:Azdrr1FG1WDCgmjPZQv1ifQYpT5xMa27OYYaOCIX5jj2J/e81rXFUA:Aprr1gkDCgSgIZpdxVg48rrXFB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2800-6423-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-6422-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-10915-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-11051-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-11354-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-11359-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2800-11360-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe"	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2800-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-6423-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-6422-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-10915-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-11051-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-11354-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-11359-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2800-11360-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\VideoFrameExtractor\Views\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-300.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-125_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-unplated_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\dark.gif	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-lightunplated.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int.gif	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-150.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square44x44Logo.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsLargeTile.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-36_altform-unplated.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare71x71Logo.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-48_altform-unplated.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-200_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-150.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-400.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-400_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteLargeTile.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-64_altform-unplated_contrast-white.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\150.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-125.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..rotection.resources_31bf3856ad364e35_10.0.19041.1_de-de_cc9e299c408167c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_550a59db0f5621b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_10.0.19041.1_es-es_1392da55382b3ddc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-system-diagnostics_31bf3856ad364e35_10.0.19041.264_none_fc0e64de64f61543\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..sreadline.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a3d97b0cc1909fa4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.hostcompute.powershell.cmdlets_31bf3856ad364e35_10.0.19041.1_none_60b66e93316b657a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_storfwupdate.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_dfa8189646f6034b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_de-de_0ce936dc00103a66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_915cf6e0c6649f87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_it-it_13b9914b9f8e664f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-desktop-playtomenu_31bf3856ad364e35_10.0.19041.1_none_6e3adab92823614b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ApplicationGuard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ies-spanish-fluency_31bf3856ad364e35_10.0.19041.1_none_d863d8db7140ca3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1151_none_b36f7f02e0310842\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..rience-api-internal_31bf3856ad364e35_10.0.19041.117_none_defd8fc69e1c1647\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1266_none_1833f07ce0c90b68\StoreLogo.scale-100.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.web.routing.resources_31bf3856ad364e35_4.0.15805.0_it-it_a7193fafe12cd5f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b7d90acf8a700c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-openfiles.resources_31bf3856ad364e35_10.0.19041.1_de-de_8653e0ac29c993ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_704e2533c1332e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpf-globalsansserifcf_31bf3856ad364e35_10.0.19041.1_none_043c873f9adcc058\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_es-es_9f049662ba12107e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-trustlet_31bf3856ad364e35_10.0.19041.84_none_dd81fb99bc3b1e53\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4ac1ff374138d7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..enhancementoverride_31bf3856ad364e35_10.0.19041.906_none_18cdae449d3e3521\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\v4.0_1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\header.html	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..grams-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5663f592b8dab4d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Outlook.Theme-Light_Scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_devicepairingproxy.resources_31bf3856ad364e35_10.0.19041.1_en-us_36c84d17b4f5be1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_de-de_bb9bb35a9dc2a102\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_urssynopsys.inf_31bf3856ad364e35_10.0.19041.1_none_c25c085f7763a4cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..provider-msauserext_31bf3856ad364e35_10.0.19041.423_none_bd04f33490fda539\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.directoryser..protocols.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_ab42eccabc09ccc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9be9f99dd86458fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_10.0.19041.1_none_ff3f122f126e89bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.207_none_71e36689b4f98543\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.0.19041.1_none_9db2fd18131e032c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeprovisioningstatus-main.html	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo310x310.scale-400.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_10.0.19041.546_none_bad936652ad03072\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_10.0.19041.1_de-de_3ad0a502c682285d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-directx-database-fod_31bf3856ad364e35_10.0.19041.1_none_b7ea10a2240a7af8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_10.0.19041.1_none_875a9d43042f06ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-18.htm	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-themecpl_31bf3856ad364e35_10.0.19041.423_none_d4d939a96536838d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ndowmanager-effects_31bf3856ad364e35_10.0.19041.546_none_d951a72ad1ee4c8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsynthnic_31bf3856ad364e35_10.0.19041.1_none_652871dfcc054ad0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-l..languageoverlayutil_31bf3856ad364e35_10.0.19041.1_none_7e3faeefdba561cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8e9e696a3f31534b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-80_altform-unplated_contrast-black.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..almanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_3a284eb159a75e73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ell-serviceprovider_31bf3856ad364e35_10.0.19041.1151_none_35d6d88b94afbd30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\Assets\LockScreenLogo.scale-200.png	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-17.htm	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\PhishSite_Iframe.htm	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-skype-ortc_31bf3856ad364e35_10.0.19041.153_none_c7e282bdad806bdc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe,0"	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\T77E0sNhHdq7Ov6.exe"	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ULEPQAWHZVFFULJ"	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\ = "CRYPTED!"	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ULEPQAWHZVFFULJ\DefaultIcon	309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\309a8303b385958cffe14970238f0ffa_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
30df42721a8f98736509202d5fb00569

SHA1
9c63addbf10a8fa0e9a7e2c624f38e4d438be2bc

SHA256
606708e978146b28186d66971b9411d98f64346fa66811badb3478733ad240b7

SHA512
83ab32308b10973addd9da78f9f326169ab7d6b63aa15ac2710ced515689fd45ecf3269b4bd2efafb6e32d0501af87c7feaa44b819fe4d276aedc31514d5ca22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
019f5e2f95a45768be6fa7f1f95991a7

SHA1
4dcd79ae1fecbfa0c632574817a1373e999f0264

SHA256
0d7b707070e2b1916586ade711210b9edfd64e589f4519ba2d95c63a91e60b77

SHA512
3eeaa1d9f2884ebd32082a054108c48e58687657b0a2a0273adfc1cf35457c36da0d3bab8fcd108af824315f79fda418b70cf72f74619ec0a076d7a794a9dee9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
c08aa57aacc75979b2a7eccfbe4b55e7

SHA1
9c0e9e10ea2068baa612e7497f38808485e3770a

SHA256
0d7d2efedf4b3a234d9b79b14fcf1bb8560be624543078446bc4aa68066508f9

SHA512
ac4a78f244e882da512ce73b99c7f1e9a6394275790f420302294af8329ac33acb9fa9c2d98b003f5081010099df6df2eaa162da871d356fdf58a50a13c1e05a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
05c8aa7112e0964c0fe375f31c60391d

SHA1
587009374a7c35a778ef0ccd7f5e7cb7c62c06f3

SHA256
7aa747b0c8747b68749eca404e15afc9d59bd15cc7de4cd82776bb4c651206cb

SHA512
65e0eb22bafcccb418b5b1cda421e1a35786186263f31a12ce730abdffa19ccc2a33447d04b14c2486e200b2d8e668181e73cbd22cb1839983c74fe857545450

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
80f6f56983dea567a3528e2befde7f5f

SHA1
20e80998720cfac753655efc06b25ae96cd3c802

SHA256
17065d0e6bedeb114dc654860c27e7c91987a6204394a8ba3da47fb90e25d3f5

SHA512
cf56a2c51887811b4b77e8d2074e6faf246cd99fda932694ba270f4236677d0da0c8ddebf96dd1dfe2d29a60892a4893b5562cb7bbeae2a52dafb8fc5c562eb1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
ac51da2b393018fc0b9bd517e9773381

SHA1
c897edaf08586ac4ca8c37e542f1ce98bc8c6f61

SHA256
a394434f430c39edc8653597bc6505b08cbe4ac2dce2c290a1ade53933747401

SHA512
78a8d69927fa81121106729bd4d6ad7e86941fcda8b8bd76bbaedde7ec0eb4e1359058e9206df6c163f180705e7392d1a6eabab46a23489dc8467b441ef6c010

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
cb2729017a340a1716a36337833f3281

SHA1
16799214cadeb9cd08acc82e43e7227cfb31fd69

SHA256
c219419c92f7a0662e210d2c3bb309f442dab52f8b68697ec98f76bfe7c9c74b

SHA512
eb357b9c6806f20b29141a5f55a8486acc97c8f90733b6898bdf3e254a822a5dbd92314c3045ff4ba5843e28a6350f31bafcfd6977e5749d32fe564f3cd6ce27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
5368df92a66e67da9ae87445e39dcdcd

SHA1
0a73723d13cf74893feba88c3f5bc8ba79f5ee91

SHA256
cd934cf5c1891fd40500e6aec6b4294528241753df80df3cdc4bc4cbde5ce877

SHA512
f30c6d01f2910b66a2f3350f50f39bc8dd1aa2dd3e6f35da9f574908f815e0a7b48e78e8a3607c3d6d35b17c4be0aeb6a655d8aa58dad45208c02f774a8fcdd1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
762c51a625a6ebef5b97ab54045b16e9

SHA1
74f073037c534dcb5a3c3d5580e66f006ea3ea29

SHA256
80c526071ccd34b9c9e63221f69341375e4837ce2a02bdf0adba210a4b1bc5ca

SHA512
53a7db5d7f0b362cb3d4007b2b0971420fd3578761e23a91be01d12ec3de0af81c106d0c4e2ff8dcca6c6183d7d79c9ef6d8cca40d8faab64ddcb25d19d8922e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
1386147dbcacf47f17f2da280595145c

SHA1
cfcffd7eff3127e7cd6748b5da8f57c349e1d637

SHA256
b0bd4dfdf7c99a6eb340e98c6eeacf4059da33bf5e67e2a5ef6d936924be5623

SHA512
68099b636fe06e3b7794829876a2de0d96ca3d6dd65747e5647afd93b1268408261f16f7b8f8694c9395fc8b6683940ab77d1aa20a08138ca2aed6fac8499189

