xorist | c3b21e584f86ff98fff789b49f119ba6fcf87af37be854223c5acb4113495e9c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Size

7KB
MD5

43178924a9eedd5baeac4d682c74ec78
SHA1

b0cf35d419ad0f142b04c2b13676411b06ba8479
SHA256

c3b21e584f86ff98fff789b49f119ba6fcf87af37be854223c5acb4113495e9c
SHA512

266c37160fa2bc61e0861323cbefddeeeb52dd96deae61aa0d6e1a5e4a6d14f557837e1d5119eac424204781df4db44dfc8d864aeeff21d6df16a994f95353a9
SSDEEP

96:Vi0Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExI+2ndkTLIQi97OXZMB:Zzdrr1FG1WDCgmjPZI2Tlg7kZMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5076-7048-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-7045-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-10916-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-11301-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-11342-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-11347-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5076-11348-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe"	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smrvolume.inf_amd64_1d430c5b72323a1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_20c8782372e47bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_c20a3bb7ac1cd207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmwhql0.inf_amd64_db80a6e1be3a2d08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_printer.inf_amd64_cfb2c47c5677c442\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbdevice.inf_amd64_815550fc328ea85b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/5076-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-7048-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-7045-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-10916-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-11301-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-11342-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-11347-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5076-11348-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-24.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_field_grabber.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256_altform-unplated.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\firstrun\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-200.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FileAttachmentPlaceholder.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-125.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-unplated_contrast-black.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\IsoRight.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-125.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\loc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20_contrast-white.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xee27.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview2x.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\affDescription.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyCalendarSearch.scale-200.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-125.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_contrast-black.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16_altform-unplated.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-64.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-125.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\CompleteCheckmark2x.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-400.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-100.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\download-btn.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-150.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_CarReservation_Light.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-100.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ttiledata.resources_31bf3856ad364e35_10.0.19041.1_it-it_3f8ad2bf9f6c2a45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.appv.appv..mconsumer.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6870a3280c410d43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..japanese-latin-main_31bf3856ad364e35_10.0.19041.1_none_418af1b5c4601fdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..icesframework-msutb_31bf3856ad364e35_10.0.19041.546_none_5208df964ea81a12\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\gradient_onWhite.gif	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_33d8c3da77d0026d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_it-it_a201011661a1f192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\InstallUtil.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_10.0.19041.1266_none_153dc4c3b9f13a6f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dpapisrv-dll_31bf3856ad364e35_10.0.19041.746_none_f1ad94671ab1be11\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c1127067f8dffd7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_08319c8c3c0ade72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-internal-ga..forcefeedback-winrt_31bf3856ad364e35_10.0.19041.746_none_dcff8bd89d366f80\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_10.0.19041.1023_none_de5ed5195002877f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\IME\IMEJP\help\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_10.0.19041.1_es-es_cfb95f380956fb44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\YourPhoneCallingToast.scale-125_contrast-white.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netrtwlane.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_924ece1dcc33e25b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_it-it_e2c9e7528c4c9aae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\serviceworker.html	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..model-tilemigration_31bf3856ad364e35_10.0.19041.1288_none_f5c70e1effc3c18f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1_none_dc058eb644f1f90b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-heif-image-codec_31bf3856ad364e35_10.0.19041.1_none_85c05aa70604277e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-useractivitybroker_31bf3856ad364e35_10.0.19041.746_none_9e0350f16bcb47b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.19041.1_none_639e78e5edb8f409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\ScreenClipping\Assets\LockScreenLogo.scale-200.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..nt-provider-activex_31bf3856ad364e35_10.0.19041.746_none_4926a58270d1f048\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.1_none_248d91ddf4389abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..erservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_0283fdb2fc89179a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ivebackup.resources_31bf3856ad364e35_10.0.19041.1_es-es_e223063fc3f04471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\ReachFramework.Resources\3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\dnserror.html	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkux-broker_31bf3856ad364e35_10.0.19041.746_none_1855b189aa8eb172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanim_31bf3856ad364e35_10.0.19041.1023_none_c83dd8e4f085dd16\FirstLogonAnim.html	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..utilities.resources_31bf3856ad364e35_11.0.19041.1_it-it_4b83deb3c8af5bb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-desktopactivitybroker_31bf3856ad364e35_10.0.19041.1202_none_4c851fc6f75443e7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.scale-150.png	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_es-es_f287c4684874aa25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.19041.84_none_dc38e61c21c1b710\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..tnet-mua-hostserver_31bf3856ad364e35_10.0.19041.746_none_aee92417063babbe\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b2843c3ed7e2c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.Cred\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_wsdapi_31bf3856ad364e35_10.0.19041.746_none_a70181f1e086a6dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_presentationbuildtasks.resources_31bf3856ad364e35_10.0.19041.1_it-it_2eaab097040c32d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design.Resources\3.5.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1_none_f4907776ca64ee01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..agerdesktopprovider_31bf3856ad364e35_10.0.19041.746_none_1ae2e5bd00736b2e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_27111a1746188153\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1266_none_12ea08a0c4f345b0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..es-smartcards-winrt_31bf3856ad364e35_10.0.19041.264_none_1dbdf14fd553aaff\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-unlock_31bf3856ad364e35_10.0.19041.746_none_428efbd28b482d1c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-themecpl_31bf3856ad364e35_10.0.19041.423_none_df2de3fb99974588\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-modernexecserver_31bf3856ad364e35_10.0.19041.1151_none_490b927641fc9837\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_82bd035d72e5b69b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-xbox..component.resources_31bf3856ad364e35_10.0.19041.1_de-de_2b55b3517f207cc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-computer-name-ui_31bf3856ad364e35_10.0.19041.610_none_f66f88cf81a04c1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-media-streaming-dll_31bf3856ad364e35_10.0.19041.264_none_36a6a4c39a43e30f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.yap	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.yap\ = "EKFBOVDFXZWGXKI"	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\DefaultIcon	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe,0"	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open\command	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\ = "CRYPTED!"	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EKFBOVDFXZWGXKI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fTqCFLk0Xrax5iE.exe"	43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\43178924a9eedd5baeac4d682c74ec78_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
e135162c94bce92a55466c1630cc99e9

SHA1
4ed3e727e1602398f97b6b932261c8e0ac3a59fa

SHA256
4e6f56dcd8dafcd6914a5ea99cbc91b85379c1ce616bf70c6b138238c1983129

SHA512
5566cc9ff6b6f534c2b6fd63af222ca3d4ebaaeebbd1a51891844e830a2f04e49211a11c1f87ff928af21f664083cf14c4e94091f599126104512bca71c2501c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
f4fb6e96d49d3d98c3af2470b9ef8e3a

SHA1
8cd53403b6344c878e19ba4358de0b5d179f693a

SHA256
8717ea182b100dac910919e61a92f44879522625a2f9e8ac01535f533840e9bd

SHA512
9baa90ba13aeb84b787e96054bf3b47316183340136fcaa1e6b2be370a36da594aa706c1e7df7674478c64431fa08b7927b95316b96fcfca0ce8fe4c68b803ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
4674ae7eec753b9450fda4a126508186

SHA1
bb55ac01c598b730a5f7a152b9122b4c0e6ee7d3

SHA256
9967ff28816f93e9fa745369695c46b49fe84cdf7abeaa28058bfd46f418648e

SHA512
3e4db37a95d27cd17da0d10e523d68fbdcfe0d0ec826056da204737b0ddec230828eb43f1a5c7494a8986288b7ec49a454fc37d261025aba0b02ece9b90a9abe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
1cee8c8edf79d11ed2f143df1be88e89

SHA1
46451cbe7d5a9a0f44ef7889920ccd18e396ad3d

SHA256
7d1f3c460ec7ce7bae65651746230050c6bd4446c18f53034da096b8554a4292

SHA512
5a39c3f7c8a47dfe79cd266c66754686bcd935d94093e167ee1152945e514c20513984db6239ef300e4f21ecdec78d36620954914ef4d85a0c5d62d79f0ea5b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
6cdf879e114e0acb1cb9aa7d7b1a3e95

SHA1
522b1544ff9550a37131296d271638471e4c1f76

SHA256
42bfdf1da1ca22b00e93067fdd5b78404e309fbe8d05f8db1ba356af72e53394

SHA512
edb2d445bf86885ba24274bdc19e99c7897aa18a2e944b96e6dc6e61afaed6ed20751b31eab7f4c655fbcfb32043245713afd040ea54af1b619d5ecdadf5eb8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
8bf11b021ae2f1b00a39cc3a299464e2

SHA1
4ac061fef1ad5bd32922f5ecf6c262e0c067a528

SHA256
a8299351c44e392aba819bdf82f8e6c1d7977568766f54cacbceb76308426a80

SHA512
233ad64f33128f97fa54ea611a57fe5cfb6bddef85eb80858ee918cdad98a3dbc59ed4e88fe9274b307bf5a28d227d279420e214f178c5ecbe1f4750d2800f01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
12bb622081abf15d9ea607006ae20901

SHA1
1cf800645395785359a35867f9b607c6859ca12c

SHA256
584657f928f501a975115b3db9785beb81c67219d767be62b7f59d8fdd8b7a80

SHA512
18b23e679e3fe086318d99410c8c6c0f9ce77ed9df1a212257fd38b154ed2e11ba3cf22250055cef75349f7175b63c695ba6803e7a90f8909300a325315385e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
8c8331b0c33b11d4e16ebe63e6895a29

