c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Size

12KB
MD5

4e061044f7012bf4b7f5059f110bf5c9
SHA1

b205d7efe6aa7cb12453b43a06821e886d1659da
SHA256

c92d64719fa71188cc8a774cfa71f5a5c4526b279b588a4668fc6be2ae2e42d8
SHA512

839c936b275d6f114871157cfcf69ef4ee93ab04f8665fc8e89abc4f399a90e09665e2add0e28fc8885ae3a437a9fd32987166ad0aea3cb512b1f72c52e2080c
SSDEEP

192:G/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMNP3ciaff:GebFNw4Pk1itKkpAjjI2YpdmNPsi

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2494) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_9af3a8a63d4cb5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\forfiles.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\msinfo32.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\UserAccountControlSettings.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_416a5877e9180787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\calc.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\instnm.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\getmac.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dllhost.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\net.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\raserver.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_a0634dcf2da1127e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\expand.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\gpscript.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\OposHost.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SettingSyncHost.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemUWPLauncher.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-white.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-64.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Eye.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-125.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\0.jpg	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-72.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-black_scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-125.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-60.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-256_altform-unplated_contrast-high.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info2x.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-36_altform-unplated.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-96.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIF	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_trending.targetsize-48.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-64_altform-unplated_contrast-black.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-250.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\LargeTile.scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_altform-unplated_contrast-black.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-150.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-250.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-125_contrast-black.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_22b6f973d931b098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_460ae5c6ee852982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.1_none_3711e18b51638445\IIS6 Manager.lnk	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_es-es_134c0fa7f8b66baf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.19041.572_none_846686e46b73c8e3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.19041.153_none_95ba73d08e5f739c\r\provtool.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_10.0.19041.1_es-es_5beafcf8651bf729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_a611e291f8627f2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.19041.1_none_c10c5c59091a9a90\fc.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-behaviors_31bf3856ad364e35_11.0.19041.746_none_68c98dc0aeb278f1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..layswitch.resources_31bf3856ad364e35_10.0.19041.1_en-us_bd44d5654a58c2c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..rver2008compat-data_31bf3856ad364e35_10.0.19041.1_none_6122514f6b984d71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.746_none_969a80cdea3f0c84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Abf69f55a#\9dc8ecabf3587fd779eed1e7c1376c22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-driververifier-tools_31bf3856ad364e35_10.0.19041.1_none_76edadec5ba257b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rs-serverdefinition_31bf3856ad364e35_10.0.19041.867_none_f0e7a54d23e04a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001040e_31bf3856ad364e35_10.0.19041.1_none_5760eb2fe75348aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\StoreLogo.scale-150.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_10.0.19041.1_none_e6e6f93e1ad2f56c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_279fd7d4b6544e4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\INF\MSDTC Bridge 4.0.0.0\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netpacer.inf_31bf3856ad364e35_10.0.19041.1_none_aeacac29a3c7d735\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_lsi_sas3i.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_00b73740116be7d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headercheckmark.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..baaupdate.resources_31bf3856ad364e35_10.0.19041.1_de-de_af6b9c4c8db08329\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_en-us_12bd4ac9b04c8731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\images\BreadcrumbScrollLeft.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\500-14.htm	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.264_none_664f9d24f5b7c755\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpf-globalmonospacecf_31bf3856ad364e35_10.0.19041.1_none_39df3b5c4f7e9aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\ding.wav	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-commonlog.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f71a10e55724c259\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Exchange.Theme-Light_Scale-200.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ation-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9ef4ae3edcd91de1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfc-semanagement_31bf3856ad364e35_10.0.19041.264_none_c2bf1068bf127845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_10.0.19041.1_it-it_fbf6f813e16b00bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..anagement.resources_31bf3856ad364e35_1.0.0.0_it-it_d4783efe993b7fe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.1202_none_00020b7d91f43625\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-72_contrast-black.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_92df2943cdf4b473\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-uxinit_31bf3856ad364e35_10.0.19041.1266_none_d21bc423a163f4aa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sctasks.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_122e26e0d9e7866d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-statemanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_41264fac60464e85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.867_none_b4e9fc09cfcbdd7c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-camera-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_04f6f642fa1019d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\DMR_120.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.configuration.install.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_c29d58cc336ae505\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.264_none_70a447772a188950\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..urces-applicability_31bf3856ad364e35_10.0.19041.508_none_12b3ef92407c0090\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-80_altform-unplated.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_it-it_26a231441adef666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_10.0.19041.1_none_de6c3c3b21885865\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.core.resources_b77a5c561934e089_4.0.15805.0_ja-jp_8dcf560ffcb1f296\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..ctivities.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dff411e6492958e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Assets\Logo.scale-100.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-32_altform-unplated_contrast-white.png	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.19041.1_none_1c5807cd8d0c767e\OptionalFeatures.exe	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_3b1d1bf9b3a5a982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-windowsuiimmersive_31bf3856ad364e35_10.0.19041.1202_none_a690000a893f966b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.1_none_85005f93f21531af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open\command	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DCCLLRDBEFTGZNR"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\ = "CRYPTED!"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\R78nHBIG4K4s32f.exe,0"	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DCCLLRDBEFTGZNR\shell\open	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4e061044f7012bf4b7f5059f110bf5c9_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
c462b406e4a284cd0b197d682fe81653

SHA1
05ea2928fc873905b15b17670c67bc33d48bc29c

SHA256
d82afb318f2a02c1b0692b79151b0d48bf7bcc647bbcde4e2808a03652904199

SHA512
c080ca5f3129dd3cbe059b68c22da1213f6b32add0119fbf825d1cd2fb277181f831c52ab22c45f10fb435a2e42b028822f9401c191f39d374837379d50512ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
96980b36f23dd5028733aa3303064931

SHA1
6ea9695902449cdddaa0d48a396881f689684b2c

SHA256
1c111378ba74496996a4cc617649a7140f24249b1dd59a6a1222633c4b3a6191

SHA512
f7a1a4108f1ebfde76a8f4e632f41c4b09b21129482e051c2c26ad37d6a3672ba7da907259f74c656967399f736beff052f03dca30b23537f2876b120190d205

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
f85fcc461d6e55a4098480df2c4214ed

SHA1
29155fcccd968b877c7890e3da7020df6599f886

SHA256
ecadd2bb2947bb616f7b6fbd42dc076eebd4f364963fb37bb4f19c57b04e4c5d

SHA512
285afdb6078e56ab1fc695dad67ccaa0100cb4d3ee8d2f6128fd6a46b00bf8fe4303bb8288a07cfbae4c53d502afafa1ec517860123181435fa3f5f5efbab3b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
970867a260db0eb314066b35fc67035d

SHA1
2c6f7e0fd147ab535b3469788e1c6e8bbbdb7a07

SHA256
5230498441ea1ce2b7141f9f504d25f9268e3bdda8f509da2566659c1ee5204a

SHA512
27e18d12b00391cc5b03568edf31520233a428704d07167d73ffb0095a69c17609ce38be9216927ec13b258c06538fa6d41bc0498a113aeb6bdc2221b3045856

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
325d5a4fc42ab11b4387028fb3cd76c9

SHA1
a314b749b5782e2852087fcdc008279d53ee0b57

SHA256
653a34c8cfce101713fdc6f21293882ba604dacb5490713e1288da19357a43fe

SHA512
e37a1aff22fd560ad33bd317ee17d8db2af06077bfd1c0dd927cd9b7339494568778b322eef3921146dd1e3eb0620f1ddb3861e80f9c5d386c6b1d973c7c376d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
e29750b4185204e7680644345430b4bb

SHA1
dfdb5f702f693d00926ad12c047a2cf048c0ab43

SHA256
6e0833a57c52681112610f442ef97918e0c7677bb5de7b8d9de45d376e7545b1

SHA512
ec49b2bca4b2c658f05c7c1d41ca99ded7300f41163eb668352627fdb7aa4a7d1fa096acfcfb9937a19cb8822e42cbdbe295599ed02e272e0efd8901f0c9099d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
234a8fcff43e435ee395c0116bef209b

SHA1
446f6784346dd2673fd44461515a179bb79a49be

SHA256
7aadd454c54ba452ee9e4747b1880d4ba9844cd19642b6fbbd3b344a0dfab6fa

SHA512
934e17537b78f83205eb8ca89e15d745b42f8c65e087955441f2b1821ded094f74cbf750b610e332f7aed8754d489ec48c93b91b50ae3ab6d0f27b8a0cf8bb23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
1f46a419850c290885d7df04a24c4448

SHA1
7480843e34d0f0f9dd60fe6388e97769381d0b90

SHA256
e5fbe3d0ce8704c9a415395f0f348e0f49b3da22502fd06c2568524b51d355f1

SHA512
e0a16d55c15f84c446d761e1d0bfc62f723e93e13815068ae5d3104049cf4c1e9947c1dbd8c9e853b65263e8399d19b1b3fbf60772f5216e1f51f4c5c5841449