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
1d29f810abe25e30ab5fd61a644530fd

SHA1
d4b3034366f97b616fc5508118c99849c9328392

SHA256
e77efbac98e17bee2979b2640608319b954a6af5c386ff5d350a3736d89de7eb

SHA512
431f5965488eab1560b523f0b09f440d351023fd76ea3e4693a5fff80b7d0d9c12ae667c792503559fd1d978e8966f21a9317fe97f1a5917252d759e4d259651

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b49f20cdcc604a9118f0400f52102b4f

SHA1
c980e339237687b86915b159db60ed9f4cdd6238

SHA256
3453d1cc0d2ea30f1b477cf8362709f9d844551ac0757c2ff5f6dd724c200c81

SHA512
ecc5e7b5c51b5cefb6f8b853158cf4b26972b9eb08a87fa964cfe4765d4224c7c95ee5f7be01bd468358441dccb90ddd57d317d6d410860761cbfdb54ade2f85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f427c8e83dadb0198afefadb79d5b2ce

SHA1
31ac49a0fb6b5079c19c51aac02fbd3f0877f60c

SHA256
a24c23138fa087655539137c21f8c0ab6b801b809c1c15edc838f538adb228da

SHA512
563da5537e46b5797cd4794ad1c8019bdccbfa2586ac8cc9e75ad0c618b6dbc14dd7b5154e2aa107966d407565b849c7ece9fc403d9863f65824e4486ce4ac5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
1c7b98022dac3647d2c2854ea9a26012

SHA1
abbf2f11e77f5bb576661f16551ad74d7fc4a834

SHA256
b7919d37f35a2a03988eca591c6f5089ac54759e1950184c9c2e83a4e44c9c30

SHA512
b4033e731205b1f1555d7c83ce5e38227f35dd2ee39aadbffd76482dc8321cd7a7031da6e1d031bd7dfeeb33d7c8df76b0a4aa2864c3d1e6d68392090d6fbece

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
0fba249e3a592024ff0c0d9ed015f7a5

SHA1
01a77ed1c178621ac6f57d7fde0e00e260ebed13

SHA256
2d95dd51c166a89115d46a710867ea6b4df774126d1972ef1257d5f7c6f225b0

SHA512
fc243ee87bf43b192d93846df855ac4c5c03a0748d2ff5cf48d305cc33454cba7633b6ecf97b898f74aa72a8b194e2bf35178b715f50cb46170c1e4bcffb0eba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
009cb7a7d911fa03b17d895f24582bf9

SHA1
8b86865f3ff89cb6e16016613456a7ba9aee8f92

SHA256
bffa9181240021d9b5d572a09816700c1974c19ea455864ab4db0a10f809e2a2

SHA512
d016e84c90d9fd47f5170bc0f5875c9b754d2237d1e7b43c334d49495807a8871922697fc3688bef0dea75de1606b652becc90015962efcf4de3ad62bdad2bc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
cd64c294b26ca2d6333b7d224b24ab92

SHA1
e31f482afc1d05382d86f0e3ede9d58006696fe2

SHA256
5e211401f846eb19726ff76447d16a85ccbd9a9ff761313ff68790f66af34c11

SHA512
669079bd122fb3815ca8964e602c23a209a0be4d2325c97abe05b7ec8020b89ba918f3853b89a6a2fd3ff5079a0cfbedf3cc8991b5c6af8dedbffdff5d3c39e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
b1d29a8c8020e009375b664553474744

SHA1
05b249c7e97ea905acc0d7f01ac906e4c6f04936

SHA256
0dd48fc7e1454386719e8d6c8aa9ff5e671512413a83e6e76c2f0aa5e9473b8d

SHA512
b4838d11907e5fcd1886f14a16256039f2c459f2c930de84a0610f8f2bf62974b33bd468c1f1aaa6292adc71d4eea0da136e8e1aef71a8247b4dd60f802aa91c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
a1f7c1c909980faa4f64db304ada771e

SHA1
78c581a763a2e72932167027c85649904237ce11

SHA256
d282adcc785aca26991a2e632677131446653952b5902884af4155d906a757d7

SHA512
f2f312181374c32140ebf519d1450d0959d5248de55714f6edfb8e38f46aaa7af7ffb104642f45beb2b5d04fec6bc4b7cb09b1354604b119f87e2714589fc7f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
1acca0c2efc96a4036a9ded0f016fa7b

SHA1
33ae22bbd9adf65d5643126deff40f82fd286507

SHA256
76a49cb717c45ded834e775c06ebbd8ae4dae2d24dfb41aef5013b16b0096ffc

SHA512
2fd8b845dedcc766861d13dd46ed48abd2750e7e8ce44151fe0a7e2adf3a8176f29cff88d772b534a2b24bfc0d81ceca5576aca7660e3d6e1b6b015eeba4ca2b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
6d1506239431ab3237377955142dae1b

SHA1
4f4f0c2667bc67f1b7f5984b61f2c572c54e2d12

SHA256
398e356c9d9d6163ee056ba00010b8d657e0059ed960f2c6dc6570270411fce9

SHA512
3850188d20d5c6e631d295b46bfc17943e5a93d5f505b2a11361bdc9ee5c1ad002d0eae423f6046e4c9579277f28c16bb61b47f70e89f2255cbed6600c543c2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
01aba1368289745e937b57f771885673

SHA1
c1c47d63ade873992d546686ecf7de7c7dff2889

SHA256
ab5475439b0220248cea0a74600b990d504d5c36d0179a1aaf47864ae9903087

SHA512
9b00796e2bafaa2d6bd7c18481370d6305105970118aa1fa5b6351ee71b25356f0e972fc8d64c3e8ea665b5b79c66b7f8d40a726e071c14339d7c47a2b31e782

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
522ffd639e3f61a20f3ccc0dfda13b70

SHA1
f345a55a2ea7e3e45fb94dccd1770a76ba398b9b

SHA256
ba40edbf82a4f885e7ceae0a4c66fa19977b511e711399d12156689a8d8a6620

SHA512
9f6db7f760bc57f790ea519d484e532dda188542260ab9de16621f172524524b50b3fddc0a444a9b2db15c67e49c7b4cea0d69f025ebfe1e9639ca009494561c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
790670c7573a034ed59a7fdfa1c44738

SHA1
8fbc71e2c1dc1bf9781fbe4191c142838312e41c

SHA256
338523067f8b6d86e2e1078e00b1246aed55cb259939235a8c0090f6cd0532b2

SHA512
c04bc3a114f083369af544baec87d15b0a343cd2e6a6b5908a4c0ee39578b05405875997678bd409ce37e4600e8a0f364b48995a073dea1c5198841a39bf7236

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
0854bb2160c6d49d1770bbf39f14e739

SHA1
98d0d3a6c7c95c6d795a01a761df2b2426a872f3

SHA256
e16e34ef445fd90b048790f08225a4dfa5e41e128d1c1849d1f13281f153187d

SHA512
cc4c2b059745ec847700d52311808b5dac429d070c026b195e4158f7551a453f67bc05f967a7465d6e5096ec78f0186e7f37d733d57f66cc46c0cd47efe875fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
1c76be33a7325d34a16f1cbee373776a

SHA1
f35359fccab7fafe24f58248e2e663e454ac60b8

SHA256
ad0ad4f3246f4aaae6ec3109426dfd57ded03f7cb2bfd99382cfce36b0f8a4bc

SHA512
e38bbdcfb2752b43da86001adbbb0e690f2cded005ca119ddde76b4200f385ce434729aee6082e5452e4573d7bf1e28ecd64493b7d8b3b2ab3dc7d450b858fe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
8be6ed99a8d1639330b3a2f0e102dcbb

SHA1
3dee048c1a24377dddeeb562bb363e932e62b08f

SHA256
a68e06ae84c96707e8d001a2b3e4d0f77611a299ec1503a3eed4b360575c0b1a

SHA512
e4cdaf66ad92452880dad90e17e515e552ce1910028582c3d49fbbe91adcf6a48c682bd2f28af25a75273f5a3645ae3ae4ad43447e0d7cab5009c578c8f8023c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
17429a1416d0ce3a7443bbfb66165e19

SHA1
fc68b6ba7cc2168d064270282420fb59cc2bca94

SHA256
49afe2928d180b7cbf1b4bf9d04384ef75b316e56264045cfe7b9afb7264f9ea

SHA512
fc8774286b1ddedc95fd6f0d84a0a8726784a1c114fb99dff2109e01ef60af1f518b8a3e6ea59a8974b4927cec2b0a949e94c0e8e9d0b23c0fea2dc3771246bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
537cbdfdb89c23c2a7fed616add40b67

SHA1
b4df5d93f45650bd582fdd9e5d8a7e6b529a5aba

SHA256
bca1595f0c517cb37011a4d7ae286cbdbcd6cb2a57976864283b9c2fb0b07497

SHA512
6d8a74ecf2fd45b36275206e62b82b68035dd5172869911b553a40c7a2ed2608a3b446ad38820aa7f33e7bca171f648e1a29e47aa26bcb122813ff89de56e1e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
3a0760d7156c886512216693c01a7cd6