SHA1
ef60336a23e2e304f9b8eb81f1c10f47bebbe718

SHA256
b13a8522adbb1935117debb5587fe49dd216ee0eb232185bf69c747b0fcb4176

SHA512
98117f90352cbbb003dae8507594b410e902ba6baeaa309a36e0c85fe33393c9eea772fd53c0e61430d5174049858d28b520334cc70519b88501b48918777004

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
d0cccffdb37dd3ed350cf9fad0e1cfb3

SHA1
2e70455c4789e100c26e455beb3c8fa31da657a4

SHA256
c1eeba45257c0d2eb51d41b3903c47256c2e54000de5c74c4d0ac1f625abea79

SHA512
df6dac960d1a66570103c71a0ee28494fd9b59daeb0f640cf99347fc39579354dfa69dc8359c54008c5cd4582353b7d198a73ff86f12f30dce0a46010c5e09bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
0bba135c5b6db553d52fb56164b5fcd6

SHA1
6515904f8ac70da65e0859e3e29deaae7460d113

SHA256
fc72556fed7041a24fe89eebc002a2b107b0f366d9535caaea254868c0c32d06

SHA512
625168939477c0890f49b776c5e9210556fec63db7f0e1334db1290155b8007291ca0c93dfaee890d174e2ced9bf4631cc16dba5db724dd831108e95f468af39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
8fe2ad98d9e77a90b494799c55710422

SHA1
fe17816c4c8ef7760f6a092d5a4a86963366a253

SHA256
d23abf5f9645a1888bfcebaedf1dfd77aadb24a25824ba815a222f641f905b69

SHA512
ad6b196d4250d0357e0e4344b0d4431b0937c6c5cf303dd26ede6641840a523aca26dfd8aff536460f08c38c46c67a3f6a03e937d0348e2db762501b8f6a9519

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
cde28aa7108b8e05ed15297538929a98

SHA1
b223aa79c443fa95a312114c03cebf71f776edc6

SHA256
c14666f21467ef3415abb12d9db8020127008989373d0be93ef7f39c95eff18c

SHA512
bae5c939ffcd5ffd14922762a3b8be57ab679f3b62d5074672c0acc65ffb6b34f71e4a0826c22b63bc747a32d9610de4e692d8a1342839b85aaf8965cebd0b3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ff1ac7f9d21ea948ea024bfb3a68f056

SHA1
003cb53f1eda27e5a7c7c28f20d6573beccce252

SHA256
6d36ba1172124b6e8a5632af8af4489b520b6373ae933165041b9a42eff37ee7

SHA512
965ea1649a730df4187ad738c834f502786ca7886ebe6115939b59432b8208b920c43c40c3c54a68451d1ba6e6258cf797ef01aefe44017aa345745819a5dc52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
a1e6c2c36eeac0f7eebbc78698eac8d1

SHA1
7319360849b14b8457bf169599b676115ee1cf40

SHA256
804f090a542cb77bf4c6c9ab2694e78c3b03c0005cca76a8cb66effafd00fa00

SHA512
44ba4592a0c7a210656bb57d8447fdce07fbad6a0a2f81d6d45a034b0c9510bbe3acbcb0c4179c20adf1772460861ab7917874be5e77e760aafc77ff590d58f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
65d55ca9d536538b4faf5e030ba81110

SHA1
09b8ce7369f23916c56078d6376284b6e0b3e1e9

SHA256
c576092f8bff4f9f7f5e53633468f9625ec2285b07c235e61b40482383b2e4d3

SHA512
0ae2fb9b5e5ad16949466c81e8f26e3932758d94e765a1caded09c190a19d881e7f9d4d47ed7b5c292d8b54b2d988d649b0233438d1149d8c62bdf661cffe7ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
9ca72843de5a4c5ed245d742a454dd75

SHA1
7a5188988e5c67fce19196ff6ad9e5743e1919c0

SHA256
c4f6f99b7ff546259524abce64bdc5979adaf98716a5ddd7fe0835db437bc18f

SHA512
ade340e2ba255ad97a6cd369c6224b5931e96a6649d063814ad03538c8d6523a57a8f89144e4e435b115e514809fcfcaa656b476bffab72721d648f5aa9cdb04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
fd1e14970fc5e8769ed1138e82088268

SHA1
a3cf1a73f19fc9e0e81bc2423c924184d0cefc6e

SHA256
40a8179fd0925b83bd7413ac70e9f33e89418f63b8ab033e742c42d81624d659

SHA512
793417177b1dcc6f0a652eddc453fc108c204f13291666f286e823da404d35202e552631f1bb073eae2099e02e680ce005d03dad158708d863ff8dfde977dca0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
449db639d8b6f3b6cf217bba74631490

SHA1
6ad602c4253cd0857bdb77750ac8b21a8878465a

SHA256
e628c0d7cb58b2f8370396b542376a621245e46bef8cc22f60d6918c0574e3ba

SHA512
8528b636bec93c13f73f1eb2fbd881eb8e75c79389967a79a71bf852ce65985399148fc7e69617f064c004bb2d804c9e4d6d2fde3f28e85f401c81236fdc724c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
5aad35f873f9171a8e4681ba1082bcad

SHA1
7447c3e886cd3fc827c3d99c3143f6c738f99a88

SHA256
6461c0201a8e7c052e79209a024e4048c454c23482d8fd0328937841e7563936

SHA512
e4162bb4a138770391492ad3b5a54a3e3ce22258c941f11e2a16e4da7d9a13de79f44787e677f3ded5847b875eebec6ac30ec2ace24d5d643463b45978708243

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8166c1f43d5042a9966386a5e31cdcc2

SHA1
b7fe1b8eeb1d2fbc2f6f48c420da24001341e071

SHA256
310df2367bea237f3b2ff2eac6df53937f102911ef5e40c0887ab4fa5270b926

SHA512
774b54227367351e09f704d857479313491293671247c2b96d8de65ec5cfcc92e1e714cadc625d5172cf0c719342417ac836d62203c07de9aa0b7583f4e40616

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
6dc8c58764277b1ed284fab46255bad6

SHA1
8db1dd38007f802870c4cb4f713bed9787727609

SHA256
990be9f5e91227d97570c8ba67aba4f90b974bab6bffc5f2e75bbadb6a67e7df

SHA512
b8b29559a781dcca58d5cbad4c26a6626b0f5560d06e110cf3cc242c214502e15690b15d020ae9d8499a84bf602cd9e7654162e051b53694586e321095802ce5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
0514a1a39341e1315aa06fc51db82b3d

SHA1
d01f9892d1a826c924371e28159b3e8a6cd115a4

SHA256
c27611d7887762e46a1de9bd3b5b87bc7e3efccc06ee883c889228ac335c0578

SHA512
7cd7b2c5c397a5991466783eb25bf3b35677a0a548bbccd9c428af63539babab847d7651c399849d8aced4c6a05db5632ab72ca5758802cb192beb45076ab09b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
f376e710fe1a72eae122fc5db8e506b8

SHA1
14b51d1d1eb7b106541063f82b29b00623ea08f0

SHA256
e575bae242915558317ab3b8b05c5c415cdcab74423fa997acb73be568e569f7

SHA512
ec9774baf3b257902f1462333bade6090dd2ca54b69494f8c0ce6f6efa150d8cffb25b3edd216701ce6d44ee941a08fb970d898d557a31dc48fb93904af8d06b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
206d463eb47cc58116459281448d86f0

SHA1
be703efd7b1012d2b8476428a268da0c0fb6a4a0

SHA256
d25589ad5fe472610405087fa8f60b0968d899275d3632655f6015f1c491c679

SHA512
b303d3633e424b6e8bdf22c2a179a871475addcdc6f3da31e0aa1861252fea5740187dff90187d9499b02c10e67941ba511872a142b74c0a5c8df9e8ebeb3a9a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
b1a43437975a1356e95a5ebcc4cf51ce

SHA1
9b43b3d279b1d7f08326c293b2e2740efce3880f

SHA256
851c6d8765dbad347af3c108ce01abef1d6c926023bbd9973f93f5adff74c00e

SHA512
5fc71fb17e0efb5a4c7897167e6e8b9dd4ffbef149c3e818dbf3969f169c56e427c1818d39f3303aebf159e2524da2bb4375be5fa9e0e61b0df5edd6f5e7d15e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
b85f9b6b995468c6dcd275daa1dea2b5

SHA1
5c21e357a82a60ba1417d3b68765b91f68bd376a

SHA256
521ed7ec4eac7379bbcd42fa65afafb3eacf36927712e9ece6122904d92c3597

SHA512
2022f0cfc2abd03183ee3aba64b999ddc1f7bdcabd3a4a333a9b5ff5200393965f7e9fdef55838387b9a8142211d21d5f680efea09579d17a5fad7d4d8dca28e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
9e97bfc67c9b8e19447861c794bbf3e3

SHA1
6db0437fd4a4745af7b10fa009943110f0163928

SHA256
8e20ac319b0fc5d41493566415e9bb71aa9286489e3fe8966a7eff007e80e72c

SHA512
621cd6844a0d4d9b05a791adea8bd485ced110b46fdde4cbbed287263bf6510812d8b2bd9bea45214e2da597f8edea06accc617f3ca8ae360c3cb5e79ec0a240

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
3ff2c630320604f19225a5b0142fbc89

SHA1
147fd7d6a91c7366c2b727a48c58b976b980b99a

SHA256
6efbc20d0ae5f5604993dee201bb37bb9bbd874ff15ebac646c4e9b1a9d20680

SHA512
8a46739d8af2216e0315700ece814b34fa4b25fae5f77e31aeecf4b8cc222898b4cb8d2737f8d0dfbdbe66b5382cc8488b61f9a7b2381d7fc4778592a72fca29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
d1dbf2b6aae65a66282f241cf6623281