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
7437b878b6c13b5964cb5856546b3677

SHA1
a70c8a66d8c3bbdb8c6e1f2c08c97645e921f728

SHA256
19620ec16a5c96040684ac004ff2816b45416bb8f806731b4fc809a2951aab83

SHA512
82047e4efe849721ab1fbe2e57c4bd68d777d5820e5b04886083ec56ac64d1b0127c445a79885b33e824ea9dd8a25a653c178f8cc3e02373640f002004673fa5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
7e056a9fcfb2b2398bd59c00efd61ca8

SHA1
ff2751010da5aabeab35459ff52434a025d25e6b

SHA256
c8bb4205aee99ad3a4ce8a5182fe33963fa12739081d2c5ef6f27c62291c7808

SHA512
2fbbe7f59c7892ccbfc760f5c2d6941c06b569c00d1dfeaf1dd38d69b61771d0189650b3d24ea6cdf60d87caaa5572e4e8ccb10cefb2e61dbb1b230acb1110e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
3f0172727a1d16e0aae0cf232738c81c

SHA1
505dc5a7519c7717385acff864e0dbd657426580

SHA256
be4eceea27454ccef2a3b5e025d38002625301d1b1dc4b686c957b6c7d676d46

SHA512
9950fecb80abf7f0c78b449923787eca3ad1272f067b1b1c23474b21866a6a4760d9386cbec135786edb857f22219203cb5a46c501e20b907a187aa4a7c6be4d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
239e1bbe4f4387ea3e95703478f7cf56

SHA1
622c9d22df37c3c794a0fe47e03b1d5db3f645b5

SHA256
fbbdce6797236c3b87dd65c9d4a2924467f570a05ff8fbe523a8aa0d7b87adac

SHA512
4812b6ec56ca6ffbbef7db2ae4e7a1582bfdb7be1ef075329a9bd53efc3114e8012385cce8cbf243470b058640067f0149f76dd05ce01ec175b8e2912b25e6dd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
281b28ae1a1af15672b97df7f0a614f7

SHA1
e9a61882915df5c56d2fa85650ea4c9f5a442955

SHA256
0195555f5ac255d763ae7dd13c5b08f7a59715860a42012309d435f18d66616c

SHA512
b34f95a3da6c5437f4ea37c5b3348ce02785fe47569dd397c45bdba09585136279b7b7c6eac7ee20139aafd511bedb822f1d7b357f2bfade342525191316dc9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
ea5a6e8dc6a8d5ff6420dfff7716c3cc

SHA1
6b91a1a3232cee86238821b743c15274b64752ef

SHA256
7869e850cb3f0151febe66b04efcd9b760599cbec7bfeec59886e2788e3ad4b9

SHA512
96f9f718ab4f93625710bbe8d5f1713112c6612289f760f8e83d76cd34881da54280c6d1af4b2f5d8a8be45fcf13475748e886c377916040803df03dbda46ec9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
500359411a5bc3798676afe7904642ca

SHA1
0aeadf71b46b8208c379815a817b95470ec1e6b1

SHA256
b21218155a5c4717945f6b3f81691b517e481e87731d21cf98eca3791005b679

SHA512
6fc12ba76accb64a3e2d92ac6436f024356408ab66919a791984ace1fe275fe141b36e46aafa91f37e88cadf14c8434d500a3f9ca87ff8f17f6cccadd8b57737

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
382d2f56495d6458a3f3046fa3840162

SHA1
d936ffe5d472a2cdaf251c8c2a00805dd8d706fe

SHA256
c9bed330c823f8317d433d31bf41676f0cc8c31e47d08915d2aea3d7326181f1

SHA512
43aa3e54f95af33a58c4ff9ece0a6236533774df3682712e4f737c48c83f568f2875f78814dd43197c0f4d2ff1b16ba626610ffff221206ce4f9075dfc70357e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
14a2aac82b61c5319b2fdc68b6456786

SHA1
806e0b48a0dce4c5bcc25d6397d934acf782392d

SHA256
912f813e97486708c10c6cf4a881cad2a312f9d6f7e3795d0e330446c4df18bf

SHA512
53974fb159aa47816e2561039753e845e0c6029e17b51c64f466c13422c3dea6774d8b19bc0c869456543f5ef9ec826ce7481353f2328992ba051d6fe781f6bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
9270f92c4dedd6884c51e08d17fdf82d

SHA1
9961e0b6dc4c773a887e801313a851baff259573

SHA256
64c41f779738a5eee3a5ea6fa5fbd98fd5f2211e3d2bb6c87f3cbf19829d00ea

SHA512
fbcd8ddb73331d6cc77904725de75bde10317a4637045821178ec5bb3cf11e4c7faaaa75aeb96372561c517c70ea9565d2a1955096a13995111e342472950782

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
7ecd7f8069df8552ab58459722e27028

SHA1
776c84ac7f78c74a2a7d0f637fd0c209cd88bacc

SHA256
9c061fa72622bce3076a94feb48de5cdd6a43bc84b5ea44c1878b45bbcb24a6a

SHA512
a3f0f427173941081c83a6f37ead143231b01eb1027d712f3304b6cfcb280c274b3498af52fd547a9dbc499270e6a3ec8f84d6dff3e30970a59b67465e86de8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
75443136b3237249a646e689f12100af

SHA1
3a8907af980f8a0306fbfcbf3509b4cf0c1db26f

SHA256
52d841f0b514f38f805add1d82078c67d0919869cc8b0f25d5d2bb7b6507166a

SHA512
589b7d6eff68024437d53fd4f6ab38954d74fede5a73a87f6afdb3cfadfccf33e44b1859d734e47123eb8cc52f08ea6f944dd5a339f73afa6a5cafa4a0ad0dfc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
ab12514fcaf89891b48e9dd16897cecd

SHA1
e5631909afd917db39412c7d9a0017ef5a2792ea

SHA256
e84f6f48df658480811756be693f30c96a9ffd92b5254aacddbda61af09d0a2c

SHA512
ebdc0fc02e247de5baec86544ef7b439b96c8cc22beff9932f9a7e2019cf30f06acffba444ceb9e09e0be678a50f639ca6c6901f2866832714efd483ebb41699

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4d8fecce22eb5b151aefc5004350bcfa

SHA1
9c092cb1c86c7604e3c030a201414bb097055b59

SHA256
16727b256a5eeee4db033669d243f86a2b149062a8d62e4c3f69672e8419934e

SHA512
e9688f8c0f6f3e8dbfdc316006a0c32c92221401deafa939aba6d18e0f2fa0b484ae82458f2dc5e9feb863fae2d3edacf9a9e533e963702c2d7a3bfef2347ed3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3b91913491f06a7371e94d37eaaf5b3f

SHA1
7a411f045ab11c1f17cc6035bf3e42f2fb2cde7e

SHA256
6527fb8a4b575203105ed817ff42eaba5a8a48bf6868c89a303af15fce8a15b1

SHA512
143a2037761e957f843a7365d9db81aec0f9de4e13e7050dd1cd6f14b804ae2bab7a1d0dd38a88ad668bd4700a9f93aeb83a87a8b3a26bbd5e4f691c591f578e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
24b0b7520e5ea1dfd94bacca96473d47

SHA1
2406db1e59f7a50f7707d50199626f42112556f8

SHA256
87682310dec92777dd41d4a888ef96c599009773746fab47a3a3982001dee410

SHA512
14e4cd09eb3fcc00e9b694126feee99ea383cbee1247bc816229e5a21e6117cf623e9b02a37b6bf350b5bfc95a9c32e162d942a7a4b9a8e663f48e5c6fc2f727

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
b20290c8952ac1460c0836a78acaa888

SHA1
3970a72342205e55e342ce9a52de2117090476ff

SHA256
129043cc96fbf533da426bb523241b67c43ad9b58ce6eef4f5ca5b528cc98a18

SHA512
291d5747838499443eb338d907a64aaa752188d62d3be87aa182757db36e46ddaaa7e24f23e94d3ca936df93df1f0ec1c2d2c11259596f684aa9222fcb329e28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e587423575ca8782e71a7e72188f7d37

SHA1
703e767e585c501a23a4e824552c7ecc0b0c8667

SHA256
87e9aac755fc23f224b0443cf0c2bd84b2d1110ac576fddd3e01a7a9d1d4d9f9

SHA512
74b9e3c1e515e43e68a78f3b803fb18c96fcbe0ccb0adb3a48942ed3d56ac7b63f7759f410c2e5941da821afdc84e906c52abf9e6f3036351064f09d196000b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4b9f8811e55e3ea14062386f48e95193