SHA1
ce174d4833e4a7b52c7d8fece299e5a580924779

SHA256
4ad65bf74fb4910d171cd9ed0cca2353c84f54c49cdd07cc123ce6f903f5d896

SHA512
999c9e2fc45711006c0ee98c40bf933360dd4dc8b0c82b5b62484eb4c1042e242ff4a52952c8d44835ce593bd9212d1d114ef8fa7bcc2e48e3fc0bf5f03857c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
cbcf3455e5be1b1ba60a319555e73e14

SHA1
2f9bd30d765f53c6d965c2a24dc2f6d25508e176

SHA256
03c6e4b93cf49da8b554b3374a9df1213f5d7eb290b7b718e1dead29ab7832d4

SHA512
80de39c091135d97f14568a062e40c231cafd90aa03fe5cdd82e1cb0547f83f42b1841d3c1dd92e3cdb0f66471b04846def3353ad8681f73fa2dc3c8dbb007d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
fe95570fa82c5951c936d4e594992452

SHA1
32c477bfd0c89298f54ecff0aac4065d8fa1d1b0

SHA256
22aaea92e2f1a189d25737a7217984a74b5ad11049d408eb7e5bc6d245954504

SHA512
d2442eef00d99b76496a70ad3420bc08b84b7659de0d680fba4b05510609d45aac4e5d2f1433ed74a781af87c86f5ec334f5e04bea1e92ccbab0473953e0934e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e94a10ce3197f343f68770d487edb5b2

SHA1
02195093891d8518ed27c5297c32fd42aabb38c7

SHA256
d6bab4c8172bb5b3e798f85ba22eac35fa34dd2ea5ddb2b48ec694fb723c58c9

SHA512
76bc6a27f4c13540887151e9736248c3f3f3a739881fb7c73c0d09f54c288f7fd151e63ed49e499d0b273f148974665b17db0d4df60c66c351fd1675de21d0f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
bc72f03c970f02d2e8db2612b6cbbd71

SHA1
a7b1d4fc2307faa8f9be1c133adf3664a06aef70

SHA256
1563a2701a8746cc55a08e62f60e3f6958732f7f3eb20b321129642e67611a57

SHA512
70cf4fa64353b99899ad233dc9e4daee1f0842c7cfbb6254487b0c952ca274d1a4b276d3a7e5a1bca0847d703bae895a05e9e4823b053106f523cc4e42e026da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
696764c2ce6d1874a89b1c37da170046

SHA1
aad715ab3c66763146e46c6e2862e3b001972b38

SHA256
ff97a7d28ef6b216f442a02000ed5242cdb699ca871c732925857766686058d5

SHA512
df657c9f2de91933c88fa1dd1e6e1c9303105618f1075c6ad5db11a2f853ba5538e117d2efc0db7c5b71efa479fa0b4f119573d82f98019c90ebfc41b6546c78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
c7a4063f7e4af211b3c2e100ed04b7a8

SHA1
eb79984016aa078c145d7fef20561ec771e9a105

SHA256
7f19106e602f6165c5034bca1ccceec4e78e5d9098be1ab1bde8de28dccaa62b

SHA512
9d797ccc25e655ad3ffbbbdf430af418c56d7129bb96d03e1f46d4450fd7c03d66afe8740c108c3e00d6ddf0a3b5a98bb57d9eb33bff4500187eb002200f48ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
140f1adb93285bf4b6d8689efe9b7c97

SHA1
e9569a5ee00d474e49650a91bfa9bd8b0e0d142f

SHA256
4b5101d50bcf9a88f639a27f1257562f181de95e313ab3dc63166887d5c287ac

SHA512
7dcf81d4088192e8bf4a660ec98e9b28fa5c1182a246b1b426f73bc55d4e86498a6dc0345ce857489271f08a836f61b9e5b5d2694ccba73af93ec85fa1790876

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
7817f01c59a502d8698db363b855e733

SHA1
0fa62c34f7b944f3b643391fc428db4662e639e9

SHA256
4411de0118cf65ecdb50f47e216e969df2498375f15a2d02ab015ba314afbc9b

SHA512
3dd7976858aff0846ec878ce7dc0f24327555be51c205c586aef88adb234ae9e38d3e26494dbc1cab9e27a4241b3f05ae7f85895376219dda7ac1b7a35ad331f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
518B

MD5
9e9783ffbc9a6de1f0a8375c6aabf453

SHA1
b65c9e7b7eeca453620b880dbeff68f01782cd6b

SHA256
a44faa36146ee2b314d8388f12755bb00d4144d31c17ffa2c6ec544dd1795932

SHA512
3974cd57606d2c0f65d4e2c8069cfbfbb1a185a3ddd83abd8a3be59e10dc93bb77335a7aa6c69c6c12850a778123d66a1e02ea2a0d191824d0692e7358258d0b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
696ef31438ccd42b2a9bf7f2b0a4b15c

SHA1
a089b0b316f5830bf512774cc0ab8b785bcb947c

SHA256
c85d93ec0d28006237e0d942ee89ef5e1aeb41c80536f62c565f48cc272132dc

SHA512
aca3bab1704a205b452f725313021ba70f766355e14b4c5513f38e0d80732dfbe0dd0252478a70e879c729340cc964b8be7988010f2bd095942776d4827e2b60

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
970dd9222250ead018814d3271bf3a13

SHA1
75e3b12ec79498d6e881ff69f9ad4118b85f510f

SHA256
acb74e69390a86287c60a33e169bc14cdfc057006c844c2fe5f8946baa55a0c8

SHA512
095906f06a55e791e9ca4de0010c266b7329f3db7cc979635ae60c0b04cd1efc2790bbb5be86e5d560a31e5bbc98449230ee05eb59b07724ee797086f07097ba

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.EnCiPhErEd

Filesize
190B

MD5
398a2e264f5020b58ccdbe0626b1cd9e

SHA1
5cdbba071cf727483ddae85fabef3238b2921694

SHA256
1b50db97e0ea66ae244ea2ecef7343f233922e27670735f778d7328a2ad7f358

SHA512
0cff9c98697822dcc18ea91a77394bed3aae524f302cefe8b4aecdf9911a48dd0cfdd3cb276dd82078cf47e6befdfcea900ca47575c4de5465d4b5e3a3c9a9e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
119cef4f3c1b0dba85c51617db935127

SHA1
d012b9358532872d34b91cb6c9caeea93f4e9bb0

SHA256
a93efd266d00e2aff518659d150a95a2a370d98c304742763121234c18f2cf0d

SHA512
dfd261ef29d99d649ec901652162c37a93f435e53e012dbddd5ef95de33fff1bcde36258eb7bbfac9525c8e2d9e516faa470c8938bad74086789a1a177dbe368

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
629be9ca02bd0eef272ef26d4ff60f0d

SHA1
5feedf1392a1e578a684a7f6145da3bf5c99b1cf

SHA256
6177b723b282304fd26d9c8d4965a129ed5e290f8f2eb3920f538f3bceef152f

SHA512
bf2faea1bff3b56717b58688f6555fcdac7506a4defc206687169eeefbd0e01b094f19348a5b4502e79f04c35ec8741f5cca70dca5f08a94d170822345a94b1d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a9932f8eb346b25cfb89ef7b57575d08

SHA1
d58b44cf80a863786843a075708746bd4520d693

SHA256
b92d62bdf27e814582d11c21ec9816f8117d0663093785e9a1600886ca8a56a6

SHA512
cb070c313a1cae4fe49d9959826fab700d6d82e6f0e240aab0cb100e7431e82515c7a588df96cff2fb4e15f8669273365174cf645dc8ee58f3fa14f42a49cb33

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
fd149ac926ac7a837d709c32965cacb5

SHA1
6c531b7080e78c35b70ddd5502c5b20d3d931251

SHA256
7a2c8156955ef4de379b081db03aa695269fd222fe590ae2cf76563efc25e4b4

SHA512
939a486e6c743cf61352b0ff86ffdbe5d5a415191c11207d29170c45d471f8fb1424f4fcf397ccee43eda38f7e6c098d89e07442cc4c6c40a4c3a785dfee68ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
ea1ca24aa319f1150e758cada9d36007

SHA1
11b5c98574fc9344c477b2b9bcbe4d0052594713

SHA256
ec6cde40ecd56561bc5d04d0d42ea2f3163661d4161e239bd83c9df67edae79b

SHA512
e8d08852efa6e865291b939be9fb697eb02e41f7a58548704b882d32c3b5f35e2ccc9a8367ff8ec4f94f0e274e32cc6462c67f625bf243981f7217c5f1ef0183

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
7dff002fed1c1ae120ab351535f765ec

SHA1
0beec3e5f5b430bc746f547e5892f504af06aa90

SHA256
8d3448abe62d7774447ecdcde198e242e3be575844b3573fd93c9def6d8bbbe3

SHA512
30e1fd28bc0193e53bdbf98c4a3ffe89f8a34bdbe5104109ad6cc760153abc2425e915a70defb603cfe795838bfd48b34025e18e40105d35af67df804d672b50

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
4126359a506bdb6bf549e0bde9acad90

SHA1
419535ff269c2e3c46f82a7b20928448588b3f98

SHA256
c90b5003d944ee8964d4e9edc709f1d00ebe6d73a846d5e9f3582c0a29b0d15e

SHA512
f82b9244d978e19873720c6fda0a1670293a952e3a4411c56ae6ad37faceccf264f7b4e0b795f68b16eae5435be6764a07f2574f858b9012197e07b8596429ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
664de033c4a95d95e3fe51f45af61fa3