SHA1
97e89ea6a938b23a56bfb62cda53c91ce007d747

SHA256
968ce82ececfcb396368d0bdb0fd50996765f375ec0e041c096191a0c72082b1

SHA512
a7cc3ddd7dec1a262a22c21a4087efaf6bff748ee233448ed354bbff55c5ea057afe6332dfc19bd0bc21c8a542b11d40a8a956bdf4409be8f6db18cfa16eda6d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
63237251412a7d7036ab71b24c9d4f8e

SHA1
e448f71ffc140886f514f2fc074cc506950b6ab0

SHA256
1ec7c7cb3fc08e399367883253789f3e5676882571c4f0fbccebed848d7c9c58

SHA512
9c0ac73375e172754d4ff051f10a1c1076884d30592cdc0ffe6f2ad1d519bc067b144f419fa1b9f50bc4e1a0f54dd6c734aec1aeeaf1015e5388781ecf3f3d6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
54f89d58861262ab46d0767ac97dba47

SHA1
a70050e589c93331210f6513b89dc94720e00253

SHA256
20d1aadd64859cde90b47cc23a7500fa808391dd6fc864e4bec26a07448141ad

SHA512
6263d2452d95687fa1b55ca2ac0c4980c82bfd35209572ffae41cec451fdeac8823d3d4ce9734abad9b3e66d592b43e714067f4ae8313d1aa1dcdd161f4b2e43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4d8c7f2ae417925d9867dfe65851a3de

SHA1
720a2832a9ccb91af5ce85036b8cb685401e7db6

SHA256
db23d974fc17baa5bf46f3bc51ce127ca498a8f46fc2bac6035a66f2408ca581

SHA512
2a9648025b71853e7af7890cc891a5368967710ad1d320d429107e29950c38d55dfcc6a9b7f9ef9cf08d84cd8bc4bc5436c00baf6898d648d47031a2d7e9f37f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
2e26270fe20ac1cbc73b760168f26bc7

SHA1
089b6eb058524a1c0a6eaf013f5fe4da3b699ff8

SHA256
a1ba05a15f408abb5baff8fa0cbce8ffcc8a9af449fc0d54ee62ecf07bf1e0fc

SHA512
2856565c5d8490bbe51337952278ecd07b21860f20e2884f67e7fbce1ea26d00fdce2e03e3da1793326891a531e77ebbe7724404ce41753cd58d66d2702db9be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b79ebf70e0182a2b2a78c6f365c94a26

SHA1
8d634ed120a82c63c86e1301645f08ceb9effa32

SHA256
db0eb3a20a9b4e411202f316306852b525fbc03a451b309ed649749c03d20cc6

SHA512
5d82f24d13f6e384126bce94589c810d96fa5065a824470572fbc8d20ab6c96ab3cc6959eb0c89c7b63fa318681f6b5c1b15fc129a6e93945a02b68eb2bd92d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
36d2bf7edccff6b406c3e41e4faf8ba4

SHA1
86c2771d3e8c9ac2129ade237efefc3e879a67e1

SHA256
c88746b02a6eed5a88380225c5b5675509efce0187465155cef87d43d7226c86

SHA512
cb05d8d22c7058d9a4abcf6fe2637c58e743990ff16608a23cec1cd3e03ac135576c2cb92a697b0c1a75e6cc6b784ce3d9d08ce0d9d0ba6ec0ad9202e403de14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
1c542aa802f94c258ff658914f19ddc3

SHA1
e2ab90ca18eb2e0eec305441ffcedd5393b0038e

SHA256
8dbebc360448143c7d21975a8b78a1c2d66d7e2f7f02345ad9dd76bfd9a178ac

SHA512
2fc6d390fff58469034ca39519ca8a0dabb32bdbffb0280249dc563a44b52fc6eaaa47cffdbc2af60936cdb9956febd3905a1cce2325050f2addf7d1f8537858

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
315d77ca1234ee7fc87f5c292233dc0f

SHA1
334b7d8a06968349edbefc298f319193cfaafbf1

SHA256
dc656fa963eb2d2ca43727717dab1a91c848816d5cc16b1737f5d8eb261e9a0e

SHA512
24d2dc06da3f781020c460af72b414574aaf0686ab1699d883df8dc3b931c758a46b06f1199206d96eb865bba3add3427aa8e24c3fa44bf411d2a0743803a6a0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
1423d2259755117028efdfc83edf0bca

SHA1
db35b9ff1f8f3a8ba7490a236211ebdc9260a567

SHA256
dfe3a694e75c1311e2d66a2b2302e59dea303fbe2ca626dece381e3681ff831a

SHA512
523ef15a876a47b8124752622ca2f55c17e6b1e8a4819c38fb108a98c59dc281640ab4b4fe0af97366f779ae1847b8da61475625ccc95862a13a6fcb9b32c30f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
274B

MD5
571bb4177764f11f766b6afa4bd8c2e4

SHA1
0a5fa41c8b31b7d19f7be76785bf0548b02b9300

SHA256
c52186e0dffe609654f6628d592cba8889a7f10d493226eb2ba21f655b5b4409

SHA512
bc7b9e17bd8839637ca981943afdb68a8cb811d840f9846f80da299b61f3aa265bde16f668df98579bf7f252e91a9b647448691b34355b5a092f60a6399a943f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
bb40dbc826bb33f6483a0af5e83ca83e

SHA1
a14c8d0211fbc80a6bc39be9c3eb589f95c39bc7

SHA256
2da006da66b890629807c337442ca119173578a490e5dae1f82d07c3358b1ae0

SHA512
347867ac408a3d7094fcb1c8ef85ddeac64dde101db2fe276a25de62ce0af04827efb94212dbc35330453dd09e47da586716ea488ac5db534de3eefa9bb6e646

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
9cc1d99916eef6cf6f849b4a937c6627

SHA1
55ea35ed5b0ab12758490f4078ea77cdbfd3af63

SHA256
d0fad853c6a093f5f37a20de79bceb77afe23b94ae44f58579662751b866431c

SHA512
e96ad9e3978726a4ca852d29daf9fe645e7a821e69da02f6cae98495969d85f26ecbc3074a56c655f95906259448ee188b5f4a4e5137e7c952fc2e6464ac1535

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
61412092d6f2534e6c66dd4c8b8c7afe

SHA1
5a8d91921477206327da621387116a72712b177b

SHA256
c7c62ee550872e674fa7bee473bef2aa5b28767b07134d1eb27fa7914536d3e3

SHA512
4ff71bb2e6afb638522b38a9a6d45aa9312110d6eb9abbb554b7ccf3147cbc3ceebd0188d220b0866bc31f7d362a6067f4f51344e81a4f3afdd6462fe23cf2c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
7a779db15d25dcf08061ca48667e73a1

SHA1
09597d79a0f7e0f3860fd23537071fa20381f19e

SHA256
251b8b3bdd7be69836ab557ff290ef30753b9bd46729096bfe2dbeba54498ed8

SHA512
442076eb009904a5e1cf98b177a4d3241b674e21441127897cb9b6d51893918ddca8111dc90b0309e292de9a5867767510d3a8f4e4a7a120c9f54beb69d7f094

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
97c4ce948cd490b962943d189704d917

SHA1
c091921939ff2b6833b4fda0c57118ebf03e5c08

SHA256
6d10cd676e7551ee0907329f98c7d27cf8aa0dbf65cdae721377fffb62165de6

SHA512
db0e3e256c00f5b063780063348835b347c5e95458509aa7fc614dcb5595d4f8a034814d4be5e29ce0ded3514d1bf9041f9c2423630bf24d11f8b772d1f596f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
be2f04fa8ea356f220608e829b7a9c1d

SHA1
c9914e809ba9c707381d7dde2861665c7e9ecdeb

SHA256
d34b23e6fc4ae8762230b16f13edffdaa8ce7873df3f4534593dd8f00d6b94d6

SHA512
caafaebc0d590d4c7e290675bec3ba0fe21bbef1c713d6bbe5acdaf47573704208966596a3e5febfe42047cdf93e94d8abe8600b87c7c0d0c5de28b007a49bd4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
752892d4ea69562a512fe0f2a4372543

SHA1
faf1500eb19bba878464f8c354e96e4d831500f8

SHA256
303274a66244776d3019dbcea7bcefa3c07e0a0e2da98b557078e7130ac9cfa6

SHA512
5bf3adbbe1d8356fa9adc3709bdc2e0e17bbbcb73ad0f7b157b5234f853890a9005a4f8afa2b7e165a53b4436508620a0744c37e9c3cfb393489b3e854574044

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
6a0f326ed7044091f753d5036b97945b

SHA1
d30abbce650dbad3afbe5a28a7e0f3eb54c7b935

SHA256
b6cf3845627846c09ddcfc55e361993d81c77a681f760374794eacbcec0c5a90

SHA512
02c27d51867e91c1da872ae0aafeec8846020757c3fca2cc344a2f5b30de36c3049d71bc5ded49a188a1d9683328036c487f52475dfdf60f7d18c27030352fdb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ef048357d62daee48c4b55ce1f39a53c

SHA1
913b953b3cbd12d6c0519f748bd6f7e252a3993d

SHA256
4fcf68c53a906d9d46933a9ab9fcdfaea9920a61ece9019807c3a4a03ea37a40

SHA512
d37de412fe33acd6d84de91b56772aef563860009fed8e5527171cc8e38d50290331955b72a75a23ac76d2a22f4aef30c647cbe50e60e7ad35539f2266d7c065