SHA1
93e16cee4de126745e5c1f3b31c292f83c50a207

SHA256
11028dc8a4baf15bd8f638c585d316c3e6d60e47279e72ed3c5304906fbf5c0f

SHA512
a2a5291107a327e9161419c852b99fa8ac76ef6d8ebde94ea4bed3ee4551c823b2a7e3656567ccc1080cd0af4c1ecf98a6daedca9971fb9fa9f8b6a1ec669cb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
0d472ba78ed071bd3837d0c75695ef98

SHA1
bdfdf8c2b31af8caccf07239e7f862635163b57f

SHA256
233a1def3216c879ab8761d7b7cfd71ba07166d52bb59e0aa6db40b235107a07

SHA512
91de4b5d3a089109a8f834c88f39da3405e5ce9f54152592717430197300f18f41f7a5940f7bd1fcb2afb881a9658154f79685d9317d9c050069f40d2e62a075

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a1e1ee776e7c7caf51ac2cdcccf9a99a

SHA1
ecbb967826af171ed6f0e23965dab037f01a980c

SHA256
88304fcd21ffe56512d42d56589b382ef5f88718ab039a3074b6185a4df2620d

SHA512
97e4902bb88fe3c08e35145b3d124d7b166f7dcac610b9b6ab23705514e45ef629f9edb810df2e78da986e4d13fd7f55bdef24b763f87ba90925f899dc4641cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
626473589cf72ad1d075fc9f68597966

SHA1
ea469e1ed9ffa7d21f435b3431726b419c30acd1

SHA256
91a4dcace470a92e50c0a5d471219216e350a796427465f142b1ff42fea78016

SHA512
c12fc02a86f27a45bf5fc64678e9cbc0b0ac13e058e91945c494bc719f6004f41339979e604db91b16fe82e9297621ab4db3c1476e4cc5c0178d203a84954bcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
c46e948ddf73bf39ecad61fe92780d18

SHA1
cf9201e5c3dcfa4d9b7b2a0f35e2fe38f3cccec4

SHA256
6959466c0dd7c06dc9fbe48d50738b29c03f075be6c75a06bb31ae713237e497

SHA512
839bbbba2bbef3b0181017cf95df154432856675a5052554a2be19d55cbf41725e4bc93a0e77a6dc60d68f3f2d2b6284c5596a8d9fcf7416500cea6706343841

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
9360ed333216eb752b248a600b19c5b9

SHA1
ce531741ddc8d693790570fd4c4d9ec052d9a9bd

SHA256
ae1ca453e812d5c9e950c98f3a6f56070116a97b54f4518587ddfe664cf74381

SHA512
02dc167f7ddb17d4e07d10f745a50cae77c112eb5b879d43579f9e2a5a905689086eb1810f25457fbf6d923f2392f0c663517a4c497fdd5acfa7db864cf72dc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
1d95aa0481366da3650580d4815ed7b0

SHA1
701182115e73ea6690b398f8805004e4bfdae900

SHA256
ab834ce1c76e4c5eed070e2e99138ffa1cf494f62cbc11f8089a6a633854d12c

SHA512
e98bfa909d00fda27f5e8fad2c7cd0ed88ed9c3f0df8650288d7af793f0866a01d82642fa56dbf689c33c0c3a3ad18155b262649064a9a8ca37bb94a3efa98cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
fa2055ffec6e08986d9438edd4ca51fb

SHA1
71138dc9e4b993877376176d88b114ecdb3cc7fc

SHA256
55f66afaf9f7938131e575b980d0385780d0df6c74fc3c4341f6fee8f0848d0d

SHA512
ade27be62a9867ca14508701f3f4baa298945974e4856f98d1e1e6b1144e5e3734d35e8ebce9d30abc657d12095345728913c89775c3499240f39db0353ba729

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
e3928546cd285397e3198117ba681d4f

SHA1
cf2ea30f3b3f45e69825d7b40606997f1a664655

SHA256
5bf07d29fe2b79e69ce628ed5fd7a69bd5172be73ceeedab8acb1e0d4afc0aec

SHA512
6683a847904103bbab7c4d24e57308b8ad7cd9425d0a0236309a89188484a0b16e7cf35e5dd39db84b69139cd380e38d85b1d3c881988bc54c3846ce838649ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
d05257803344c55f46f76883281d2c72

SHA1
8c04efedb9b4b5554f57e3707681d11d366f7d4a

SHA256
053353db6f5b7359823db40a6142a5f7d89cb0d5c0b422e76a8c3287cd9f753a

SHA512
f8a44fe573330ffe6452f74b7f5d4cf2949f6d977576a58ac87bd3441f0af4c680426ad3cfbace820fca013dd2234bb0f458a166271c2dc87ab69c39d602d647

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
9482637a38c55f6fd08ea197a0b1f09b

SHA1
d8cd3ac16d4ac97d4a42b0d6fef1195bd0d4fa41

SHA256
b3f925451ceb221abfb3bdb8d4c81234babd4cbeb3b9a6c7de69f9173136e245

SHA512
38a4659f7b79be27ed60a24205c694ec6c9ede3862e0201fb4d22597f9d5e45433408550dc7b576a3693d751b6e96f59ebeec5bab7777616a4be7ccd7532d331

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.EnCiPhErEd

Filesize
32KB

MD5
e09e58b5d8c6bfa7d4bf3286793dd862

SHA1
b9e352ad1c9f720d4dd7a44f88007df1a9aa791d

SHA256
0d29ac65b1c5eaf2b3285f9c87cc6ba5709ed837edfcb13c6f9928af47031887

SHA512
9592ceb81f8856cf10695bd857dc4afeedcea171b16221067092e65a22e18f5ee2afd2b32fcc8e7ea962c1f9556f7275ee173dbf46b5ad37ace785cfe1ea4d2f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
352B

MD5
fbc86c51a58818ff9a54644adfaa8c11

SHA1
3099ebf5bb532245b2f029a7472d03ac26c213b7

SHA256
4429117b202b2572c30ffd614e410f67d6d4dada8b73bf7905c11ee6eb276b09

SHA512
8b142a3247627ea75f4048f43a22c97ac39dc25b5e56182eab0f7827c96cafbe65656ebbee9b02c41eb5fb8f4ad5ca8c49f989ac95140e5153d3e9378171d5b9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
6d33f1270b6321c58a87d7dcb68be732

SHA1
fe8776da16bf9a27a1546551e969306da52c2b56

SHA256
b45255218e0ee870c41e265d064d66abae70adff4e1d25447dfd702e88178ea7

SHA512
91ca80043ebec9755f1b9241b85e82c9684083da1122a05c8a39c56c00361f6c810c5380dfd3445b89a01181361081ec88d4ea0f6cb93c9fd63107b825bd0b48

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
2ee0c5bce1efa67c4592c27c99439c54

SHA1
a260978334a09d00b3941f623933686318b0c8e4

SHA256
ea63e51359e5c5ba51bef55d8b21fbd3fab48f352ada51086acbadb114eca301

SHA512
40fdff218678e1bed3627aa427ee75aa1856e066e235d300f78a232507cb634c5bfd94a76d39b23ca55aef1b50bffac9f23be3f9530345ddc5da71d29cf9a034

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
c706d6e972a1d457e699253f5d4aa6c9

SHA1
31798943f36c63f167615c339ec6f48a32d704a6

SHA256
7022411201433bed0d000ce0a98e63ed8cde35b2a2d43ef068d3a173aa110408

SHA512
459f409a85d956dfad3262a5c4656e7513264846377f0097f736a14ac10fe4133fb510f3c1391a7e176045a4df0106cf7d7c4410996acf30de418125eb8e1888

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
706bff618503bb1063df726c10c622da

SHA1
4770af5095d6e437336a65cbb643886881931eda

SHA256
27893a263bf52bdd9c4bd54ca8eaa79d69e665448981415349b81b89cabeedb0

SHA512
5121ace57c3482be503e101e4b8e6b54be577dc3bf254487e742c3022dce7d2a28976afccb9f0e10803a5d2829b7f199e1ad6e3135b6bece1e6923d0d60f1645

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
cd837aa16603da33939cdc716f297e1d

SHA1
7a9850e96c6406ec4a95ebdd66f01ccdef305e58

SHA256
2839847aefde7369310b1154227beb5f29409adf9fd65c0fe8f353be0af62bee

SHA512
e81918373aabb2aaed3efaebcd3bacbe2e72de95295f3fe6a3ac6f5851c774744183a8dafdac0db5ac01c3902edf3506a18bd3284aede39420b9e9ac497cd38d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
7f8b0dfa183036a11c68e7c0633babb4