SHA1
f2639ec1ed9520e6ed130f4361aa9f95ef4614d6

SHA256
b9dc1c83ed1b4f15600522295ee13d9eb3b5e8eb9c78a606c395010d3de5b773

SHA512
0e2e84f416fa4d145298658570acec53350c02103ff3dc088fbb145b24a3ab393daeba38bbddc47922dc257ec7fd257d45bd42aa59201f42b9003c263d69001b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
2c7fe289366bee88a6249717044a92c3

SHA1
4e426d6d38777f52a477119fb2d329669816a211

SHA256
389ac1f394b14079219fcd3ac7b88f3ab83e75579db69a1e1069dbdf3e1e8432

SHA512
8421daaf16df5787fea2c667c4497f1a86cf6f9caf31d5a6b5a3b63630197ae786a6f8782debbc1fb1f33d00530f9cc2accc9d5b5c4a2109a108d4ed9c3de082

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
25d590a565c01156071ce558a745ffea

SHA1
304b76404402f6630098e55d15429b8d9885231e

SHA256
ef9c24ec57a3d373ee2ac31cfb283b833056dd3dc6166e4ed9fb97311cea7f96

SHA512
48105dd10d1b4e82e9f9dcb16b51227e92236410113ebb7d6f9ceb8646d737ae336598904cbbe93ef3a0acb7be3fa4875fd877af74a84e10d733e03b5fa4ed20

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3491d824bf45ca767ab99f50530043a5

SHA1
42257184e49fccff11baa9df87615e17bc636ba5

SHA256
9eb636b0b4e8ce2b09e86a4fb69c101d69424fd065dc859bb5305ec3d59bbbf0

SHA512
d7b054887aec863153ae5ecff80e6505c699ba1440fbb6110224d5086801087cdf2a341b52f72575a5eb2c85d554a1c3e51bad87f559ba84964be8a219bf0e4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
e32e623569c542997ea993111b3a26c7

SHA1
f8406ad06e277a5bd1eb1b2ea13f0c5c88e34784

SHA256
03daf1fae772ea14a247495d16cd0f48996c87d7d5db7549d3afe8cef9e030fd

SHA512
e1b4a6ca77f361720dc767d3aa64af9c6bd1f5a7efd30622a30076b8643a4eef0680e97d8c8253796324a1273b8ca799a8af443ec63b445fda7a3e2d609f1bbf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
0e5e3cc93ea3fce86bf5569176d317e6

SHA1
86b93cbc3a09ea1bda8bf8972b5f3cc1f1596051

SHA256
385c007c90d5b55aaff7a90e79819d47c2b87289d213376b0a64ca8dff29c8dd

SHA512
85e6f8e69389c3500f4de5e9f567fa7c3a837a66e79630333b7315ede9201bf9d670fda5b4c79e69e2b446114c183c7528a7f6cd9ed60241576815f06b1c6320

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
090e3df160e432ae71be3d71e886321d

SHA1
78e5f0cd7cd52b9bb0e11bb4c4544cb178716beb

SHA256
8edf1b2a524198e8c9666523dc09813bf741b23d4a81bc99b614d21b7eb9dd79

SHA512
5edb5c0999ba596197cf88327794524044f14ec7c66b2cf1186c278ec6067ca6d71f14d8174948939e2c7dbbc1ddfce2355b682f6058e3075f4de51a9d385c4f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
8ee49c5ac2a4fd90deeee713593f62a4

SHA1
363085c13bd69989b177dcd7f3918ecf425b9478

SHA256
f209dc56572dad8aad05379aefa0e26856eb11c59d2108680c529b48660293bb

SHA512
28ea16dda907d56acc692300c5f9bebb4e1821d982cbc8c885e8769fcfd3b1505bee4050675601a8c9ef392e98ba9b10a86618b7920fdaf008a8bf154e85674e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
e8a82af39ea97439ab04712058ef77c9

SHA1
8f9f7f9e9f78b9c82a7cd468a724ae5ea32b1f35

SHA256
87ac9bf3e320ffe421d0523d8ea2b72eda3e59562633e53237d641112b0905f0

SHA512
2428e49277fb67e256857fa414736b0b63ef3bdaebef44be460da1ce981b5daca77e1a674fe34c65dc5082cff6e3bc7aaffd2556024dba58ca1c7e3b8c02c1ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
536b92961714f28ec6208d542d21d464

SHA1
19c150792bfed0d77a6ca85f82d71100da9b101a

SHA256
d0406bcdc2ac2817fdf3ff679c681599a856b415761f63b4fce0d5cb8967b75f

SHA512
5b62bb3f227a905c026a342ab902cf83bfcbcc9df45551a506b0b8c619b33feae4e317345418381182a41771d6d6250d66d598e85357a15439a676544b4d75b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
988ff52f7e60963426bf68b00afeb6b1

SHA1
a31b5c86f3418553c92186804f9a1b07dc29bb72

SHA256
bb90edcad58a3ff69e262d22f26cb57372c8ebe212ad78bd979585a7262e9aae

SHA512
bfc1ed98360f179518c0502340f3e09f239c4f90542c6efec148c07c178633ff15510a17a5a7c7f959c727a4774ac3c4853ccde70447e91bd97af4c84ddaca80

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
6834d2c398dec6012071199a89fb1e08

SHA1
a4729b576b3255625077034acfb36187696ef1ba

SHA256
432281ea651c9f49d20ee0d2d04f8cdd5ea0d0d330405f6b3cfde936fafc9427

SHA512
42f19062f25a308b629ed24f8ec6034566073c85dfab301cd9c9960cb71dbcd647953d4ae9b33e86ef4411bfb2b27e058ee56fd9ff4d305d28ce632dc954e7ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
3f081c6d2aef02ef5ba545836f3d7dcc

SHA1
ffd3b10b763b744a4368a1e33bf96285cdae46ab

SHA256
297c6e3223d12a242cc18e8ce1cd01fe2ef5eadd362ee3182572614ccce10cec

SHA512
041ce3a7d2ef04c0d28d3f7bdc3030a09f1468fccd6f7dba43147d36057ee64e34a966b396f6404e94d148deec8a34fbd6d9b6ac7d6fc0663a47a962deb0ab70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
09061d39aee18ea2b0fe296b487acc19

SHA1
f07bb27e26aa2cabfca4a9157fcb911bbd02432d

SHA256
e202de29a5f4fb33d51666776532cd8af8d63fe5c8fffd1bcfcc5673b2560e49

SHA512
e29de1378f23accfae566b567aa548eafb29de638a271295a013072c454b4ddb61b38952a27ade13e3ff53606c83f2d4685742702a406e068a1eb75a20c3f071

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
f56f997608e9af9ffa344fa36fb375b9

SHA1
4dea1cf9cc7292dd7dde11212b5c5bc3aa3f5a6a

SHA256
188ff0310443a5f6ff0d8fcaf2cb2bbba213e8c3c4a1ef07d92030552a294617

SHA512
f7d79d7b7bc7636aa5975a8e165a7c342d595a7abc5e611ade564d48c227a9e754101cf46222dedecd303aa47501656ba6896fe58eee9c3e2f255b0afc5dcbe3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
5d7af7949228bd49999525ba21d0a63f

SHA1
ea964d04df590c62c2990c863a8aa20acdf7ac0f

SHA256
76249e94ce2d089fc4a2e52965c6ae73ee7cc86c06f583a36d1b57148931e4a2

SHA512
2c274a8002cc0709e313568bfc6fc1572683ae395c566d97f1b8c661ee6801a2a02b2e745495562372d69e00ade6e4251ccb699de5371cb4b013b1b878691fcf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
40a34f390e979b24139f8ef065c6f983

SHA1
89e106d4094dc64a9e5acd45a5518fe05915cb47

SHA256
fe34e79b075d3d3d1a4d23239838666b90dc9d5e28856c2e76550c88dd515fdd

SHA512
91152e36e893a60d297da95d1958341fcde1c4d59236b49fe44bd1d6df641294b603b957acc8b748c652e79a74fe8eb7f2a83a9c6599980d4844a9444d7f1ed0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
776f35c52bdbe55da1123e680d97c86a

SHA1
1a5f9b60310b6eca6b14e8c0cb807a7504164917

SHA256
3f8369b7fe4d17bb25548b2c8ca8dc3d34422fa79d23a7f35140096f1bd05d9f

SHA512
2ff25aedfd31cefaa43c40042b7eca3412f5d1e66495532d4d1a6dc39a10310679b0cc8efbbfd79437bc0564179a3c9608afdf5059bd2bb384441a29dcae7d5c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
d8894218c3c82f728a101177e6ab9663

SHA1
b24a3fc92aa71acfb0ea6f1bc741b0741295460c

SHA256
44f0071821999c5fdfd7d5e51f1fe7bbbed0e9490a3dccc85713f1e165274612

SHA512
e8cd8826823bee4b792df8b44354a2797b554ed49876951faa985b743e20487d06f85bac1b110241c3d9b1a77ddf3722ca5c5d3fcaa7d4a6571b8ac71de5804b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c09526ed4a687cf2c4d37e437fb27236