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
e0aec3305778b100a6de8ffdccac6a1b

SHA1
d966659a3fdb35598c383b78c8efea1b290298b8

SHA256
febaf995911adfe4a31a9dbf1f365e165369848e80bb1d68eec6ca265f213f2d

SHA512
feb9317c2fe8351dbc53cb7672c4e7a6344c9c2cb1da4db15b41930e7b827344781ceb7d2c8385b22408c6bd8a7f654eee86a3a1ecaaacacc25e80287c7f03dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
929af489cc3747a3c69b24837fd54674

SHA1
ce2f663c4c41249de1b06af66668976ffd668003

SHA256
2a709493d0c2cd37f8342e632d8e99978acae85584274a805d22797cdf5cf794

SHA512
07d2c05a7e020162349a858d6d00c8a160e5e18bfd3b6cef3f1a6cafa73507a663785e10bd33e04ae1da5e02ed22c1788731fde126f6a06fe0bd32149229d454

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
6b92025e52b059ae2fbf939911808085

SHA1
8790a40bde0f428d54b6dc0e49ae2df41a95fc07

SHA256
800c42cd20f53699cc603d3308f3a3ed4a9ec00f1bbd0e20e3304956d3779e9c

SHA512
92d751405297eb96087bfd081efae27a2c3ea5a695b25daee255fcb3dee55129185a9673687e19581f6228656617851580e9e3449a40ed6e4df67c582d28c67f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f77933200a6cea5226d704d287b864d1

SHA1
bd16187cec2c171e10f378be0110eac1f18511ee

SHA256
949d64324be3966f1744c68c31e0a48f1d444e1fa8528560a30b95e9f94cbb08

SHA512
fda2ed6a23e1291269dc872248bd7eabbfbf7e7f7ade3c9978c97df887921271a682fb5431321be53fc6fd9629499aaf8c5c0cddeaaa26bb08f953cfc2795eb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
c7f6a2d7d78b6b69582f8945ffbe629a

SHA1
057b72f4b50f0120df2a1f3928ce8ef2d58ec12e

SHA256
62b06532487128a850485f0045538ed474e3e770f86fa5c47fa091c9e26ccc8c

SHA512
27bab6f44e56971b10052a898e2e05238b599945f51305e036d90feb6af93c608b1e7be351d80905424567b3c29a3ccfb4103d555a67ed5f4fb930a675d12c3f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
a770c841603d03346f1bd44a8b603eaa

SHA1
c6351baf6d4169779aee89381d15fc8cfd56169f

SHA256
cf8be874cfcb21d4e8fe3426c4bf0c5faba080a98a5ca31c29e78f1e849d16a2

SHA512
7d8e8bbac3b315ac4e70fa930565a085cea9927618fff8b5ada07225d019a1b47639ef2e4d67fc9566085cae1c86cbb0d6bffcd38bcf2510b7bf915b387796ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
4cd78550a7a90c86bc5cd387eec09a08

SHA1
f59a3f4f098521cf385a1cd911e50ad4f20a0f7b

SHA256
38c3e4551c800069189dacbe3585aeedc9f9dd46da37c5d17d5ac45ab1a03bba

SHA512
bea48ec17b9d2371de705872f7f05ec9f53cd436ef5f058435ec275c96b70790ecab7488b0aaecb8a84d95914b908025f16558be633c50cdf620516c1e5e929d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
66dfe570f3439752c7c5470a662478ab

SHA1
67590b5afe94661db2a506ed264f9be2f2602aae

SHA256
c3cb503ef9c5b62d8d750dbafbb224b6ae7a4644b5b78dc33214bb6b011f18f1

SHA512
8a9628ce37b3865e609f2feb6d599cf846a07a7fe85c98f59588740372760f90c4e9ff68e6db273650715dcac95c6f1d897725f93722ba5b595e4deb3a328d05

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
59515100943075f2572ee3839bb6380e

SHA1
516ec6d24398b6a6777242f33503b70cb55a98b2

SHA256
d69a17af10964ef7f6872b8ed443e7dfc903b1d3b0e4a59eed7ccdd222ff79a6

SHA512
2bfd44d8ad8927bb1c06e5efa5c210c9738ded748353d74b1b888819407bd85d67e4b7893287efb5af3b19f9a5240b05b05f7fb740775d2f26ec5ca4d5e867b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
968eb89112c88110b9051df16a828053

SHA1
5f700f616ff29a7e44d5de26e739738cd11d215d

SHA256
ad63793d42130af2ebaaa25a83542f606c0aad3f3db76599be3c3c306cbdf875

SHA512
abb43c287303f2a5f9fcdcd9777e998a8df4fb92aa05cae3624fc8a5543ca8f23886fe9a8b0f17cb9e3048a53b82dfd1f7cc640683d4588127219f6748d8feed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
64e42956526a584a8d120e741dce17d0

SHA1
796ba955360c6257fb5f3820477c61cafcc9a65f

SHA256
fdb8400eb28a5c6ea1268a22da42bce46d3260981887e5c26a79a06a09cd69d9

SHA512
b366779488d70bb2e81bd5ac0574cb25c6a43cafc418a9d365279a43073d6123c8a911d270a4529fac9564dfc2c004a43d099cb9eed023724c2f44bc1a96a6ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
2a81bb91dd47db93d0a79c9eb272f940

SHA1
bd4d0d34a8b02c0cb70c98502aba4475535af324

SHA256
208c05390c9d9c0db7430293457808b6793847979c4ac4f5334a9ffdb144f1e2

SHA512
22dbf544c11981aa97547b4edf19da2f4fc3bc9ef4dd882514245f3456d7e8b47cacf953c933fed557c0e814bfbc9d31fae5d0b3e537ab8b435a4af6b90ad603

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
cd5cd6786910990777c32975ebb1f60e

SHA1
c0732b4168db404c3b7eee3ff1cc94a060c59a2a

SHA256
c990e9c7c4b5383d7b8dddc4f3bb2c3a255bc40fa47484275a15e7724e0b0594

SHA512
dc6c6f712ccdb6db0a192a82c49a0d2f7f120ae8ac794c3d069a0b1d55e0734579eea361cc29779dc120398d946897b33e4391706e65683f8b4fdcecbe56fa73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
10e64a1abfde3b2b57e25878f39a2ae0

SHA1
5a481885dd6048ed1a753882ad13a6c2947c7578

SHA256
887bdad2cfaebdae97cf9158270b35119c4018243a5e7e1572e19d7ea0513f48

SHA512
508fc9d652e3ef41d6bc5645070e3a3664f9883d065d219e172b8abe2f5828fe0e544dfd3e9fa17abba7e635557276301d4042e60a82590a6d4b62cb5043df7f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9ca17f4632932e5ea5c0031dfc9676a0

SHA1
ca55bb12aabce4cb690b76fb96ebc8deb2cfcf9a

SHA256
ebc6d217970629f20223a16815608898983e41e1545457d417e969a3cc76d7bc

SHA512
82884fc1f7cd082b3405c2d7fccd9f683df29175346b28101686ce998cdc3c5e8acdfd16316e414af35cf2ff7628b8ff848358c5063dcc5e15c3816dc1236f06

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
98c96a18a668af61c61c95f9b0febc23

SHA1
8b83d0952de2a687662afe64b77a88ab50dd20e6

SHA256
13f380cc0b2532d66b91362d9654396a3615387d0b022e2b5c472428e04e17e9

SHA512
d2d605dbd96181d7ce9ddd2bdfd61351f61a9f43e4a438ecbaf6a20d5e718d03d305454d255747a95dfa09124795a194941e8810a1c42a8ad5d0037e62fbf725

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
c0ee679905b4575f68cedb8df98d7fbc

SHA1
223313915d681477dee86ad79f7e339b3243d1c8

SHA256
f3dca302f218fa627a2ca12e04b7e5150a4d89a1321635b1e56ddfa6e4967815

SHA512
1e815c5cd58308efdb857ffe14d4ab0c35187fb5efadaea88e853d5994bd69c774b22defb3217f808d097243f8105ca6ec18920af7add93db6fad75a0f947f5f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
cb5beabcee33bb55f73e23e00d3abb8b

SHA1
fbd9f1d568688a5fabccf564035fc1d36becc45e

SHA256
c5844bd5efcfdc4b7b00dfa2b80d24c88e2c8b822d2fdd432eccb1385e18d317

SHA512
fc8d9bd5b0133902d7022a9ddd549ef2fd0b2e40ba889c213ea9ba4c78d0a23281c2880df91abb7631ae7ebaa572d7406089efff1967e57ad85a19b2bebb7434

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8bcf41fa05bab06a4281bc8cd719ec14

SHA1
b2c6e09362b386bd5688ad7dd8149148042f215c

SHA256
7363a828542fcde6bed4caf2fbc0dc32fc7899e3e201e19cbb74d8150a337cfc

SHA512
94386a4699c504de0cbde90cf3fe2675eed28c317dda6d92a686f1a54d1cba01910fe377008cd01f3a5afd8cbf4080db348f5f8a4fba2c09ea7e22908a0acb8f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
57a62b1f9659bdbebabfdd6fdcd30c36

SHA1
e1e95fa1c17be99436ddf70ac261e366e8a8123f

SHA256
b4b3ff911c2d8a708d148d4bf4ac8877799b5b651e9994f651d0fe2a194c1818

SHA512
d68be890dfb12493b99fdb681cebc5d8fc5699d9c4616a4f9e77ec56d393c98548a9eb5ed9552b5a8028a02c28d3b1f92a19d533f9ddc4f425c77e8c77870b10