SHA1
a2a6321954709db946880ab90d5deb2b0c934d1e

SHA256
a5a4c0d2d234952d3c8f4e3acd670182051ed6808bd2011f1dd481346d9decd9

SHA512
63028f9ac99eedd6521fce4198af367b58fbe21776db4c119e5aaca63b6fab85976773b49e989a28f6c3d8ca5a8842c315cddbf8b7cc03ef6ad773c1af97ff4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
0cf2d07d49393f8ee4bd45bd5445b6db

SHA1
2a5cb9fca664d8997cff415989a96706d7f3061e

SHA256
8aedfd589694c24b901c9858bf6553fb79acd3871d90f6fd5e3e0fe6e47eeff7

SHA512
4665b88dfd3e727c4bb31877c8fb76cac19e8257a9afae9f9981257a5a769ad1b1291a4b1ad9f51a15a19db9f716359b005a91f0d795e7d9a598082649c6d2ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
d9f05ae69987ea914343e350b8c35f90

SHA1
d2963e678cb2bba3caf37cd1357274bd138f8580

SHA256
6798ba008ff3e6de0dc1e116f845e7883fcf45c2ecaa48d772aba288e8fc293f

SHA512
e8631c5069de0c57184288619aff4c387bb905f466dabe0a80196afe8547e33b1cb7dd7c1c52fcb0076fa53e51c87c784223683c708e830231afae923058fdbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
07a3085f7129411eb0f0a0929f937b9d

SHA1
c5536e4743663d2a344abc8f1cbff9a44b71c914

SHA256
5ed1eab1b719edbe9dc4a7bb885f804de472368ffc1d30745af6c649e60d2ecb

SHA512
33cd7fab6fb3a5d69864336df8cb7174df96a76176aace8a263d31e83dfda140038e3f574b600556327ca6edaa60dff91413988d59d9d1b0aeaea454520367f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
3a94eb1ac1aa119b05643e7e9b90b337

SHA1
cf233472bd346ede0c5e747677bdd0d7ceab7ea7

SHA256
e5948f223056d0abe001b2b9fbfaf3646500c822f14cc0999edf3398977ac9fe

SHA512
1906021343b44135a40b5087e0ac4c7b7db5e5d2b3396a0df373d72d9323ec8ab15fda4b98d26e5e18dfa39f92d09b570268ae9eb22058c308eff8948615f777

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
41e41daabb67f6cc4d9a9a57436234ed

SHA1
b167a97dc67c1038644e24c2a834b864e9e0404f

SHA256
45fe9cc6e3617cadd6d82a99c3b36fdcfdff4ec55bf314bb593f08796847e031

SHA512
511497ad332e1b42a29e8431b2e2ce35392f5cd9bb824b91328382954bc75fe77ca33817a31a3f82a6a4e44e06cc9e4e0f8bc1b177b079b75781643a672907a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
87181bfbdd25766c20bf3ed47d4ccab8

SHA1
a13ded2e4a7df7c9c1e8947ec130a25487e51ca2

SHA256
3f323336fb3beda6c3d287d40c0c0a670d77cd398314a43650f7880e714d9f93

SHA512
ecb8cd118c275f97cb284bbb1805a06014f0c79925b4710ff12c56445f4729fd4a7e186c9bc2d456335db7a4577ac9104c7de9fff507cda74203ea942dd846c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
6dda43aee932f5bda96709461ef8554c

SHA1
d9719a68ab6cb88ca3f3a8e828da11ae901ff349

SHA256
0c184f969bef558d95bd2f3ee81b0b47254c15ac7f8deed9eb46b5340934aff4

SHA512
d0637bd02d4a78ca75f5f58a8c6adad9a05ff5f4396dbbdede0df420fe2cad64849fb562f85b939810b34de317d043f39218e878b1ac9f5e10465821338b77e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
dbfa2998e51d4adbf4bbea439a6ed33d

SHA1
28c8c19514df41bfa8f549ee10fff5dca92a18b9

SHA256
fe326e2e26cdc915572f1beb245f6ab342e450344504b1e2c06538a839384afe

SHA512
ccc6ccac551ecc08b272f177787d0eb6e62045c4f6445853945d75e36040944dc065e9cc429b67652151b7d1eb609e3eb6a4a26bd75b6e9c476725ed6fd1acee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
36baf7a3e381351f42adb5b202f9e158

SHA1
8ee5c53e451292dd349ccccbc693241d361e99b0

SHA256
2b378adda8664c72f3c359ef1a0edd3e099172dae204829dc0135efe7d6e246b

SHA512
152047bb0a97828689a805fda266111e582a51f939062db002171b1136e5d2616a9e6267de77e04f18f2e20808403105845ccb06e1488c616079483ab72a17aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d55b9a8a1f01422f462fcda93b9cb4e4

SHA1
733f1b6c2c88b67679c06ff70be99fb16600995c

SHA256
549e58fd9982fd0db208ac070ca9d20f7d7c36fe33b0150c5a7dfa5ecdff9ac1

SHA512
6571522fedc8e3b9e879875a87b18524b4cbca84277d6b27c12ef2c7687b9c04770486ba86e040548f0cece3f89e24fb6b1c6e61b8b545836f81281c4b700628

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f9a0e7616e0c132c43ecd758bcd4abc9

SHA1
78934cf79fc3879c3045709ccd7c1e6edd088d05

SHA256
d75f86d51b9fcff423d4329a3752950e8585953bafc2f04346426d63c6b95b12

SHA512
7781968dd66132bb00fc6f69afc435200378b4c6a1371ae78c4ff5a54a36a49f3160039461dc41a53f4643496d89e011810438a1926592faa6dd983ea52de602

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
c090bb02fbd09c42f9c3a2795d678257

SHA1
f739cee081fec4688ac7d633d751ddc067649ee3

SHA256
109af74f32fa0ec18ab37ffaf864de0110dfe211f01925c11f228c3c4fef9ec8

SHA512
edeef75159a9db91709421631d7e511dd3792cfdb3bf70a97f565b07c4298fd31f5c9a6316dc7ab6ed3a89f4f542b402b3894cc3c4d97d2b558c1234a9ebbdbf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
0ec02ac319a4984bb392f99e73ba3f27

SHA1
dafa05a8957a8c2f73da4e0b313a26a7fb2d8ba4

SHA256
6364aef74b4e4898bdc45c88b74f9da7a48ed042b88eb7cf2995d3ea3b4beeef

SHA512
9919ffeb1187ece020919a7078c0f201cbfa8225bf2966b8d5632261f27bc9a7cf005b2d5268578f6a080bf13204a28f4d3744f6d6042b7d53ff3bf58347fd09

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
58d8e92c3c8335cded6ed33f360e55d7

SHA1
0ce8e3005fef9fa896330ae973aaf43549a71bd1

SHA256
8160ef481428bdf7e0a7818c06de3e6736a7793b3a69ca43a5fca4c9c8d6169b

SHA512
b4097c04eee1ab20491f7434285ad7ed3538c420f656a5baebcb81d01472bd00be00d94e326ef5862cdfeaa85efff4cf773260a10ab73cd36caa0f7d75ba7670

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
459abdb96a043221ce7efed61899e2b1

SHA1
7acd7099e4c39ed84c1683f99198c48f6f425592

SHA256
a8d173132a97f39652f0e4e9f554ac4fe9c62b89561628092dfff21dec414005

SHA512
a2f77d44a39f8a2e1da5a8b233713a81b716feca0488f4dbcebeb462fcd14f0d0237ab2c219eb105317ca6a12cd6c53ace7c73eb88e31785b83b807db878a95b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ed27020bfaf289b6379a89a74a3964b1

SHA1
72028f61bf808cc28e4f7734cf3513051dfab66b

SHA256
7a1aed2c53fcf9584b3608a0e9deebde1d33f77638980772978c09ab2613e4b7

SHA512
362a1db4dd6f4ef021aabdf1e823fd0b8e523ba36e167aa6f445a7f25d78f1db0a629e3cc093d7188286ea1d641bfd1bd702f2e428c25622a86d5ec0e9e6b0ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
4321d8c35ee58f7d8c2562628bfcf713

SHA1
b606e4115cd464c12cb3644da7728797c99ff4e8

SHA256
74adb7634b7065af07542f5436733e599c2277c5bb23840e26a82ad291fc818a

SHA512
bf86cd0010922658d448a7a43834923e2cbdc0d5c31b6bd05e30c7709c020f2453166e6a7eda0132c009e2fd3b575ae28245fe56d5fa19b66f48c9eedf7be192

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d10cad55b87fd7840bb1c55c15ca8e36

SHA1
e6644cdf8e220532fc10af52c46326cb43746579

SHA256
4b7be2e35cba2c9cda8abd22f9152fdb7a73434f886c791d94777632bfde0f4c

SHA512
de207684932511a453d38d313ab39ed7cd32f9a7734a1368fd94db8cd38bff9d818cebd81c968424c289ecd41fff29e6561cc36b6843c879a0b30ce1e4c695ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
044bfca842c972e62b2f971bf4908e01