SHA1
1d526cf17c5a6d5e6b2f4776bb4947b1db30f086

SHA256
c27494a3667289564364aee67a82819602d832e37a0acc755063f3c1e6c42c49

SHA512
4e6b1698b1e7633b8f132998879128db67ad07d2c2f98b7d63ef9728e75eb109867ab2aa05549cab53fbdaea81edacabe75cb5d2e874aa33664d6f7f0cb5b43a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
11d471335bdb90d149ed7068f755f651

SHA1
044fbaf978dc7a81df49a135f5e0dba0021242c2

SHA256
c367c08637f65bc68c02cc10b43c9c0e883fcc8dd5f14ecca47fdcac6d4f0752

SHA512
fa6c3512bf3e0bc67892565bc53b60bfea83edd3e99751fc7619e02a367f3aba6370bc78ecf7bc01c37f258530cace9063dde05293a421f5857727f5fb0be69c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4bd078af690ac68814f79c0f6de61fa1

SHA1
caf4536811e7d13f3a1733e3d60f0c491379abbe

SHA256
b2083078f5a7aca7427822d1b290ae738cc1c378a75a51ad3226961fc37f65c3

SHA512
c43d693fe216722f886a5a952ba55ee034ed20a11c12595c5d8ada72bb1e3778ba7dbcb7ba8da89fa578f577bdd308a4a51b85791a0124422edddf6e83aece68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
c05b6d32e367f9f85330f9a427648703

SHA1
1b60f11cce1940cab73b800fcdc185b13d13a630

SHA256
3991d1121429192ca0e51a751a85a956258f310645c6968292175f591b601873

SHA512
7847813e2486c4a750b04d0e1c64dae57f1377d437ef92b557b4972dd313bc1ca90bdc8d940526f41150142d016c85a6e7dcdf0f727aa5d2b3f8d9b302896601

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
2a14b38ee472c85fb4b2dde88274bfa7

SHA1
4ea8d6863180c4f94481a863bbc592c7ce3dadb7

SHA256
7c47774ff7be4594db2ef223c6389e01282049acf67d4fb9b1252cb3c99006c3

SHA512
0b19e7f5fb687d0801612bda120368fd0148826e12ace13f96fd16d303a3825f5513e5e8c511eb088bfcf360df2d9b9c2b353dfe3e3287356b38ac069d9728e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
12ce1cbb4c8f56b15f8879f8a329abf5

SHA1
271efb96e4c3ff97d41f96b88e53aeaf59e3412f

SHA256
90635da0709c97848693383aa29246400aeeb16a51d5de28b9d57615fd946289

SHA512
7932a0c3976d7f88473c4a30d539841ec940db8ae7a689166b2504f542118dc7f6ac8cb74a436eb246295f251b971e0c72209ea65f300ecaa15ca18c0bacb2b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a0fcf26f3dbd28c0cc14a1b83de460e4

SHA1
5ea79dfa43af82c15070c3ac2c4029c7aaa7d7c5

SHA256
431a874ae5db02fcab1be94734825802ba897324b86cbe389d50a3191d5deaf1

SHA512
187dd2d7197489dabf1b347a2315c6e33cea937d296c78aa2d30516d23c72fe7a2ff76ee56c0b049eb8cbb97bf13f8c86de847589138b606ce3c78c08f3bca7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
f1e93502126783a980e346fcb532065d

SHA1
0298afee385624b88375c76a00bd0b7ce23876ab

SHA256
e2f7d5e4d95ce0e2e2f8fa4f640c087dc99015f294cc680a9d5b582f7da55d28

SHA512
25dd71fef4003589105520445b57bdf2c25fce2cbe4f7f2d3519249895ead2dfba153780e698289c402bfd2345c16852ba89a42daacafb499bf8884338ceee2c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
352d80f4b0dae770776b76379c16853b

SHA1
9aad00ee369ff69176fde38b1a85292a5fd115b1

SHA256
d03d17b4105fb2ae6a106949b8db7487746370627879848995cd16251bc06762

SHA512
33ac5f3673309beb561217f1e0bfa5bcda836320f404cf285bc16794526420e2d280ea829c6274ba5da2a723fb3894f8a6aef73210dc28e139bce3216a2123b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
0f589cb7005ffae3d16d42954f66b9d5

SHA1
7c7aa7f9b24f9164a88dd1326fb10d163d6a0dae

SHA256
f5c4cadad865e4574275f71c438a9553f2f7ca42fb1d91122f241c0774ce3d3a

SHA512
dd01a522e8200342c550ff27f406712febe28399ecbb10334eecdaf2d79f506035ff93bab900ecb02b7abaac4aa7b27f3940fa2873e1f4d7556ad1f6f159b13c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
9d809be76fa4205ecbef5807ed2bc4fd

SHA1
d0663bfa3723ffd6c4a19d47e0d6dbbf6e4660f9

SHA256
35bd87aeff738191bdaab04999573d393ef8e8b1baed466f543a63397bdc8920

SHA512
22281fd9c2603e66727d5112e6ca7da489c02bda78f8189d238b6cd6c9c50d57f2593ebb54fef97a7027c0a61ccd75cf790280d13f9d99c8264eac85f473d714

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
3dd15b5d5d3041c323171a84f73cf7f1

SHA1
f59a6c4164cae799a82c1e95dc179f229dd7da97

SHA256
f74a5a0a9569bb8d867b02051b09a3b0ad241722acd3e68f7a2d3364edb058de

SHA512
01cd37ea8aee5286f4cd4d01e24c03fe0b3499081397bdd2f13836cbb43863930df041e825ce4d8943ebe0a446e11f652dda203201be90e07d2181ace98b8879

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ffcb4ca8d377dce6f53b1821975d0805

SHA1
6b60c381d981c662114f5799af862add8c2e608d

SHA256
129d1fd4116c91ca643f6f5ca28c552df406e581f331545c96730462e4fa00c4

SHA512
af1026c81298d38140269b042eaa98342d72ad940009589acc4e94dc81ba81f64b9ba60ade2d3982de3f3a1367fcc256115accafa9e9c1226675903d4af67efd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
f7b5bb49d222eea17199b1573337b73c

SHA1
3fbe5815f6e9c0389393fde1f8548282edb6754b

SHA256
b150402616e94fa48f826a9b862c57048d804be9bcf60a0b7b34d0de76be3ef1

SHA512
c9eeb7ca3d18cfc8b551cbd512ddd1ce6c02f815d00d4a30e66b57e1550568f4a93ce20b3e4aab1f21462ff8a68598b2c8c6c82055f41a00ac23dbe3e0b9cdd6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
b539126fba7838ef87bd245134cf26c5

SHA1
79c0d2b35c7140837c7788484b0920935a285a06

SHA256
51806033ee02e3d5477ce04c4d849153974e8881c3f791496481b933d67ecbf6

SHA512
514098bc4774370fa8222ccdfe2c2555e2316a21a5e305c95ed0dbe18a531cc061e56f3009528bd585c7a7d92a672dc6b827fb1a4623d8dbe9e3123e5b5309fa

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
ac154d8a3b1315e61e5905fc6fcf547d

SHA1
a50f49738881b22bf11638420bba2b73b2c2368c

SHA256
07fb57b9dd876615fed4efcd8a0f138e69c935e952b87ff2f4115125e06a88ad

SHA512
8a31afa3dc49ff3979c1c2b5b46aa56e4dd2edea918d520c4f414839e6d9bb852430de0c18962480e17b3748bcf7f2c7b0d2f593d70e33be11366fc099acfe0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

Filesize
77KB

MD5
6235c360c3f979bc2106333c49127cc5

SHA1
9a997479af16ffb62310751a9f9353c1a4ae8f45

SHA256
dc9d7635ffa83b084d10f3e1a450aa60486b55987f1957a09d9528e021ecf52e

SHA512
7b4848df5c74de0fee4222b5b0858f51fab20ff93d45bd865d1322ac43010fc9e693ffe1c29f54ae257aa6220b5b9ae75919c750042e57e18fa4cf115ece9e88

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

Filesize
47KB

MD5
5711a26e03e3035bb025c7b93664060f

SHA1
d254b8bfdd7ded06114b6ba346094310c4dfc68a

SHA256
67e9f8beae5a28760c311d5d7876e39f413a31d1bf731296d8f864996983595e

SHA512
8000a76608704a722e9d031b00d8168715ab3a216117c0ac1f2473d4679d3383b9254815f7d1dfd3818125dc2432e5fd019510b541e15e61dfc221d95754ca6a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

Filesize
63KB

MD5
13d5577968abf08158c4d6e26ea76d3e

SHA1
41f6c13cea36761331df22bb659b825ecfe4ee2d

SHA256
e54e878af86e055d282a9d3e382ce27728a0cc98fb9824f5502299bda7dd9237

SHA512
0624eb76d971e0e0a276e62b22229c0ae38126fe8a4a24c50bfaa5c77a3acbb5b12e61dbce5b13f6455e7827fc8de0659035e4a95d0fa92929513b4ece170aae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

Filesize
74KB

MD5
6baf58a2a101cd3781f537a36b2f087c

SHA1
5858b9b43c5d6d1d46ab311ac0bf2229cc01b465

SHA256
28c69b73c1874006c22307f44c795d223ec484027dedac3b4204e481968f676f

SHA512
cff403bfdd899bcb6cd47927d3d1e41ec64ce5f0bb2460dfc7d244e92e3c53429a6063b1182bbff8df3dbb143d4526bf22baa3a962703afa59f3d936987954cd