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
4f76d0d01245a4414b717c6ff357c333

SHA1
a0713b55cf7c1cf4005dbb2fcb5de9db4427b03e

SHA256
df499f7e02180fcd18874532aca138ab52de4f1b45903394f397ff42b67fdb57

SHA512
ba4c922fc60edef711848eddae212f1c06d97447676214a6b07a03260c68022bd41fcea850b3167ffcd0f07295fb22d289c7db49af4092bd67023ab60777645f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
c1a76c755a0ea1dd1b3a0b72a2be9992

SHA1
e0891aecd69c91be04b71a936adc61e8c612351b

SHA256
9f7876af5df59259b2969feb33dc48f4d2c274b60555aeb29aea9022f5eb814b

SHA512
274996ba7d07b0ebfe8a2fb51ae83db97865cf17431d22d3a7bb5e088b809516d8a111c6547fbddd7d62c32a6fd69007f3472f6f33b4d20c0f34270409d5ef7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
5a267514142c329dcf2bfd31ca6a7e26

SHA1
195b3f56fdec887b4a385a6534ee3060307cb10c

SHA256
aec24b22dafada07a1221039d350c1d4c1e327244c0344a3f4d0ddb170e2b679

SHA512
64e2262ce769076bc5fb89b66e8c17767828bfabba2480b8884e071e14216545276f252afd5a2347c9af2ce70c4d7568553198951b85a1a2008d1876466346ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
f1264edbc02e3d241c16fc9e587cdc70

SHA1
970b1c3244c9b1b8188ab44ba13a7538480057f1

SHA256
8b28239b2aa0fd6431ce757468822ef8ea8cb33b5bebdaf8fd31887f5e747833

SHA512
256e92601ce12b61936fc1dbbb6381708ef5c1d4a9c5387be93e67551ed4203eb93bf43132029ee540ac33eb059994ab87303555b8c169172696a52953263162

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
6ec321fe94c5dac671180c16513c1ba3

SHA1
9ff546f686156b3c75c693804344b0faa035cf6c

SHA256
ce76bcc6c98d0dbd78afa4c424cbcb661c5dac0986b62b02b46a75462c6b991f

SHA512
09466669dd856e905e1775cf68ae8e44f53f05ad5271406c271f737c8fac878a85edcda86bd2720f16f79465d3a6d217ea9b1152730a33eb63f0a593726404ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8e8acd4fa0467f07072544e5ef63cd55

SHA1
6280dff6469a2194624ececd13abd70597cec639

SHA256
cad2fad93a9d7524c1d96d222516f453fff183de8fca1435c5407fe4f52450bd

SHA512
0bf1caf096e85bfb2bffa7dda983d6a83cd6239b670bcbc03c75ee84b9551c14b4dae5ba47b5442b86b8573b09a136f42b605d8e3317928954a803a0aeabfb06

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b6c48a8aa5d81f4dbc5eb3a7d2dba26a

SHA1
1321d0cd92ea7ec129d22b0c48d69fe724d65076

SHA256
9c7575ec8b7a47742f3531501fee1e24308464812740f527f743d7122c3ebd7b

SHA512
7207dcd7cf33966e4a931485bbf9656b31631ef04e5a2eece788ec4aaa1d8bca0f86241439b3e190b8320b8bd94dfe001b8a93a08aac97dcd7a988de740df841

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
f70674a5a65921df04b046d842202614

SHA1
827b3c64abe83164a14ce9b7334c35a28518fa5a

SHA256
fb663dc984a4e71fbc152ed05a7bb8a8ba960b8374f79b1ce50ba836a03c1dff

SHA512
3829e6eeb3c0a0b6cbcc3874deb17dfa7e32f317890d3b5755e5d96f9b79ca6d8605bd4085b559664f56d18fe7f28d9cbc74d5da73dca5eba632ec967eba6969

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
370db9f3386cb2d36b16c51120652749

SHA1
77e6946e6651df326d0806b042c59911bbaf0fab

SHA256
2d58b73c7bebec7c1aa9ec6abbbb605f94dcd78e1eb6e1c64029d83e49ea0673

SHA512
ff5bb961b601454b2600660d77d63074868ffcf85a815f05eec7991ac0ee36b9cd5166b749e3fb2f958a2c8a410112d8a35ee7c713a1c93f122baefc95d10d3a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
4a0ca887a86874870d21c96cdd38a88c

SHA1
85c16811593d882e92163cae1d2a15e970d87021

SHA256
fef7962b69e07c2efec698a11c04c5e8c1bcbb0d3eb4839e9aea7ce732934215

SHA512
451be34919549a85e114ee48180f5d55533c6c6153f0c7d376c2bbd7774d858fe3e793094905159cc963f7fb11d289533d56a4df3c811210cc44a105c7fa037b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
ce87f9ef520cd1d9cd43856ecf7cfebe

SHA1
513065596e95b862e7070545ecafdb5400b75f1d

SHA256
e5f2bc17c241db6cafa26a8a4ea1baf1df9b39f1a97410d329e9e66ba46643f7

SHA512
2c40a738505c6d8b5476ceaad6404eae1c0123aea51acbc86f100c7b16158098c5346deeb7f3a68116f3286533b44011db3af530c159326f19c9113571db6e13

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ed65cdec74febe4a68b371a057fcf949

SHA1
82f82298965ed6bcc8277562509d548b3a39c4ce

SHA256
8c8665b5f05cbfaae925aa7b324b3c9fe84affcc48b9ddc67d1247f916486064

SHA512
061e775752ffdc1738cdc3590b978f4ffa308f72976a0be9c9da707211d5b0022a97e4ce8581594d84e72120d530615206594c6f7a8c3c61aabcd3f32808b09e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
1e72d62e1b4605787a947627b771a9d6

SHA1
5fdc26c7cb6e23a5e6619a14a5a007bc6335a1c2

SHA256
4814024ae2f207a0952cf613603938ec6f4f8368e18d87a79116a2bbf65e1f15

SHA512
ea8d86f9ce853011911758c21cdf9c3b54d680e8028202ef385496871078755c78ad5bb44fff5f3a1ec0de3b4000ab817a40415d3a4972dd44a4b6e16c9ec4d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
1eb7e4875e11310a1581eb56ffdd2e3a

SHA1
236ba3e501b3c6effee66e3da66ed0fc9663dc13

SHA256
5adce76ff7ca9fc5d6b1ad067eb5c95c736a498d10c477743eb77cf8e2043b2c

SHA512
ac49fd4af4603dca92a62ff091934e9ca0392843b22b1b621f089fa066e51be127321b28f9cc2105f41716d05d06e2220b9157d9fadc385ccc580ecaee2bacc8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
2f7584c8dee6678a4d9bed33edc5ad4b

SHA1
d0b9268352c67ca3187f52002251e4d41ddcf7c3

SHA256
0edea4617506277c72aca13a75e43d8f71523de6330a343144d392bf682dbafa

SHA512
145737e2f3151b1e6e657f01bde2a0231badbb5297906f83eda31da9b2523189fc6fd7df1d53a558a249b1e45d91a47a8766cc2ca6c7f7e47b66441873e4cbf3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
0658973ce6c4f2c973c680888af0c26b

SHA1
1cdb5262fd1fc444adc66e2d3d6de1be9a474f69

SHA256
5ccb61d9e69f0157302ab1d3dc4216635d4a6db867f7c021713a177637d46809

SHA512
fe5ff9de8b69ed3f925aad98502ad3d01f5a7e09ee5440320d5d4bdc674b9264594dc6bb814e116c9de18248f6011b56290945d16fc00a58a3bd88bf3398a7d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

Filesize
77KB

MD5
d12ef40a92fdb645831d2b102ac5e946

SHA1
6969b1110174331df023dd10ddf05495474c1508

SHA256
ee07881b620d96fed856a824fcadaec354ea8bf2ffc6c3d300be23af99c7d39d

SHA512
38dfe818a494e54c854c1dcb40b8376682fc201367165bc224f57e7d22e680f43ae999ea47b76c135c6fdd0c097e5430240cbf556ea865432e5a198c279ee95e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

Filesize
47KB

MD5
90348a5609807fc4b0f62d3530ac2042

SHA1
c3acd960bd9b130407e2a38d4c6dc487ff062596

SHA256
c559f33611525d38c16d4db82335dc3ef3de1b403bee7f6a0b0d32c3677839a6

SHA512
dd583443b18f749f3327a6238a513e642fd4a5a9afcdec89c3b59db3375e8ec1857a3442b42a6576f003c0462f10ea9718b2ea0cb3fbb0eae68046e8bb204108

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

Filesize
63KB

MD5
886efc034ad3f77976fdce65f25d83b5

SHA1
c1c25736a1846c9daa825cc8e14eea92e947740d

SHA256
5d8947d6f30a60664d1860877023f72d0f7dd986416b54ca58fc26a6d66d0fbe

SHA512
ab4f94ac17d5ebe88f3cd2e88d25531963b1fc8eee241ec14fa9e27e6669886f636a23f8df669dc73a1a6153a1eab444517b513f2d14f9bb1b2e2e28fefbaa66