SHA1
d95fc2f7536cf11f09edc87fcf4eb7e072879231

SHA256
cd50c14b97389d0ff8222fb38ccba6d6d1159544cbc18f04582c2814411d0c97

SHA512
336d758f55eeee4a461f0de8714d1ae5f16ce4876d19f9714c92985c0f0d898321739b9f88be96989a4fab1d76face870a89f6c3ff90266e3793b7c676924e3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
62ed04489da8171ce3cedddea8f47fee

SHA1
40887247aa5aa53abd9858ffa3a8639e8d164d1d

SHA256
ddac6b5ac53b754e9b857fa31d755c943ba530f05d5153972f0aed75970813aa

SHA512
2ed82869f553b7c0a6cdc1b502795c74350825bfedf69fcac46f639f918f8fe88878e04a0ff3d58b391fae04ede1e6447f48ee512db71ea72475dc65b04a05a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
51dfdf2f0f3f4221a57315c622d24f35

SHA1
f6727dc4b8d49dbb050701aa5c916f509a37fe1b

SHA256
165bc30ac92ee0f374264824f05e9d87c279280a2328b0943de11368dacc473f

SHA512
16ee698abf681f1e25650979f6024143703d17b1529c9dc6d28ddb0b8621c945addc9e7d76f623e7c7e56de9ed06af595b3c43f83766645c5645c048d737909e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e1fd8f03d1138a4713098d5cf526c4db

SHA1
b9e06959ea3486156ae081091d8c901380dac110

SHA256
f6fc5871ea5c7a55faec6a0d757102983c5f5de192eeea6450891582e5d87e14

SHA512
dc41fcc2b0737e7fa246af8b22ba151a4880fc79b02b66563ad6f159bf8acde21c7439a1c414a5e2de338f663f5496632b95c055c0c2b9cf85a82b8a6888fae6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
d6e3d4f6b95c762a0cd38c8ccfe0c820

SHA1
070d808ceda8fc9238a1554f8b1d66bd7081162b

SHA256
325f155fbdf67155ecc002acdff9d47807fc7c5fcbaafb058a491e20567ee7ac

SHA512
ac24a4882aaaab00fd3064b67c33108e9e18a60327dadd597ac9a0def96ea0ca23a1e6ac68461c9d99235da0bc17dd13cc6b7e534f9368228da2eabec4e55f01

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
eed2088082b968848a229e9e0f3f8623

SHA1
be53faf2b57e351152fddc12a3b2bfe49a4d27bd

SHA256
2bdaaf8bbdfd003b90907b8a1eefb27acedfa912a753f425de914f3874e0109d

SHA512
99661fe8266cbb57945290772788508db32f46efbed8f3e865ff18ed3a9af03a1eb694fb87d48585bf5a55af9eec081ca9f88b9cc45922612c0bf6ca4d422b37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
b87999e91c4ac3ab0fa7895c1be766a5

SHA1
5b4bdce3bd33d5a4290844741ae6cbad121e659b

SHA256
b2797c80d5eebf16c308eb18ae2fb74d107044ba5102e56974c6296cccaae4ce

SHA512
ebec91a21433f1fd49cd1d78f7c0b1e66aecc58b7b832516c129d17c1c3360682789546d3eab6739d683a30e2a9219114217474684e89b5e6d7b42f65d174d66

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
0bb043a5434ca3aeafa41c4c1e2a7d50

SHA1
fe20debc378c9f10da372b6dc2bb447bb94af6c4

SHA256
8b4c2f24bcee1a68d2748e693ab8d4fdb1fe7e82fee1e67d70c9805215034a00

SHA512
f5fa5ebf3834c458c78f331f140f54c70aa18165e3ed3b748a641e697571ec996ddc3e80e728667c54b67bf119e823af59325eafb921e6178d51c54374622587

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
1050f1ca8178402a207abf5789bf013a

SHA1
55376705066863424c9d7f25dfd2f06a0ea492cf

SHA256
e4f8d8425eed206003ea1777d516954aaa38f444514f7e44f8addbe286813864

SHA512
bffe9f2f175af588e85a2e141023df2dd240675f6e73636fee3cd9329d646a2074eb37ae293331d5119416b89e667f5c4b525afffda7f94a8e7a23ede063559c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
2cae0de998607f5565d907127f26652f

SHA1
db3f3d070df5bba287c130336d79e83b121a4372

SHA256
fb2bcf75b78d6a3e5d2567132db167850aa01595b158822242bd7fe3f17e8bd9

SHA512
b83cc196cb1c43ea80b512ced2de96f4c834c570eeef0ba9442320673fb55a906d73d2489258bed4cda7997c78161c860a1b7620da05b8cdff4f7382d02d0989

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
bbcaaf933987d78a2c06fba2a416aa42

SHA1
1c1bbf3354199dbe92012b8b640ee156fdc50679

SHA256
843d131beb4a2020fa1f57e6b46b00fba29d7f2ad825d6b551df180beadb4a33

SHA512
7f2b4f57da52b13cd65bc4188c1441e0ae6d181281688b232a2ac6945ade46d0ab5784c323caf1d125cf31b8679b0b323753000a47d2413297c180c59208a152

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
46a2ea5f5ef523be19f527a1ab166b44

SHA1
d533091b428d3247bc3875643bb8a6a0c903d913

SHA256
69c9b139c0d176cb201163cbe8ddb9ab7a466d29e10cf39adcb838fadf221ae5

SHA512
4cda4ccf01757ef9c981b252f0d39f68af6d06a227de0c51e4ac9de3944e24bf62933da2c03bbad478771ebdc9d6f5e8dff62fb39e0db740e3508e0d8bafab76

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1b9c36a13d4005b15c04c0a012459411

SHA1
21ddd02d9e0844314e84fe7554b8c6952a2a453a

SHA256
d5baa28e3375b150a0f2b68a6762a536f5fa275109ea41dd7219066037f5b940

SHA512
a813973a1b90a98f7f1731476cd18b5295f12142b8ac83c9b205f22b645f2e153b533386a4c48b4c6eaa93c2b8b4b2bb2461ab6d573385980e8c3ba75599dcec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
c2404deb68bf6536debaae31d5750c9d

SHA1
61a4639bbc997de30c5d7e2d286b18f544c03cbc

SHA256
40498d5a6aa16c2b877e0ed77953994071608da9925e13ff2393abf8a634072b

SHA512
f58e35668a144d0a0b264bfa68df169d10f30f0ea53f7cee2e49edc706040dbf9d8febb8a2df56f10678f07f2bebcee6dd1de6bc09d2b5f60cc4b1fe1da452a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
096945c88d358030a90ef05274d01d62

SHA1
91fb5e324138d3543d0dc567ddbf6170bcd25409

SHA256
4384ce9fe4da90219c8577932282ab5cb708418fcb9bb6589fb618e4f459525e

SHA512
62a3c475e69a86481c101402acbd4c52e641a90b935ded3361f445a55c028dc0743ba2cf7ead1cc0715d21e1a51957a9a9c9e5ae066f0637f94f45af7f158059

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
85b8122996042bb54ef3127796f9b457

SHA1
eec7f113c9d785887d07c3563c8389fb6681c582

SHA256
078c19bdb3ad76c52bd0410e88d49e4897a35a4ac07bccd1956713fcb7e26cee

SHA512
7c6ae5269a8d66df6e44b18e32c9121e1b14cf12ae8be80eef8ea25c876579afcf3778ec32e3f21b3560289631ba1ebe16bc2685185fbe37f8862825a5a40492

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
49e9f1e91b8f6f49e7ef16507b4147bc

SHA1
e7c2953d6d9f8a07c97ab25d3c9f90d7fe1b0833

SHA256
35e398f69d403c11d516414c5549531acdf60ef988cc53e428857b5674a21ea7

SHA512
583371bf467124b7c514666f9c8682d51f8c6ec8eb735bc3aab5d54bc7ac02660d61f1663a73993cb42ca1ad71ab900e6002995e0b5f3d8fc64e4058536e980f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
e410bce48d88f92e43ad401df7525185

SHA1
2a406249d0333d9a8af76a10fb6d1763011d5721

SHA256
e29ee0708d04221f025d93d577f1e84a297636b3c66dde33f4b578a795b9a921

SHA512
567c121cc9171b3236e9f6207a3da7fd2cc29c934005aaf4af8ad4e549d98dd7fe040ef10a1d4262684d47836eb1589bc4d6ce3562e40061caf11208a48ad1de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
ebb18574e8940b11d1c8fc6dfedff24e

SHA1
dc22602e3681cbc2ceaad0e255979b9df50d68ef

SHA256
b95bba2c4a2f9990ee8c4b006acb3d8a58abc59e5f823868de2f3c7db9281de6

SHA512
dbd96f05ff52a126f6da551237072c0947345fc0e5c10bc98da8c168226b081230c2ded3473f3b1185ff97b65c656dc1dc238fef84ab227cfbcf1d7a7b057d57