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
98b662a779ced073153d0dab9e7d32b8

SHA1
0acabaa1b70cfeb6eeafb706738d3cd148dca83c

SHA256
0ca95d1b5466fb211d0e6d65e2a213db2f738e493da9c84733abf3fb809917a7

SHA512
a28cd49cbe4fdd6e7beaf942589886d5b40b51d5f10678a034c9f15ae9443e4c811756e3612802a2bb5d11a3ea13924331597b3c87ea91cc98115a5121fe168d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a1b0126d9a12f3b0a8984e3c3e30c743

SHA1
f1e2b37eaed1bafc90dd2e5ee6e0df1f47e3d047

SHA256
7ff73af6c8a25bf0787e23a0272e82ed98e92d8f891c42c86c60c6d622f2539a

SHA512
b4db44e9eb5f9679ba46ed4c71470512520d91a319bb9ca1dfcb72c7fca425e1087c2c3a8fb1300c0f237cf509cbe5d75e1155a73d8e745cf98f4b19548ae4d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3eb34d3a25acdcf7c6f534db38b03060

SHA1
b6832c2c7a8470d2c49ddf768bfb235124d75bb6

SHA256
4dcd2d2b28b4257684248e78cb26bf3f6731322811fb79b4dff5c50c6d2e1c9b

SHA512
96aa1b92cda10f34895b7060fad606a8326534eaecb051302a73886bf9b6a7d49fc62c3117ee2b9387c26c668cf5a007b3fdc67e3e2fb9dd4f09b6f1cd75d055

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
a87b7bbf98d5a8c1fe66ed0942c7f3e8

SHA1
d1d027ebbf7d3d0d9c8965fa9d02444f9e491c16

SHA256
b5451a7b9e2ec77db8db704b80af757678faa8b2b506193ec1a0ff6fc3e8c94d

SHA512
1e6ddf31cd78a520437835429aa22c7d135782dada25c6876b07db2248c5ff342e8d5d7302d8818ff20e458e946cb977afb77728eb954515c48f1fd6da6c61cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
a9f0c635db736fc248f908d6fc31e721

SHA1
b88b5ebfa76f09bba768d2aa7508a7f6bf3ea73b

SHA256
f58d9ba1ff3c5e7576aae9f07d130a350e3a427b685b30dec234cc653f2ad98e

SHA512
4d927bcc084415b40f5763066a6ec60592ce47c31a10b5939740439a098969c69ff8b56ce25e07312d03da8df6a734ab0a7ba5bddbe588903af07fc48b281a22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
9f1ded1c62c63aaa807f37b96bee30ab

SHA1
99648281050b3fbf14f5535a687487798d872081

SHA256
a827ee7bc5b06a559c5501e1d8577700fee6990a3724a3ac2752780b4c9fdcac

SHA512
c4a0b21824f3c4a8a69a33c934adcc9bbe315ed59ab23988fe8221f866037c8a14762dd20d694824c39b5708644439037dd351d27a8324522ca76b75712d8662

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5a9a0a21bc8c4eb99000971ab1156720

SHA1
bc96e776cf1574f069652344a14fbfe37c5702fc

SHA256
b5c229ce098a7be4596fcd0872dd2cd5c365f36da89dffd65f40020db21a75d1

SHA512
ee9cb5f10f713e719d741e9303317ea63f184e11dd6d6afdd13109baf6c375e2255c7fcd8c7a27485de0d2d65b7ae6f0dc4be9ce044fba95cf8ecca8088e7135

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
8beaf3e476b815427f1e9e74b832a5cc

SHA1
2fe362683847dbc7ab44b89d1748f91741ea5fae

SHA256
06d421e3d5733d3d3a0d7a94aa96ab4c8106f19f26b58b55aac27d6ba0ac8ff8

SHA512
76781eac93b4ae22a04585c3f82bba0276b40c351821d6eea6b042c00137cf6d67116fb91d5a6deb885c6c9fb867fa334ef01fbfb8b6a33c28235289b6dde0ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
0a2e24e93635b867aa51886a3895139e

SHA1
5b88f4fb9a1c4e96684f54e52b190749ff38aca0

SHA256
fdaa4ecf243f7472205b2c629a07527b81c604009ade298c252d3d39a78ad8cb

SHA512
308297db36e337f9734e945fabe283ca41c6d0053745989d1f3065c8dca01914531c3c8812c013f17a837489bbbca2aa6b3fd8c7f77a6e9241bde974fe1255d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1efaef84b3e42d09047d56b316e7fe92

SHA1
fd2dc03b3d85a825402aa9e5eaebd4072253f0a1

SHA256
cc5664bbe5abe043f53b3406c3007874ad38cb516cd1665059a481c1ba3660a2

SHA512
31a7505c6a9fbb3e5bb2804be5f4204323218f058fa8ecafae9ad8b52c34b6c69a0a09b80333908741dd170fc481a26dc9affb97f66d1f443d60bed9c35666e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
40c09a67b6dce8bb51a0cf425944a35b

SHA1
08771fa66f51cb873eb98af7e16443cf1d8205f3

SHA256
93ccbbc5e3c94181349cf8d27bd029ec2bb5349a21d609f111abb8ec93cb7e7f

SHA512
9141ac091491cde1bb17042df70cb65293699407f350e2e606a4e62fa5b134e1a474454b4e9c0acc524df8d48e288444ed66ec3d5e00db32e6fefec481ea6e71

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
242d080458a50ed8693bbbb28570eef9

SHA1
f660fe7cd8b34725b3f6d27a7aabb0bffdf97399

SHA256
90c8f0b1001777500860f9d116a68b1c7f7380e1e65ebe0a89ec2cfe0464c44c

SHA512
34140c392ba8c2c93f750678ec001687995f0b70267dda5ba75e99b56148fb9144418631846249b91f533638444f8cc738a2d1fa8e0a7febe862ce2a08c5cd29

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
958f67b53dda20abfef1a1040ca472e2

SHA1
b4adff05b07ee5595a6374641e4438d524f56bb8

SHA256
2832b71b78b5e1efb99d7ffe2669d1b5ad68866464b3467847c13b103b8eb408

SHA512
0fddd03afb51197930a841b3f74c476bb9ac3efb33507850ec526c03f9aea55a4e7529ad3b80c9e36483912e916887c461a8e87a801d7453a0241077e55d272a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
025ca584b2a7d41d2c4a81f9d1bd45d7

SHA1
5aa0df95effefb618e2534b26ebb117c3d56bcf9

SHA256
8361286cee9486321a28e9c9a0248f915c4f07540edb7ed374d9f098376bc556

SHA512
5b42944b9ca42452479efbf4ac9f5ff3abbf3b7448a1184e7f5637e40880867cafd235a4da33274243d4291a764400ed3d2dd4c5395b5773cac21d581a4d8cfb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
0a37f1e89840e7909f42451cd84219f9

SHA1
cce144e5b66fa07bc5d4d9d0055cdf453af48591

SHA256
5ec228f7e333777c7db15baf1c96e3c32950305d08d5fef8a1aee91682c53449

SHA512
87abf1ce356ad6e29716eac9104589f7404f9c1d3e40969438be14ecca9b0dbe4cdfe43d12c0853e8cefed53d6dd0d50a0e0db9126c4387b37c3dd9ce0142669

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
f84dc35d23103f200b7a329b5bc3d48e

SHA1
db5725c94742c6060d17b253aa04bee83c90d1e7

SHA256
8a585507d19b4338f2b7adca3cb665f1e00a899c27e5b1e1ddb1b6d4b1e1536e

SHA512
a7aa21060d5758b3f0e3430a0084d512568ed207128ffd2cfa25d224f6b8b548e16d8796e1e611876dbd0963171994460204a32b1cc7a09607f88bb16c6c9cfa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
d908b26931c2de5aa527638aaf859e4c

SHA1
1f0b523c5f721c8bf23c731764694839b5bd1f83

SHA256
f1410a948ac984335f4e693d37b6411a958fa182abf73eb262cfbbef5e7f7555

SHA512
400d6d05993174cfcceaf4efdb1c0f2f2040cd11ba54bcf05e3358d6147f1c1698e98d51a9641e9877fd3e41d76c9bad5eb10ac1ab6eaee82a73d37129a93ed9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
b954ec81ca0cb0b7496a779381bc5dea

SHA1
0aaa4512716dfdeb903b97d99f8f813737e7f581

SHA256
68c2a79c333352432133b96a41d036427639f5cd7895ce52661268945ba03045

SHA512
6687a4d68c757c86be4fe0b4bfd3774061a3dbb065022024c6377c6aa3bd4791de7b7a544a8f6025b76c5dfd529e9bc7ddac428343faf22f245904b1454e1e74

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2ab075be554c0d2fe1d2d761ff6ca894

SHA1
e171728d7dde750356b51970d074f57bdf25a2a7

SHA256
52ffad81b552847a001712a180500d0fa0c705761619784273b13e227c15a6e6

SHA512
4ca12936de35b2cf0cc2b9444a08174d5da04f19385677eea35031173a60527ca01e913d3d3d3f08f0cb94278d846cd5924a6744131f0f6a256d509d33b4037e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
76b5a6a8ad1fde890f38fb18723e1360