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

Filesize
74KB

MD5
d47089a3cc62cef7cece6488b05e6359

SHA1
fd638b3dcc03bacf4876bddf14991d9d673b6ae6

SHA256
7e42d848ee4ffef7c5677e1ed100e2f3bcbdc75aeee5271636b43a958c7c3624

SHA512
8ee902bab4d3ef1a99d06d84b84d23a658465d5a4fae842a433df78972558d702549395aac43e56a1c464ad3a43687f071985502f6faca79dd8624099c1100d0

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
ec984ae23903fca9d6bde47a8954ac1b

SHA1
cd807a1aad5e40fcbab3dc27728fbe38e1be5d37

SHA256
91cfa72298d21c7b0dfa1718963a873be69d77de00ed7f5c56ec781328ddb1ae

SHA512
03b2581af5f36c09a97c4c2645852af223c96274a209efb5ea415dfdf47ae01eda2fc822ea64977711307d075264eb629d79e5670eb3adaf3fb274fa651686c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
29fb395fc8bf22361cda2686cd6113bf

SHA1
e1e8d4bd9fadb251aa81db6128b1b201a5dec93a

SHA256
31bdc81e78492815efa6b3ca4d4c33d640c61b6df6690e056b1fd993565fcd0a

SHA512
0ea93eca3484a63f468b643b37992c01449449c4d993339f9a819586454cf42936f3bef1c805bfdc9250839fe481009f09c0f7b2ba466bd4970afeb9def8365a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
4d3afa9b195ba5dd4b35222da436d2b1

SHA1
67ea3e55390a8537cdad5b83021b1587b8756234

SHA256
1993e9e150cd56896f184169290a39169757cff6faf748461e6fa82fc369fcb5

SHA512
02bdc84d7cef5bc3c94dfcae4ff07da2860d647298a81dc000c5a0c7f403b28fa8927f25c88b5017a77a032b570f11787db5b132afa269b8c702293d774b8624

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4c1cd070b9bf6a7ac36e60a907391a26

SHA1
85ca6d65a083828f94c27327b8994ce7c6b11ae7

SHA256
0b4bb3dc857263c89e3fd9405ed53b173a86abbf9cc5a1c83ccbd59182d384f9

SHA512
8c69b2561773c3e0af8754b6051db2aaa993ecacbe0494eacc15cf7a03d4d9d2ebf00362e1f40fab68d94deebfd84999b433f8114e28f71ec31622136237f224

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
199dcae3eb1ae770ff70cf6ddc2c8c30

SHA1
5e06a4723e1035ff27c6eb88a198dcaeac1456b3

SHA256
c4d68a41e552fffea6a4540f9ecc2472c4a51641a18bdc2bdd344436f7a0859b

SHA512
b7e0431e57c1c3c6a0eeb811b4bb07fbf1c842934ed6afdc21bbf16e485a6e7030179deb412acf74dce4cba2f214254290c45d01f6f666ff42a9d12e30829d2b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
ff06a0ac61ee0e0a9b57e1968e4d0c11

SHA1
ec9673e483d3363a83dde93633460185e1522990

SHA256
b724a3ea61d6b34ccf68c6c031efdfd6a58101e20e1a301995147d4823d7a9ab

SHA512
b00258046ad455e4bcfd0c542190797a36893bbee562df7bb988737b6e62c32adf75788c385a3d72c90872958ed50b86973ba3a1e62b8a14a665480a3642f97d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ab4dd1182e1798773f356298f99b174b

SHA1
44197d4799bad33dfd6a18fe109dce34bd68a1e3

SHA256
868379d15f735aecaeb005466c9840aec00d646bee0c847bc64d2c62d1dcfe2d

SHA512
4845e0375d97d4066d79cf4cc8aaa8924019f58e81c9f4fd7c69166d4b0d90fad390a917845306c889814eb93e735752e7341b7842340838c9f0c9bd620dd180

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
215cd4a26638bdbe573ad89cca46b4e9

SHA1
d59bfdb4bf8c912845c75cfc6201b6a35d59161d

SHA256
fc42eb88e8b321be9c25d2ea2872958acf775a0b43dd2db812bf9560823f3067

SHA512
4393aa3547df4c962ef2aa5d208003a16bc6fdf2831f70ebc7d0769a5eab3873b67f7f93fcce18b7a75a3b95be54824606d96115a43a3205bcc1f986b004554e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6d896bae455caf726e1cdbb758906770

SHA1
5d993cbca927ecb8fcad26e8e431658d6c5bbf94

SHA256
0f370252880cb86bf301a197f6f84bcef59523621e57080b52c258e356c4bb66

SHA512
0f6392541e54f1cb49caea36ce3dbd5114da3cacc037780d1106d9067d419e8f70c8b7103705639e4ca3004186cc3190de36cd4f81d6a71714dac56fd2e6f3f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
dbda1d8fb356c39512484b5a1679f6a8

SHA1
55fef6e79bc1e8f8c746dce2b0fb686fdd8e07de

SHA256
b645bd51f7555f964a81aad73e5582743a90adb4de28963ea32c2ca17449d518

SHA512
4878bf8b1c0521d68a8af832af35a3f2bee79de722edfc6644f08fe5ec37fc0dbca93c1596fb5b09f24864c05457ae394b6ec91b923e443946052323f55fe2b1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5ec73ab25b9be64867b237bed00608c8

SHA1
218a08571aefaae1d3e5d730180e74cebf6f8e0d

SHA256
7f2fed3a9fb26afec1654ee29998922277573bc30b0a1dc9aa831d5dbe77e7f5

SHA512
81364bddeebeb5bf78f8e06db63c69d632cfaeb54f05cb6d7e8acd0a53c7826bc9fc7564708e9bcc9cbace58ba1639af6f89ea26eaf617e22241e80f12f82217

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
78706ca9b54616d5384844f21e4c8668

SHA1
a62b471b7dd589e9d747c583468a8af98f531bb2

SHA256
da069fe3c0d56780dbe9315259f5210f3ae5907db99c5d8eb24e414d9430d61e

SHA512
d660651e51dc9387392821fcd5349a1b408478cc1a02cf173ef8e17aab9e49ba83f8cd134afe2fd7bfb990f4dfdb92e466ee2a8c056ca06c93625f02ae4423d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
cce6dfca278c6a9faa000c85ff9f8e99

SHA1
8a04509f6492549314520239649fc41e25944360

SHA256
a4b761503e8497deeebbcfe0d20d0535576f6018adc3832b9f2d7587f2a89ba4

SHA512
5e8905b315b2795526634674b3fb0f21cf401ac3db92bfc83599f491376ef3b423b2496c4b5f49fc0359da14fd7f12ece327ffa6a6550aaf38b43a4973b838f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
37fea56b716c490ccb2acba27e56b947

SHA1
3dbea702177bf30365ddec0c7af96f37f0c7e57d

SHA256
b33478786600d9fb6a6832647690688a71f7bebf6586f3c13c741e9fe1ccdec9

SHA512
afa860d84dfbcc08fb39a9a1d417d2ea4b0049f3b849ee18c52b9520965a33d4c93f5383c85542af0ed5698674614a2e500168e2246eaa1ad41db241e6709c22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
d144159330d28ab5a89c926f9d62f7dc

SHA1
2ddbbee23c56055a00799e317700af5975e865d1

SHA256
de43ab250a7de2b37ee8808244947f095216bb96cdb87cd64ee4cbb01c216101

SHA512
a4ac66c475b0787c5b81954bf394e796d88e396d25fbb9db21a377242862c870b141d68394766dbdf6a9fbeaf26ab9c38f8135c87f64ca0c1e35c01858af3bed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
89e9d00515749ccd7385f1603d2eddc3

SHA1
0f69c068fd7eb682984df1ec9d8a19e45d7e5a14

SHA256
e76c0d3ba9271fa0a6c942bdd7127b699bfbd7093139d9cdfa038f5e58ac038f

SHA512
6815763a237f75009ee971054447959a21c66a4ddfd2275f2652b22400ca19d56b73800e5af4de6e49a08425fa70e0999508e6d7f0266d4b835c0b8a82e274d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
38dfc200342cd179f14240801913fcef

SHA1
be17feb3d41404ea9a31952f08450b7194db755f

SHA256
e7f1139fc8de9271e4ed8d248cd6728aea740da06f970c368064c8309c7a576c

SHA512
52e322120a3330f204beaa65a202155f3fe833b4e76bb94509b2f1002dde841101880af6d779379b0887faf748e4faad2650d6e4659b3ce6bbbe74d81feba326

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
204c84f21ad1c98f5343429567289e03

SHA1
d07a78edcdcaae19d8a4e842177f0b37264f1ca2

SHA256
35e48920a90988b0b589d8c6667551dfc6912696b5e8a118bc113336a8243119

SHA512
85743cf642b036a59cda21c54f3b537a4b18522753715211097bdef4efd94e0b5bed9e5ce62baf3bd689fa019b6f96c51d8e40dccbe9e1df51931c6c5f32eba9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d394fdd4bc0ae738d02545022ef1fa5a

SHA1
20504b611745009b931fb7579ceb7948cd845661

SHA256
505d616fc16bab66665797a9d611f355f0dd8ec485cff550223873f1a68127d2

SHA512
f6542cddad8b37b744cb847cd5e34d02802fdbd45405238c27fa2c263418d207413a8121672bd20a478e1ac8e5fef53787152ff624c94d24082659758989cb31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
c3176636f92c9b1480bfe0bc9802355f

SHA1
b64cf1c2369645be5930fb8e134a3cd87b60cf52

SHA256
f6cd58e97d5d71da8a890f8a8c7f80ba64cec67e53803ae836c8d8ad9f1140a3

SHA512
0be9345c0dedc0339e111751d9acea0478de7ce61a2cba07c11c8e13187897e5bdd920781fa3d0ab1dc69924956ae3b9602fa783d8d4c2e204e029fdd217e6ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
1ee0829326edb983494fb5a3f3bbc8fd