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
08ac8849e934be8ef740549d14d978cc

SHA1
42626c21017d826c430e28d15018750ffc5f0a1f

SHA256
220bb7e62128660d0fca5fc7c7943dc7fbe9ce5a11b574e146fb42293537ebbd

SHA512
0122e9f47d2cd7b40ac1c4497cfca04a3e8016b6ac900fdaa2e553a7a88cfe6c2370b11de019c9499a19970e7fd7dec9ccdd4f7fc858e28d776ef6d578480f0d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
453c18d03c4c9c4526852136327b4bf5

SHA1
42cf0397e0a1c1de7902e8640333374579475d17

SHA256
21cf48270f6b88353571e074b5fe11a92b2c95841ecda034d46fee1ce31d0f97

SHA512
28fca2f87d9961ee66e8f00d918b9c82c290535b58cd4e9714511b532e4c389ccdcd269db3784bc7baea78c137c69decb21b87cb9649cff46232ef70b5bfdb82

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
eb6f30e3bdaffa4407e0fc554ceb5e09

SHA1
4394bea5bf8fb36f798da6fdbff6250c8151019b

SHA256
cf3d7451234cd124e08ff3bc856148c3546662e412d87ca101da5b294503920c

SHA512
b79aeba6b64178c1fdcb814759359aa54c22f248f8b895ab40a9e5fa2f47596152372d6102d37c1ad7728c21f0289beab37d07c6d262791b5b526c24f4db967d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

Filesize
77KB

MD5
bd41271e8fab144cff037fd3e43cad1a

SHA1
eab7a778417c9aca93ca3f69bd948e44e83b7a2e

SHA256
ccf9d64e2fdc7ce6225829372f65274cb9dcc9374833790e8b6aba6b8e19cdfa

SHA512
671381e8b292711f26292485a391828b4597e79f718e0b642d4590029b7a8a52dba8e540d657ad215b50401d175298ccdd68faa69628ed0057c5a33fe1ac3922

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
f8f8a69e4b2936cf17aee193cbabe0b9

SHA1
01082cfa4d80dafa5aa780e3ae117cd3ef428f55

SHA256
83355b25ae37f4679940fe3b9366c530fbe9f9dac441c678088d4a1592c6f4cc

SHA512
0e3f5c806a71da71e8b14da365031028aac1df3c3569c09d6f3f0e8deec222b33ed00f9bde2f61b34499cfa0fb6cc1948708e936702367d4823f6fd0609ba464

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
53f1224b10478bcae046acf8050cc923

SHA1
1af0a849ff72b04ad02d942aff24ab3f0fb3ef25

SHA256
9b41b45d3c52ad4bc5ef0a63703c393e4e939bc26434f202be5839332cb4bb4f

SHA512
a7835c528eeefb884a2a18e18b4ca17da01be72150fdcd90db6ad692a87bb88099cc7909c1d09ff3f15d84aa9cec8b0e0fc29cad91dbc0fa053df47c29496375

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt.EnCiPhErEd

Filesize
74KB

MD5
287b3ef3ff1e53faeb4b679ee290058f

SHA1
9f16976c1ac5e074ae9fcdfc547fcf98274977fc

SHA256
6c656f15e4742e5131af133a7c55e2d42bf1cb2fb251cd879919fe8e0fccc7ab

SHA512
d975314b59de7fc1d798dd33617ab806976e6cc55931ad91e19e0d59a2b72560c90bb82835e5dbd5b94e7d5b26b14ca277ab7bedddc706f4cdada9a0e440f42b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
b1f79a6c4fe2b47298e51574190501bd

SHA1
d3c957290ddc5b6ca4119c3b68682e95afd2f098

SHA256
3c28cb8f50728a420037702ab7e352ca9507f84fbdf5668c453409886ba57411

SHA512
ffaed29e3281c80d7d77dbef98f33a61ff118d54e4b967bb14caeca3c1b7342d7cfa5240487e16eaf758a1545c8e546eff6db6d5a96db16617f73bf45c1ceb0a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
66150bb21e80d75b28ae8879e98d4bbb

SHA1
ed96c42a366ace44254895dc34616af0efa0c4ee

SHA256
c0d4cdd2437b92c88f1768f2fe0a2deb3719ba08b76fedb7bb33fdf6e102c122

SHA512
a31d7da703340ccbee21a4b7761f25457300d867703e80551f9d9d41b0e34df433a72a8efe78189171bdfe1ecaa97792ca40f6f52c8d87548518f4638ebe5857

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
47d0a92f6c740269e49b4edaffa35394

SHA1
4fd75499b81b2baa79b37b508608f1ee4f84ed10

SHA256
2a844cbc6cae0c0f02fbd3b94717284eab90fa19048733678450fae1f050cc6e

SHA512
12dcc79fdb777ffe10170943d69b15acc4fc161f5f00ffdc1eae4194b3660608061b2bb0f4818762b5b23f40f45cd1c46fb598476cdc2c24becad2a64a19bb0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
9adddfe021e9f711ef5fd442622770fd

SHA1
9bb62055de517f9324af33043f043d85c137892a

SHA256
64002f6c9c55ba587632221e1ccd5f9ace1a1522e776cd218e5a7e0bd5904c8a

SHA512
6b52b4dbbd48f44c614da24624434d2f0c3a774ca576b92acb6bed162bb25a23590df59a3b98904426a86b5c92a22f8687645c744070743858c941199db5f4d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9364ff1f8347369c8dfd2c0c1a665cf9

SHA1
5f9764f2c8976406bb79c3df398cc260a1373909

SHA256
bc36602fe2baa4129d38e366ec8b15e77d4db17331b96f6f8de9ba138e9a6ec2

SHA512
4b986b20730f2cc1536289cc1f28fe6e89b48a360ec1bd7ce41b7224de60bc9c824d357dde006c1fd93247979d0be56d981f70993b6eecf11aafb816adb7dd6b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
16438ad57f5cdb9fda39783c35398cb1

SHA1
b5fa856be63753a0d4e00c42a60d1137ee144911

SHA256
144b528325e73a38cfd84c09ee84af548a3765ac3065584ca59f43a0adecee24

SHA512
d6d671564373cf0e2f7f333e53501d911f32dd88dfe2cd493f0c3b52ef151916492ba10bfd94475808df2a06c0d96bb51ba5add6f4cbf86ab21b0080e32086a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e6f5edb1e561e91fe8a7a61820a095b5

SHA1
65e8d9078ca8664ce8dda1577558a8cc00d0741b

SHA256
3645ff3c2110111fbbf19b6dad00e162560bbc142320448a5f11c04b4fe3a32f

SHA512
a6d8c15adbca2dc3e901d324edffe3c0e7539936f093e836f36a0f33e43411173199fd8fb57880bd8873051838eeded0896ff1f3eee7cb2d7a60460b89f97617

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f464247642bef47580f0b0f7725e59a2

SHA1
2b65e9b825c6cb05283481ac5a951ff6d06d5a97

SHA256
c6783d65f2b6011e4fc69598cc87f2af740ac810296cfdab2ad8af719d714dfe

SHA512
b6e93f0c4eaf684ec12cd5bc47de1e7c0fa8153fffbeb3f0267bd595a94a389a7d2fc97304c81af3f384cb553d7f1e3de72806c6fbd222f3df386c7d54f37d07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
9b5017537815ddcd0b3be6103324cd89

SHA1
b8921e06529f401677c44ff641aa159b11dc44be

SHA256
38371a0c11817d75a49b733b1e9e5b466a4ffce47b7680f68ba4f024050cd376

SHA512
d106e0fe3837a4c5307e84d02771a955c3e255fcb7901419c69631962a3c9872c9052dcd8dd23881d300ce08d787edda226dd9257415549110ba74104edb78d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
2c971ee7ecfac08b948d20019911ca24

SHA1
bea64c982e78c37cd4df17dbe2222943a0958f3a

SHA256
41e273fe465e0708ae15d65fdadb55c39988a43ecda34a5f1c759f24db32a882

SHA512
f66ca248175eee97aaead7852d6ca70e76e5d2d3a5b9cec14da9f2869d5eb0b737bab192a4988baba7b62a13e1b0cab25f97f38fbb7b7969900b9f2938432113

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
9c856d054c04d4bd9d79bb9171798c25

SHA1
a6ab636736fe520427e94b4e6a90ce3094ca17eb

SHA256
d8038d0085772201af31c7de0f78035dfce661334703a6809d77e63da828ea43

SHA512
834832fae846be910a191540d735d7fb8dd1476033ce69fe9cd43ed386ee560792a0612af55afb1fb3fb33838f0fd834b5b9edcaf7dd217e91c6ce9b35d0a1c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
f3f349b1eb19bb240b10cb6276414844