SHA1
14f01d369d7e12da200eb17f9393d50a37610bc7

SHA256
a967f62034b69e234cf2a2f3653ea7c2aa1fe1172e66b00fef279e5195dc4997

SHA512
14e5ae87289b12bc6c655b44b7b452221b0e7f280da1f0d5a397b5e328ad8da8d5e703f4785dc2b3c27f9e872a02c31539bf9c390a9db9026baead3ef3119a90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
275c7fbbcf8a1c3bc38c1cb9587aca7f

SHA1
f591970bb70b2b94d29e30ad613986a977b09907

SHA256
5b4cab00eb49b5b5643c9c9e7c38261aa08d232aae8c7fb6d9ce09aefdceefb5

SHA512
6e8436e7a714f8a34da82ab62168408daf8fdf61e66f7be2fb33faed07463793ab7baab9e37ac0af685d24a0c4be069fb463b37b12975107898e3e34ff637c56

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
1c48ada56bb0b949a64e85f12d587ab1

SHA1
0419263ff835058632cd39cc48e2469b96a91833

SHA256
96d99bd31e6c4c26ccfe71db7c76503418ba0ee47d595b63b74131691057007e

SHA512
ad2019ddabad397ef8a994ea1ea1fb76b39cfaf0f8a4944cd581071a7871ac7890348044f33a88fa64f62cafaebb30895c3f865575e4bae301191e41b4c19751

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
4daa3cccb9692cebcdbd71cdc5120bbe

SHA1
441c46957351888bf74576f338334dbe8e6bc152

SHA256
2a54805a3911175a88cd34ee494a6082c4e2a53c930a22adcb4638610db75dcc

SHA512
b9c2d8cf8b1e0686673d78cadb969c5d53a4f46e6d57c88b06d1767df978bb85b71c7c0cd4d503fbd1c728da40fbc62bd843825db00c677b2343d9f3ae52ece5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
8debad8d6119fe30f77ff14f6578ebc4

SHA1
c0806739714e3760b8565c4dcc1e3caf0b2df400

SHA256
8e86ea362a68926735bc5d3174289b0f2cdae541927f7f2ead525b41f10ca376

SHA512
d8294fc7d848a71af94b29d4aca9b6f3ed6224ade3bc9be73b06de3bbded395547de79fab1e752f90011a7be741a0037f4e38e833d0813eb8ff592c0a95112dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ebc325097037180c07e8d7559504ec47

SHA1
05012199f71aff718e4ed4cd847f46d84d8a6e72

SHA256
58708abfda5e941efd9aa3d8a3bc0fbf86106340006ee5b5d96b967577cf0fef

SHA512
c6830ec88f7b2e2b5bf50b7889f2663dd06d373d6cc916cf36e3eac35caae02f6c999540a693b31d69d6f1b5f917ef7972a96d53ea77900e5b8a539473ad31f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
2d4a8d76ea63434fe71685de81513b0d

SHA1
6860212d6e89462aed69039de8b3c95378f6c80e

SHA256
dc55d918e2bbbf636bbc4f1e0f34923762f7a511eabcb6057c3fb744b3120e87

SHA512
2f423a91e49de9b72f6acd2ac575896db85f391cc12a5942cd3b3dc45ff1c9947deae8901b6a93bd154e07b3010c109322020bef547e67fe23286baea3deab93

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
a53272f5b5e03215590b703972c8d5ef

SHA1
08bcb7216524d110e885556a1ba1e3f24060a00c

SHA256
b5c65aebcab620f813589e283960122ac439eac4b2b88897793ce35f15b11ba9

SHA512
29b1ad397b60300392b9fb08b5780137d5b1a7d6f60622ae1d1413f6dcd18ab032da561bcfb443f17f2446bc85505c394d0a52bfef77ae69a8db136783a79023

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
77f021e591e3552199d38f68adcb9f56

SHA1
35127d5d3348c0643d69ac6952807bfa5bff8af8

SHA256
bdb15928c25dbca08bead905270bb3dbaa49da1070ce17ba523e2e8770375c9d

SHA512
82c15878a125f4f4bbd9739f33a9ec1a20aa47c2d80caa3a419cc63cd9b0ea6ec8345ba7524d1e055f30d47b0e6a0478cf8de300f4fe8ce2d86b080151c41c12

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
ab93c0cf76ed8794afa9d51106e20d46

SHA1
ee5f55c2c75dff4e60b7cfc77be905890ed7e1fd

SHA256
8ca92dec1b7178c351fe709ec1a43facff0b746dffd6d6f77d2c94909e6bcb28

SHA512
4684ac85b80c84997abd3a1937a9378de72e1efa64cebc6adbc1eabeb12f20f0b1e427e092504e6a09308ee74cf6b9c6872faaa1ae7009f9bc782345b3130d42

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
b73e252b1c5ccaca6323deb99c85f829

SHA1
207aebc3cd5d1932a4562a7f8eec0018371cf377

SHA256
9093a012be7a90b6dc91672f7ddd5174bba93da8991f0764d329065e277c01a8

SHA512
e7fd8451abd9c1f6eabc52832fba9aa962fb6c89d326b58a66a41ca536867c6b78e856e49de1b6bad299cb27a451e07c8421cd56fd46597e8b8a582ea33024bc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
88df8d0f0b44a625f60dbf5c79cb8b9d

SHA1
57c09c069f471f3e1d76411ce6286b1919410aa5

SHA256
0100fe8fb4a5cfac801ab56ee1946d9d3bc5fbf6c8ffdb31df08508d4b359366

SHA512
1c65dfbccab674ebd6dfc6f8dd4d99435f41dc8cb00fafa02de6792378e9ebd94b4dee595474a881190895e38b5ec25c5ae6c4dc58570bbf0edaa2c3e9038556

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
0c4eebbb34177cbd7f77a88a9a72b717

SHA1
6f7afd445aa3ee40d10df495010ee2527da95bf5

SHA256
050cc03b62b820baf827a2e21645a320c55e1a487e97fbe707438995edfdb9c8

SHA512
552f6b856795d1fc17368381cfb9676392b9d00a3598edb279ee742b39966c77d4c791f15973fcd8bf14a4db14ab49f02c338ff0618c09db1765bbdb0a88d019

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
4ff9829da2eb2af443f7751d93b102f2

SHA1
97811262e3203fb9cbff103b8d473b94d2e099ce

SHA256
80e1feaa8c86d8b3edfdc09a3139fe6c74024934af3c43d26d1a8e5c43c6d204

SHA512
3354d7cfc17eca5912745c9cb67cd476e4302d92369e75b8f07811b7dc08108f68f37b99f054cc9777af2f302cdf2536a7acfc85f172eca19138aaae87fd7651

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
95b499902e310f689969f9f4770498d1

SHA1
1fb53de34b4ce1b4e7eca6bd465c8c46b4e7fa94

SHA256
e5eea3fac6ef6a4d844c95ec3db5afc367fd8c10bfb382d59b739b6582936082

SHA512
619a05699fc1ae4a6aadcf44ef381c97b40492091ea0216df9abf8930f53d7b0d61a73e082331fe68d6d543f1ef987a44204560469c6d5af243992cbb2c1493d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
c44fbc131d8debe5148683b194686bf7

SHA1
f19dd0e9704210ba52f6f30fda48385a9ee59daf

SHA256
f90c8941ad3c742aa1fafc8ca2441e6e8862e5f8ce558bf45c9cab428efbd415

SHA512
99c0035a64f5144c6e2793c097570683944737b75be036a70a4b15d09fd3471c5a16bffd3ae3e51b01d7d1612b4013a3b4c5dac2f6cbace54894089c555e70a1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
3740fd90cc521c86b70b6259d1a08a7c

SHA1
4241d31ef32afd23efad384a6cb16f27c7646f49

SHA256
7894c8abaab7251b3a05e38895f561562df219555f5307bcfa767c653db9ed11

SHA512
582c024da7d34066ab9f3c321cec028bf86cdd9364b0e9a8daeac325568be2b9e78809639195d5c45b5909ede7a88663a12380b14ee36b83c5bc064e3f7b5884

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
2edc34dda5d59ddfeeada9bc8a08278a

SHA1
2528591c000a7232867f18a43b3159c4a2a5fa6e

SHA256
4db2f16b5f5ef91f56fee48618c05a2a577a0bada7375e03420ed1890dd9c167

SHA512
020e6d362210fc5d02d56a710571938eacc2e2d5fa834910a5f10cbc4b5f494bf264661e311dd95dba7c3bf756069e992f362a68a8aec01c06d335aa76887009

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
95fe4ce8fb5f1c78f81e409c4be40a93

SHA1
339051b0033ac3c57f3c88c4c6f536b603a43ca6

SHA256
196cc3e145935e11ab885c313c49e4a1c01c8ce3ac6a6fe0ddfa68e62d1f6457

SHA512
ec9bbc27138a109180cb4f683d964ad1f645969c95ed92a82ef0e24c37197b87e96fabb86371025afd41ec6633468fda1047e0aaf12ba11256cf45b9fba7741c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
83281a45b960a16b809fcdcae875ff1b

SHA1
b057439ac7ba88698d87de1bfb56cde5d7b2d9ea

SHA256
ea8186185c5a4026bfe596776c9dae9645543c5cfec6c5a32243f1b22b410180

SHA512
ba88a1234e58821eaf60e03968e7ea7d3f5e1c2e1c94cca4a5d2c83e7f5e6da3fcf6b93c9490358c06d9e42f21a8f3383a7b7fbd0307b2f471fd8cb08afa37cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
725ccb8bacf204fc69b0d64080e87b5c