SHA1
c80eeb0d87afa6489a0d99b5c255c4536fdd9710

SHA256
c3dd8904248d60f49171239f9497489e8cfa3cf428430537d2a864b1a5d3053d

SHA512
f9f73b5d0164cc682af6c87d11729a7d23098f1497951f255db278c9384d7c58c413877561e84064d8102ec791d201a841187a8b752eb35f8401a8d65b41d441

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e6dba13cfd423c8f786b06020cba917a

SHA1
e78225ac623d9d9d5365c049c52a12b46e9ecd5f

SHA256
519f439ff996b28006cf9164b35e62b2bb144fc7edfeddb63025b83f7d35f6ed

SHA512
3e67c94364a8c2c7f511e16189188d8ff617ec35e89c7813d80f0c857f35cde61059634d478e2ea2fb463ce06011dd84ce909573d86178cdc63e748556a31fbb

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
4c5c4002bbd5854640d97dfc7746ce81

SHA1
e6a5aa24618ce08ed16b36cd1765cfc6d7ab36f3

SHA256
222ecb96e0b546c1be67d781f586de8c2f81dfa5fb14d4254dd8b93c5a40d2ee

SHA512
ccb254f3861b47dcaf638ad309ddb8ab2e01c6fd4c5ba26a73402d3eb750f1a851568aa9986d69f1c0335cacc8bac569b6284319d3ccdcd67c321b1f13a09482

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
f78bc63f3b5c4356e51215a5b8b6ed18

SHA1
3c1f17ba3ca2c59c4edad41e78fb53c2f468b57d

SHA256
61bda258cb481504ed91c43c97b7e86f7a6b8781c016dddd897bf14b094fb7f6

SHA512
9f7103586e6abcc424a01864d2a1f58787c14c379c636e2245d7c89fc4e8b6f5d05cbdf034187243361ce6063883c5f52956196de779b36ce5b024d168f5f0a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
75fbc4cc13b170331862f3aafd70d3fb

SHA1
c4b35a02307fac62f774a4db26315336032c0b9a

SHA256
105fe307a49bb61559eed27d7efd8f9f74b032f51c375902e47e9a89a986b94f

SHA512
3a1dc8c478fc340e45537639bb41f62b42f9ed728c286f811f0f069435548c1070fb268c01c088747535eeac525e7bfcf2e915c11ccd6f3224ad12417bae07cc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
46131de7f48128ca5295f3f41a002200

SHA1
b34ce03f9ac2ebed5dc9c30a0c4382213eff7947

SHA256
6c01340410de0e8f661ad2f783f07c6136096ce67d9fb661d166321795792638

SHA512
787450c9246d56a3d968935b146cf73789f795994826a363073fb3a36ca0184f127672a31b68d32caa58248bd61670fac389514b061a080e1c64e1e03bde728f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
563762e9929fb3f8e138d62e55dc83ea

SHA1
8152b94e1fe2af88a46d2be155a5658a3ee1592f

SHA256
e90bbfe6b70212fd6e191b621f0525865f047c055b4c4af857cfca1d3e459cf0

SHA512
ab11d7d8087900df8c0adcd62b4ef2829843240872d5b29b08cf3cd803ad24d624809b07c7a2d0f58eaf610a530c8ce5a2975a7a8687a8d9f0bb4870c0f09523

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
348c9943bafa30091ab6fc699ee81105

SHA1
99e02eace65131b749f9f88e278694ddea2b757c

SHA256
b4c88a550d288fe2f845d2b6e7bd3e3cc67e3e24a2f0fc2e9d12d732b9e6a25f

SHA512
e52f32403e82e012dddc61491409f4ecce602a5fc3fb60e666979761f67a64882ab3325ca5227299fd598ad6ddc3e658407b302279b689622b48f53ba7eccbfd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
dc89c503a62b619864516caa02727ecb

SHA1
b04b52222a0b20bdd1c5bb2f9144bc36502479f2

SHA256
cb7a3567be9cdfd1a836eea561e5918da634b90a0ef8f3ba85bea549849c93b5

SHA512
9e91c0d931a2aedc586e35e62ecda0af4a3a01f8f95bc2f39b7525370ae32c019030aa0e4914212b91772f229e21fc6059bfd3bbfe4ddfb1c3e4157f176a392b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
9a843b291f1bf662419aa53e75659a61

SHA1
f79718e2005333d3756cfbb4e25eb3ab9d562179

SHA256
48bcfbf18223ee29ba6f6fd9107f5b4439de62d2f89cd5376bfb0b1cdd0fb092

SHA512
51d929c5abc483a9f6f11972dc28b6b59350f52e9ece548634bdd54776502215c4e5f0d182d7641932c1e5de609c8daef76010e8bdae4ab71028bc3a47ef2b6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
f1ff0fe2c2a9f921e0c09887e199fef1

SHA1
e305e83f35f99bfbabfd942e7742bc359bdebb37

SHA256
20ccddda30f7eec3e59609e0635558571e4ecf11f731b6b6530012c300411ec0

SHA512
4871a1b1d6f2e6943ae05663ef07890776bc871daba7254bd8b626c10c8ae22cbb0aad70fb8ab139baedd1450db92318acca302f7b34da87e06aeecc222c2ca8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
064df402e2c0235ea9c3be809284c006

SHA1
f2b0116a4a103415d2ff948c53cbfbb7c1f67b57

SHA256
69be8b9fd18fbbd89e555933ca9f91a767eca0f865e433094a4b9c8cc3bd8f0d

SHA512
4b7fff4ca2afc6d2f502e36d22d5a80d5973592cffe00966201cb9c8d3a960a02f1d93bcea4e66d46a4e349ff246c966f4bcc5e318104bbe032d8c879960470f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
59fa807cd712df7f1c9575c5267f5deb

SHA1
e8697f53c9ab9a2d402de4d15385364e04d2e83e

SHA256
e87f73689a1164031ece3c4486df0585f1cef5e30bb62388ccad3e53622e33ea

SHA512
f8c2a465fb940d3a5ea50693d033bd5774edb0820cefc9cf9a40fa0c77cfabc097164cf16ce90595d04025c6b181b615ad7c53c91a3ac9deb03268c8c1804ce3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
1c25f225ccb417b400fabf4671c7f4e7

SHA1
9e1d998ef737bf5ab4b893ff679f18704d641898

SHA256
cbdc840a86cac06de20799d2eeb34ba2386e4e68e1cc74c98b0e612a37e3ca71

SHA512
9ca3430e0be6755ae5be8ac36d707e0c11ad3749e12ff2744eb55fb00ff61a48074393c55413da6a1a80a2e5d502078f3f55ea76ba910872ce77c8bf3fe262b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d0d54e4deff2d61c30cd435ed7106ee5

SHA1
b0916840cc08df636da5c444c5d2942e0f4c81db

SHA256
78adf4c711f94ab9edcce6886994fdd211692a8e90454bda7245a828863fdf9b

SHA512
f51f5d3e6f49441eb523f06bd38f03dec0ef24fea52fd47ffbd520e504f8e64b8216725c0bfccb8c1967eec877e079de97ef67e826e19f086da4aa1178d97c98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
77e91d049d888c04a622aed0c5ad1920

SHA1
411d1dc796be66a8b05bdf3152088d70be20df35

SHA256
8d0b130256779d42831cae8fa76785e04ccd8b86d0acd6c3cd6544c959583955

SHA512
b95e674d16d45571fa5a178a2e750723676aa13c8888180c75ecefa93a47322c100c690dd6e612462fc9da2e3cc46593cfc32aee73c27685a63151d522814173

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
8b5eb17d73b2f7bb7e5c71a21d5c1cb9

SHA1
86a29ba6d79469c385fe03da3ab9f9d5c5ec90ed

SHA256
563747f6a9f2b3afdf17f4c4de1dea96c09afb89af4dbe630eeb331abc36b7d4

SHA512
97b4e08660fbf42758e90a20306c2cb7021b797d00d66555d3fabbbdccc72c8cb8ae640abf717d35cef7a1bdcb3a115f57535856d1a61a1ae6d64a7b1c34604b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
6c4e5ce166da42d0713acafcf741d202

SHA1
2d92f090546885f4057e79a5f65f323bd9d8bfb0

SHA256
8241d484c24c93be07398e1d66a8ca48654e3f2168aff6718e8d6bac1716a259

SHA512
24e7a0ada54fa2cb7e86d13f8b694176d8154821e70d71480bcaf0720b0701a2aadedfef1ef01b18e7a64464b8b76eff2a0b8e1a665177cf849f937191aa9af2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
3a6b7613b1771b9693550e4209e25cef

SHA1
c5f67cc35dc82e76a27a94a1275d9ab91585183b

SHA256
aa387fe5d0528982701bc08e78a3bce5672352cfbfe901794b0c7eeecccd24e1

SHA512
6385bc7ce6dddc53abbda09838cee362bb4b0511540b4b3381d3c60ce43db0aec89c141fbae56a1b60fb98c7add178143737c4ba1ddc47ed0d1cd36cc47f8703

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
512db5e5a9c61b9086faba2cdfdbdb84