SHA1
285a848b121fae460970d0caa43c95f32e64eff6

SHA256
ddd3c5b0087c8360f574dfd9d62967339f34784034f7e28274fd9b40d92954c8

SHA512
d7a5b1a506394ba8ca0adf861ee570c98e4578d40a1ca36b2eec85559ed3274370730f7d364a964ff8dd47be88c0f65f13edc69d017bbe43f28f877acf95e480

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
14417c11dafd345bb8c65a72867acac5

SHA1
eeef7ccafcbea52fd03dd58f5ea6c1b55ac320ba

SHA256
2c07ef59a87679205a13bb9501ebad13d1d4b228159e509ddafaf8f10dd4bfbd

SHA512
1579ffa76abf1abd52d386c722915845f1f1aceeac467ed76303bf5d17d4bd585d18b5e04afc50a1e85da63af2b8cb7827d8c99648a9b1564c12d6c512f8003e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
51499f9c7b689688c352f21fda608429

SHA1
c8177ef89682f7743663bd1fac83093256af7f81

SHA256
dad026e2bb150790d4b97d25a71492d7ed671a6e1cceda8317cf84e22169fde7

SHA512
27acb945dda817d3acf449468780369a3544af02e8567400c96a6e4caec974277ac29dd54448ed8b2a5b7a5c5b06b63bc1b3fe7bf8155ce91ef4f15a523f2573

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
4d127f281e07ca25521c7a5b0cab8208

SHA1
f0f39de118bd7dc0b732e5946cb354cdf88d1d86

SHA256
41546e0a9fe87c504fe4b03ba62171e33a28a44ace4626f722fd1f05ce214140

SHA512
5764ab798b38352ae7f4d411f9a40cf20caafb9d04739f3e3f0d21f6b0589f617ef51402b6994776c87449947037673e91f4bed6111f1e0e579034412bfe7fc5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
5f6c9bf16e5621d9638e483a9e4739d7

SHA1
013b812c0f351b6b3177134e7664b41a38e4993b

SHA256
3b7fa5acc8cb984b85af671e84db362a1adb0cfec80c96cb06ea08c96b75f90d

SHA512
9661f7011967b5bf2d5f3c362d7e4a3562c70cf90f8db947334d5168fc69de7dc06937ebf0785216e9b4b7cc9fec27976ad9b4074075657ed5dad8e7e9da66fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
c25801cbb9d9573438ec8617ddf79a62

SHA1
f43a1bf0113f9386b31d5d6a194d4215c9646d68

SHA256
84b5e8fc5cfe84e1fcb29dd5fc3d7e66cc58f1a10f921c33f47af557f7919824

SHA512
dfafb94dca0ddb4692f7edb8da9beb03bf1cf706ad9829125f7419b87acadbf3c67d8992ed67c23e1d472a113717644ad45d0369f9296ad713e27c55d4c1e2cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
5326f8ba9749b2acc3f7072d0abac5ce

SHA1
598ebebafae1ad2b65b88ed26efedf1891bcbd5e

SHA256
b1a410b37ff94b0d3111345f605963d2a72eedb99e287cb7726d7cdb7d919f02

SHA512
ee38c44f696ce3b022c82e93512f2d45e9b512089e5b97fdb259e94975ab828a2881dc689b481fe1c431dea3bf08bca098ac92fe393b7f80988f0a498eb4d8e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
37e40dd0b3b65b6adb5ba591fd4e715f

SHA1
8fcf4feec00ef78747814d4ebc20e3bdccc9af2c

SHA256
a9ba23734d4a6563cdf9c99f353453db672bb8b826cc58668caedb4b92942ab3

SHA512
6d8d382d9bb77c21c28b6f812d3e33db4950f0bbc0cc4a4047b39bd87e9fabcc5a742ed3b4b3f086035297d493e5e4f7956e98b3ce0be2b979ef819b1371ce7e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
5fbdd7b04c58986dfde532a57e2320ac

SHA1
5c76be3034687afdd325812832d4a68723b02b04

SHA256
92b25dcb00f179a5e913cbf489c2a909b3380a22062d343cc60260e798cc8263

SHA512
89a001c6755a089d042ced7f8a65d731d94abebb01de25e8b363cdfecad688d6d9f33b1816d00a376b7e874dc1114ae492eeb4a5a71abbcfdc5b73ba742a27f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
3f67d9836bb19a988836399a787d2baf

SHA1
253263b375827644e2e6c0ffe1dce7811f391c54

SHA256
47aab47c410a78d162e491381aa314c254945becd28b8402e60d2d60c6c310c3

SHA512
0a7d318cdc3ca9b2af5a4c393ce5a9aa67ec8d5379d72eaad98985c00179c27f4634ca2c997d511d10a1e9ad0a14a0c20bd785611d9e37a2effca5befbc8b172

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
2ababd422e08a1136266513e534dbc45

SHA1
116357e5cd56585962d60a6b497361503b48b344

SHA256
d55d058a92b7226b004752f39462eabd0a779010da9356e464917d4754e653fd

SHA512
e68c446c4ba9edc91c98efa170a4c316a0995c8d7f471a070c787a5d0a5e2a0aa6351209795df178abbb2833ad3539810c9d2cf64bb6ce5814f6a7938c8910e6

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
ba10301081b1b463db2f0b0e4bf34d48

SHA1
85ab04091b58ffb57eee1706db7dc97321bd3658

SHA256
0c6f9b7c2b0a8183f1f916bd3220b815410be280922a79c317573c3a6aece77e

SHA512
18b24bad7b4e417b90e37cb410011dc264c358779b4819f060c3e1ca7de5e4cbad20998c708757c57b6f0fcb2499190a106fab8f0cb2a92fa24fb022fc19f235

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
cfc2a68cf0754a59830f98f4fa11e907

SHA1
36fc7d036a3d79b50d88240157d19cae68458934

SHA256
138d9e47f8236c1e82b1a75d739349b8516ced86e7fab11930f4bbfdf4fff93e

SHA512
1cc862a6ac199002b7558664bff7479c3c3f0dddcdf8ca67d23db9688e3aa1348aaf81246223b5f9e79e81e9ba648fb576711df930ad7ef4fdc7c2f1fe8ab69b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
a01c17250a4bd964a2d3b02e18113e34

SHA1
9a5fd44f98e8da25f8b5c601ac04899aae86dfe4

SHA256
0f267a54ceb8b5ae75dce25cd93d621ab9d53d887764a9be064e0e35d359623d

SHA512
a6446f29dfbdd20e1f1c19309d9a9a6ab23913d88716eb13b77332279c01825595862b7cf849ca3e06b3eca35804ab65c8c19471e4197978077927d2585c1038

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
1c1bd2bfa7b29312c5e94f04fafc92e8

SHA1
e3b01c6720c2acc77a113efe14438f6c3377720c

SHA256
b77e8ed629ad86fb8ba8b1cde6e03c9faaa73f69fb0961daec8696f0b240e450

SHA512
96d95456facbc3a6dbd5342836b20bf7dfe8a7403bb8c466b338d471d668885e86b108b02bfa9933237c38168c3654b4563ff12758171e41a35f4c5b1ca7e059

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
e5491ba64fff181f1fe67166f54ea108

SHA1
1d6631bd4950af3af1f16a754936bb8e7f1038d9

SHA256
d36e3420ab53931273b8a6604e200282b0119e902acfe406814f7f33a0164279

SHA512
317658a761fd8b276afbc27084ddb2e76b7bad83b633ab07bae0421d5923a2d18345bd067404e446eb13ca6cff31d2780b0fecf04b0b308211f3fdc7e71ca709

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
789aff2a5418ce66a724faeb7af686e0

SHA1
a79f9ffb6fd7c79a11eeb7349c3d5f3eb3222fa4

SHA256
aae89827426bed27374fe8444c642268c196ff9d40dab5b628a310f5e2aed5cd

SHA512
7b664d8b6e9ef27f6626d5621d43cf621bbf9ced96530f0db37979ed1b39561e169603f71aa3a6b6b7970c5f025c38554681d2c9a446deab702cf4ea4c241fbe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
546fdc6c9255446eac1b0c51bff9f08f

SHA1
2da71a18422cccc5edebe2e12545e1d6c3ce411d

SHA256
e2b4d2a9107d35e1d50789d125e0ddfa9e051e97e56fdf2d602e938031a8304d

SHA512
89083e9f996adc79bc0ac5c10cc3fab7b69095115326ceeac711f9218d756b1e7f0111b5359d99f84d6365aed4cae95c7a860d330e9b268c7dd794487f01a7c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
77df348157f27c165fc78014bc37ac4d