SHA1
feb0cee790d6655e0f62dd3e38a675981dd3f48b

SHA256
b0f092f54f4bed7a1a1eee71a5e5aa318977fbbdcea916555b6e41a6ebee4618

SHA512
61a303dbc1472e1f208f0a7657434f8e01ee7039018a7e762689b8ee598c1a8d1a63f43354a32727f3b98aa74a508fe06409d3c07f9e5126c9050ca036f03c51

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
0caca2f1ba0ebc611c55967504f1b4ed

SHA1
195d20557e485ffc263760a7fe82394154fe7e43

SHA256
127ceba7b31ad71db922a9a1ba258b37cb1b26c81f8f26cf69c0097009b00756

SHA512
9b1ac70844bf22ab6741701da53d79b6ebf370e990c3e2ec46a7e35c2a146322fe8da44cb7ce5a7ef500cac8857a7be3b43ac2177da8b78b0abd5a9cdcbb164a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
300449118cbff6b3120615029be104a4

SHA1
33f33a6d00c0dbbc5a546e041840819d0b1f43a4

SHA256
4b936a8486d46b4840f0bca1f3b026c82ae36fc0ab152995360629b5cd3fa35c

SHA512
b08b892352cdda458ecf81a694eeaf0feb1cc6ea8f3d5cf999b31878bf76e22ccd1111a88d65dab81a7d8547b36a078d08969f76963f8c9255b356eed4947e38

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
b8d395f1d996a6632bcb945d64743bb3

SHA1
cc2b8be14606767082cbb621c7b1c3d9aa534593

SHA256
32c0ce931d2d66cd66d89b40897529ab328cc4ce0a4074d0565e6490748f920a

SHA512
0c393a4fec614915906ca484392bf6cbb90193a51d255d6d3690a3aa663ccf4873798c7acc1baf1d32df22b3cb9c285c4cbfbc6da8c6d345bbe63f02e1200f6c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
607815773595a168cc7df066e4efec7f

SHA1
aee6ac695492b2d3370cc8aad9fe27ba392ea00e

SHA256
6c75ec48c9ce874bb724b26902c0ff49c59076ac31550459fec2ba2b4f854ba4

SHA512
4c9415fe6970f6f14f7f813ff195e70b7a258aa6b8e48468c2b678c20e8bdbb73c74aa85ab3074642f0a7fee0266fe7eea00354b6994f90692d6a82af715a103

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
18d921f530efedb7b619a6f52d355b62

SHA1
488ec2d7f8dce4282479fc91fe5184a0e4917367

SHA256
6d78ef71e6416a512a1d697baa801506df36fb63aa938b01c3f81eadacef8f96

SHA512
ae26fa0a42cf5105943e759516f880e2ea75a02e61697a7e5b6c735007396b89996fa21a9f6b3a9500c8d8697543e6138406e2751d40da58657cc21b305a79b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2ccb9b4695baf73d1e90ae3135f8ecaf

SHA1
c130c9dbd2feeb52436fdad2d100443f682a72e1

SHA256
5fe0e7b3b2bf8d7fec543c7f08767f7b39d322baee0bdef1e076db344736b5f1

SHA512
9a7e658f397ec1f2f8507fa087c547e95fb7def8ea762bcc2e85de8df6589cdb6724b0008c1ba9321e009690ae66596cdceed08ddf8d05922e258fd1035c4fea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
47576701e6424eaa5e0b0f8804469b1c

SHA1
82636b6fa3069b6dccefd9e2ed1c531a7d238e6f

SHA256
90151cba2e4bdb9efa463874873f0ffbcc96e3c9bfd11dcf4c74331cec4c9a84

SHA512
0e35e8218ab1efb71fee4ae152061ddc4be706dc7bba81a7e0ef4db31b43f82e2203b9e0550c5d05005c8b6999e62c5f42b58d2c62f1579d04d7369f7b395948

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c15398c4b70a427068da363b240f066e

SHA1
a3514ec69ec173fbef9677f6a9ed4e523157db4c

SHA256
8eb5683f6f02891ae488420944a2a2bb0611c4387a4dec7ba91361239b33645f

SHA512
aa54e90f28a7ef44b5bad2cfa318c902a437d7b686d10751cc6b366cb6d44afeb0bfaee6d9cd845435b2b9b39254d34a2030cc655819fc4bc8edcced0371e7bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
2d1aa3e1848cdbe727debd0fc2b29cbe

SHA1
9af437583f11dec9766ce6421d5774feb26d9963

SHA256
36eca58dbcd5834e2a9470482b0d23bb0a9f20b2accc70aadd3a5b70699947c1

SHA512
122eec2d835c0874aa0314cd681310794b6d9538ebe758cbff06ca1491c4ecc424ebf3cd9de7f1483c32c43511bd6c6c3e5af04cdc1692f557bf55d3d509699b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
d870dbcffbb75d75937cd4a3a5ca114e

SHA1
358e83b79f7cf31ef842e06d7b60beaca0f617e7

SHA256
763ca27fdc8dcdab73a4f81040b0a74fbd8d17b3242309fb745b33518f0e8e58

SHA512
2643d297256495a9ea19e5f9c895bf5fb4230bc9fe3dab4b3663aebd24971b7c3867f0e5dda6bd19d01d01e46292962516a1f9a9c559b4143803e240ff196ed2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
29bfd53030087b4c072ccabfbcec75ff

SHA1
38f50e67f488cc588fd4a7b0e5ea295b96d21345

SHA256
274f637cb0fc91632175eef0723e01839cc6247607ea63caad4c9c2be53c655c

SHA512
5c3fc5c419ef30da6b967fa829a79b9959841664c0d0e2cc0f9b20636fca25efe78ecbf60ce73aadcbdda80c401c995e432dab433e8a8ba8975d3fb138ae1792

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
fd2505daa09b4484469709774bf89834

SHA1
e457daea8dfea5e4f79e94d7b406686f17db83aa

SHA256
08ce54d87ffb8a89424bbaade4608eb73cba489f1de05b9d5e528ef25ec04b66

SHA512
8ae9be19faff7833e86aafa3f7024f3de7b29df6ec7664d87cc379a7fea190d85a193efb952f6fa6331939a221d1a48d19750be7439c610e899a45608b58578c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
9f55b384e1134debc42d014b25d10041

SHA1
56f1471b1fbd0cccf974e0b4542f98f068e227f6

SHA256
f0b69d3e6ab9ab3ccca63b1353da442bdaba26841f2ebe356fc339a5183a37d0

SHA512
7befaa35d38a6bb650b04747139354680a51bb4473f1a873b4023c2681e5f9a5e01ca514b973e8da8c554062cbad3573c8713c473bc53c8dc0490ba1d8534740

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
2aa0b0cd1862924ed6f7066c8f6fbbd9

SHA1
095ed1be35c1ba2afbb7347f7ee903a3acec1ad2

SHA256
fc3d4e470b5868c6deb5cabdb4e1af04e0d56debc64d6bf1a4b1ca59fcfeafae

SHA512
84d66c8c5c017a417878f81bf183661813eb05cfafb902ebf879f7d214ddaec2ef35be9e16d947121cc468e05c0f1dd900aab9c2e8ca84c13572ff3f342be54e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
7d41d899a515f415a9a3336e3dd22c06

SHA1
4b395ea7125a3d5dbf241680d4f8bf49dcca8b63

SHA256
718579ccc2626f5f72c53fb2fffa42e874d746a05f32eb37d200e1553f18e59d

SHA512
ff097bdfe73a0d289008eec2045450f0aafb835ef383cfbfd5b784f83239298e7ab0a98fa5343c362283b2f75005d5655d790e2b2054a772451590e87894d732

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
fcf902d08eac858237c6da0e28a01415

SHA1
7e5ab6c5bdbc13626b430736d92f017c2c57db62

SHA256
93fe25f357b51bf3d21ca7687e0d677ebe6b5b5e19c7af3b808201bbf6efcbd5

SHA512
fe98a3ddd3afa89354850795301233e6b88e93f08d616f6dd97f3d230de38c4c81cfda33151b3008083cbb441798a7760dd5aca808c01737f637529eec94c8f4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e3d1bc584f9074d3d21bf34e98a6f057

SHA1
74792789fca03e8d2a3479ae9bc8a93e6df244bd

SHA256
93b981ff55bc24206bd901457dcc91b97b8e48fa60a69d3488158d650e7b0084

SHA512
5736a75fe4b6414d4907684417424e2e05ea182b3ac179453bc959eec689f6a9addd8ef2fca1c8081e5cd85a42643c94dec8c4acfd9b62cb11ea486080611349

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
cd1596b0077e9256fcc48793559639b4

SHA1
9980304694c110e1d6017c807312a21deb1fe8f4

SHA256
7225556e8ede3046456a7f9e7c24a189f06e2b5002ed961e2f684eb1f16773ed

SHA512
e452b617b5a2ed9d4387c874b3f51a084935bc35ffc0c488b3d6d8e90e6c8e28b9eb7ce979193da855f27b68b478ee470b12efdaa39dece5dcd4a63d13bdf630

Download Submit
memory/2800-6422-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-11051-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-10915-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-6423-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-11354-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-11359-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2800-11360-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download