SHA1
eb89b290a80d542dad35c4e10dd26f1c8b3e0c83

SHA256
6f787ee37690442e4e71ba07725a004ff674e8c2fb714979368fb08221b5e616

SHA512
0fb16096dd0cd9a60a429f1b46ddbe2d953df5e49b50a55c8ff6e6add5d69a86a8a3e43019c945442a348158a0512aa9e86ed5597b0ce35ef663fc1c0be639da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
45c8d856612423ffc346d4a4fa9ad8a5

SHA1
4c791ebb90d5c84920cfb280516c597a33cd731c

SHA256
6a81c8cc26b1527b02a4c9e08bf70a54dc3db4c652055eab120a068ce3e639d1

SHA512
bbec17171aa48bceb52856e102972e7816d8df4bf2c966a6ddff8fe0cc6a0e89cf350970caa9c93ad00bfcd8c9418b8ccc163465ee9b2751ed890d7d2b9e12f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
b8afa7f16d2797b73d6d40a61cc6dd78

SHA1
635359c54cc7c9ad301027daee2d3ca17b82cb9b

SHA256
78ddf8abe201b9bfec841d3dab44864c91d6e2d9472ad3f552f62c57e77fa2dc

SHA512
ae8589bd6658c8c4fe3d869ffe0a1e6f250958bd90006d3ef3796d80b79b8e9b87dc95be2ccfff245ea40203187a53007a91a95a08eec4fc9173d6e19edff731

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
70cd5786fd51a1d9e78205036be44c52

SHA1
f49329c21e0eff4bed72a256491f72e7e6bf0b6f

SHA256
fa5d5a8948ea8883a6b2587d97b3822c96ecc0d4bf4ce49d583e437b9c97680a

SHA512
2108fea77291a1d1b9bf130a642e64fa6ea0425d5574ed3d8af6e8c9dc7233bc20b574b63892a97783a29e030ac04603d96c035db090fb088a0932ba29ccef86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c04fb78168d123522713d163c07f3ccc

SHA1
ead9f740ab092ba940e95fa6f7b76ee6024fcf98

SHA256
5dba0fe8529f2c3b233cf6f9031eb4a7ebcb8e9bd648e4d03c8fd7caa4f9b64d

SHA512
85a9b8e7d693ee040fefd535364d8f6b4e1c8e187ab03c80cebea5a77663e6d702c2b571da8a014b8826034ae589326414d88bd86865259ff6bec0fd2bbd8646

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
959f0f1e470cea56500cf8c700a8f6ad

SHA1
49e28726b0954e93991bf6dc99843163c0cec129

SHA256
99a50f5d28bc5a1622a201bc65104fab26cb64a7a969c9e34d433b3a17d3bc0d

SHA512
dd8cbdee9170251b886ac61a1766c11a7a717b1d97266c7623191dec00a16f43410039219582e4094a59b30451dda72a469a4d7137b4f4cde49323ca7f98d03a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
7d7fdc697da4327702f07ada6d46f8cb

SHA1
b4ed4abdf83d16f4f6efed9f5b1bc6205f54ac27

SHA256
5a10d011863461420b7b8e93e9515df15bc647018108d35be84667bd45694e72

SHA512
0742c9a0892c71641eb4523d433caefb6928a245e641b0ac79a08f2ad25d1645697fa49f36003282bf659853fe3ee0f23646dee693cff2706f31c83967f5d2b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
bd90aee8a57aa5308a5f8c8c49f25729

SHA1
8ac1efc2828e3c4ddcde3f1fd914e6204271c4cc

SHA256
06b24d7a47b16b10d67a461b8e434acd086399cafbe1a39b53a3369a212dbfc7

SHA512
6d7dd168626acf2a21fe591d5fe5069a10e4e372dbcb1da0c14c89d70620dc9de69540a09407c96b36fd4f6a6d55f5a9777282c07bde9c0c07ce6f45955e43e3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
2097c5b4f748fc470868d92159e42f5b

SHA1
8b803b9eaecaf094436bf557df3af77614f6684c

SHA256
1b3689f06e82bf5a624ff136034f7a943947d784f287e2698862a41c7d18316e

SHA512
6a5f9bc9a603fafdc7da429941227ff3326beeff91e26e3d8166ded747e8aa01a7699b4657c17a4a1ecc46068a687911db91b6bd6a5ef9da892589b5caceaa57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ace4b00426f71d64cea3e91092d3c6ce

SHA1
4a62eb9f853b4e8fa1251e264826ea5855634222

SHA256
f35bed6360596bbf725a65a6c857388aa23ecebe6771ec02d6ac40dfcb261e22

SHA512
4281f9a5dae1d40eec58d69a7117a0094ab3f6ffce43a4e92f675f3ada60b58208a326aa8e505dbee35d7cee2d60eca9f58d04b4f690d68491234adaad9561b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
2009c453e149c9974b8a903f7aec8629

SHA1
8ca98294511e4309c56e2925f79c02bab5080768

SHA256
ae09d0e7f5ac82a669595a24ba1f12f3785febba3d36cfdd0a66ed3d384e6fca

SHA512
f8d8f763a0eb5f49ed9c27b4565bf0daffac5c61cc113075892091692ab204fc2ac3f8f1f51a8894f1e2c2f1faf1a798857c67fdb80bddd96486245da3830b94

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
65f52c398f924ae67842619d3cbfdadd

SHA1
498eadea220df2039f34869b76088c69a464294b

SHA256
f988f5a582f8d6c36ca666bb46138f80fa01d93d8d6be65bcf0bd804df2d7bcc

SHA512
1fcc22d419c6e266a169fd04efc01dc1c6b4431acafb01e80c9871f4328c5012eb5b515d2c68884059ff39f3f7da19101913715cad21a4a03883584616a52784

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
0fab79ea734ba8394a3fd50c3afc9bda

SHA1
8424efd204f3bb31832a01fb14436ef82aa4b22f

SHA256
616e61b36a1b923168bd7cd08bc8ec2c6e94a33b87c07fc5f42141774ebd0acc

SHA512
8a943601b6fd2b22b02e1a7dcfdc615cc549960c4d5bc9a8b0b7b632c9fe47d4d8f582608bd46d620dc7eb33a4e2f37c794353454272d3e2ddc1b092f730ae55

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d0ad741ed8bb700835d2a184f6025bc1

SHA1
4a6632169fa0c1577fe01c5c6528d41515d25749

SHA256
c6c0a3a4972cc13430639a0efbf50c191c43665e18abc8b0c9e3f496b87c64ef

SHA512
93de47d5d05c383953dceb17c0a47e51e95453788cfe352858a90abcdfe63f011162b15e342687a0f479d1f62a578f1a62de58c6803ab56a218db34ae0176ab8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
ff1c6a7511a23def163e5967327d6026

SHA1
1ea8bc8c959ecd95a575f864170f794a5db79aed

SHA256
7aac1f7d67d1e57d7f93ab746372a15c1c98e19d6b0d66e190bc1e0b49b7fb14

SHA512
7cd2b6e0192c2da77670bef3ecb650a67638cdf5436d583438ab1c4374f25d04c822ff2d2b2f2a11572adc2d3d3b6934610dd974e261d852c13689cdad0e822d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
667baa98444d0bda0cad85bdfa4023ca

SHA1
520de7d781ac2ff8fda166e0e446265b9b20841d

SHA256
7fd0dc2ea9785f50ad859728e16001e45b22cec4d3322bd0f0d09cb4730e5373

SHA512
fa4c484c0dcb1e5c6fad2e7ff080832c09ea48da053d28d3b9802c66e771cbf8d73bb91dfab16eb5108441a25297e06d13a0e9ae9218cfe9e60f9c264aa13608

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
1a8c502d7f5e1f20a64d155684ba8b03

SHA1
085b1fafaac8ef92b3582874e82f851f5afb6556

SHA256
73a770e30966e64914ebce3e97adb6e74aea5748401d44af9ab040ab6a4108d6

SHA512
a6910dd871d90fe077b7fb3e8bd8e3dfff0ce34b0d431a62aae88a14afbd389ea70e564ff936128c2d2a88b4610decd4f3edfd68398ebb03519ebfa5c928a95f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
5d740e4c986357c35220ec5481740e8f

SHA1
c8e7251f1267ad54e132bfe5b8e06ae8f1885493

SHA256
08a70497760d18cfd8ec50c9073e53a8866b786ebb3923abdb4c727faaa87193

SHA512
d0ad7616ab297fb9ac3a3de79892676ef88ca1fe8e34ce14a0017983813f5c689733b72e5cd5cabcfc5887f86be4942172915848d2799c5b65d530c61c3963a0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d53e518ddcd0c5a32457e29d90bb999f

SHA1
1455646d24ca80a8b32b5bc20efaab8e2dc3bd35

SHA256
d502a6b2f8c102af702b78ddd4ffb250d209205141954b70eb38b1eaca728d37

SHA512
a45dcf860bfbaf9296c5f6a7a4cc551d8445e77219b357053b373602ce1e6220c0ed43d6e1bf4c2001227c382f609e207b67921c74f8262c4815f070187a1101

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
eb9a1801dc917512540385ab22f83f2c

SHA1
d2ae4bce9ae0fe0be1dac6a148d31dd82ebc7bcf

SHA256
be28a03c2bee5b5c11944ea367f759ac61b3a4e6f7165d1ef64c00ef17d997eb

SHA512
2dd146f4349f6f24c18106b8e255973558c694602d27e8bec745d78982e0692f615b3de20a695da719a66605e93907bad2cf0f72c9a7551a15509e59a96f1648

Download Submit
memory/5076-10916-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-7048-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-7045-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-11301-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-11342-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-11347-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5076-11348-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download