SHA1
cadcd86e4d1c5e8e2df9357cb08285b94f9eb061

SHA256
8685a1b3e6e317c3c778d78c5b2d6277d65b050adf5278ce7bcdcc12d9b5a143

SHA512
59e5bee0b9f03b3ad4b1563d98bb1c104dcd0b1659016c07484e000e33d60d53a922d35f4d5d023095681aaaf0b8f048846984be8583b0343a85ec7ab399eeaa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
e4d9129cc82562033f0b8c6cf62e4dc7

SHA1
869abb6bd11993677a437814dd158f489722dc55

SHA256
8856648e4a446ec741d6a1d3fafb8c0d39355bea3140638b3a5ccafb6ee959bb

SHA512
97e9b4966be2f10d5520427a41bbe4c292010ac352704535ff71c791c07c04d4ed0ee425c7c1539f4dad98e1a7f61ccffebc36599791c4465c4622950642a147

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
92856913e7779c5a41739982437ac41f

SHA1
d2db041fd060002e1771a0c5d7d840716bde6cef

SHA256
222d64feeaa61c0f0523bcc774241416068bb77073dab4af71e5364af9b26ffb

SHA512
b96536d73972181f6861d2c45ef4a45f2fa4a6a82a8c95b7b869fdb483ff2e0586116d4f45adc3da52a3d7f9f690fd609f117ba85135b992ea808124ef6cd86e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
298867e987e94f4e02f5aec6b4532b18

SHA1
382a56fb425e3dda7d81781c84aff21b486f8d3c

SHA256
2a12c805a88d7b4b89509e26d0cb952555e214a79431ba0a4b3f4cb15bb24c46

SHA512
c7fc609f6f2abe9a84d481e191de635402dbe12d2525e144e382e7209118a8bbbef0e3d9e93538a6982896dc3c552079bf52c21c1c87148e7f5bd2c910a0809e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
a1e7d6ef763f98b2f1dcdd39973a5ff5

SHA1
539eb2b886ab2f5f491f857581e1bf8b91554991

SHA256
b75df21837ec54b17e389e6465089c7bdc6ab0db1fbc0e6599ce565470f8864e

SHA512
233bf9927786529d3b98abcb849dcd8d5a9d95a5277038813b6c4cb6e20c43d5797b310295d7d3f64573e970c895f1024f13dd1b1fff4443d85ea21d0744fb8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
3ad2572c59c4eb95dc3aaa3302f84064

SHA1
98cad2e36f9dc24504214d05aec469224ea36e90

SHA256
4fae4bc88b2bc9a755bbae1ad66e7c332e38217bde101504be60b2e9148373e6

SHA512
49441bfa8212636ccd8153e5020f617853f96e1d020d039bf31d916a3d846260e6cfa40bd1a1514db81da046f364754074e17ee06c51442ae2a358a5fbac2f15

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
dc3ead2cc713bb5ffd12d40c0e5fd4b0

SHA1
9214a555239cb7407958448361bc28d8afee6e79

SHA256
ce382c0aacdbaa00fbdb121f68a5e02bafd6445cd4580a2dd267f5bb159abd8d

SHA512
8b38cd1d2531a2ab149cff70a69c784b4907a837675f127b2631d9d64472720ef4b0c3b517850177824b277d41f1a9a61293fc7f343d4764d6e63473e108fe3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
5f8c0091b2c556c1062cc61f202ac3b3

SHA1
3b59092aaa191b054a9365fd8a550878289a3bf4

SHA256
2d5955e571780936cdcbb2b0d3736608e5f08c95e395035ee6fd75ce53590ef7

SHA512
1041b8696624fe39c429cd4bf1a49e69b6e17d3c36c9f4ec194d39c44446755c3eb537c834da50c71ff0e262e82168b22598e276b3a9faedfd6557315f1e1654

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
2c48d5f0d88b4c46ba7f61c26741f1e7

SHA1
aea7064b318a5cdd1ab0b62abe944c1fbb291197

SHA256
eebd65cb5bb931bd0d8681aa4aceb134e522148d2df3e3e8240796ccb4e7835b

SHA512
138701ceb94ff1471e6ea72c45695a70f7eba152731ea9996caf671fe7ef5166221b1b1318bcfc687640097f0504e91f212ae6f2fcfd44f37b757793609fd605

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
59a703d6f04dbf2d84b2a56bdcdea5e7

SHA1
fc3afb49c233e4424d8c16f77a4733d194d63259

SHA256
24f52d45319a02ffd77ff3ffb6ca876798849c72645d2d508996bd1d4e393531

SHA512
23a31dc38bce22c63e686f142beb05bd8c847fa4a5c9d57c6ad26a92ef41acb7003706872163f31f800b9443b8ef0003d9c64d852441e97699098678ee95b411

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
195fe68a6b4e2bca466d0f24ce144e7d

SHA1
7e12c49f93aa00c50f6b78639296c3abfc207d8f

SHA256
571241e9a27c173d265728d936c8cd18c0de27f960500c6931680ef5cb267c34

SHA512
932ca722cfb3c5afe69d02e7eb112a74e418eb87947b7536f0ff4ba711adc0a532eeda26362e95465877e3538fd0575fae1ed2c9d7c1503e92ee5cecd1c72867

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
cbcd67bf496ffc7666446dd8cfd8f867

SHA1
33242f5e0f8ca9f114c75fe4db0ed8aa70279d0f

SHA256
1d6ba244e5cfb657e93c48dc7f84a5e81b5f1896e46d280a766e950fb5a56d62

SHA512
058f33d5741071c6275cc5ae1706afa2a87374ad74d67dd61bcdba65e08f5c6056aa4f7aecbde8e85f2ca0732309a0e604d5d178ba22fbbbdfe799912fc5a716

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
e5206e6fd8884bcecec87d12860872a9

SHA1
cecf47596b59e6cd05bda742e6dd436bf44abf0c

SHA256
a2c812471edc803305b70675b4c3bfb883f49678015e224ad5f1f903ae9b5cd3

SHA512
5550e1dd5e89b2e1e451bfd8a29ed644fe746b013f0813ee362a769b82c31b9c44be21c074c1f1ee385adf320416a4bdae89aad98dd8bcdff1bd4fca5277acd5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
5710f630a79e27cc4b3fe0a5c73d06fd

SHA1
d7a0a528bd350aeb6e010fd2d19c96a809736dd6

SHA256
6d367ac2ca847d646a09c67e6dc0bfff4fc9b6c9234f666647613d3e8129d19e

SHA512
7e28c5090fb80ae292ad8d3727a532e6a90b54eae4732191ceae143dbb8e1e3b724835d744eeb77093d7717419ffb43c3022bfb9c159ac244ef0206e506b4c97

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
7564300e99716e9d3653c3d44c8ef475

SHA1
22a11f0cba5e96bc14d48d7d9857fe34ffbfccdf

SHA256
40f1bfeb3870ea665a94f237b09ecef2a3deccd121cd06f39ac2f74d633c579c

SHA512
c72d47e21af66686e54e7e51008d834ed24cd441dcde3802138494499a0d68a87f3bfe214f976079d646386aeac77bfe985733cd55a5793316adb9eb01547919

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
c483718510a9c6cc62fe940f200b4563

SHA1
d80c3b3beb36f20a772f48353618446c34980000

SHA256
2f5bda2d05581bf395ba037e3bc080a076f66606885c506c6461301057c13f5e

SHA512
88881bf0fa728b78c68da749058be312843162475fa6857f597f77195ef3e438e25ad1ed62f3d0115b4d6cf005147b58e2bd8760414a67726e47d26631ff3658

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
500428f18af1faac87224d9608c90b34

SHA1
1a6f890c4fb163990f740a605c4a5e8309ad1a9f

SHA256
1c0ff3261a54e766117e8487acb14899b9d16f5dc1ffa0fff9604d2ca28c1929

SHA512
b2936910d3eb54f72a162ed33125c2176cd8af96d8dc6ff5eb8cdeef5cbb283e5e3d508118b2bf42a6b3230d3dcad0caa54b8e089c0929d71f0ffca2412bfe12

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
0335f1a86a2e94228c6d32832ec4b2df

SHA1
d4dfd1d009db1733ea98909fbce83f7402a64440

SHA256
4b92d1ab4bd407b019ba4fc8f981d8f5a28e57a386b4249b81e42255dd1942fd

SHA512
ccc8fafb8313d44bb2a7d959b59193050618cd6aa7a31eb9eec297c121efb0c083bb28779f42a5b78bd4f312a42da9e9082e114be9a1cfaad22173746eabdee1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
13179ae824c6240e6e62bfbc81357a0e

SHA1
ba149c1d6d5425bfe51ebcf3b91bf6f17fdadb00

SHA256
a16619068218388fc53f60833314a913e552c3e283d0ef71abde7d017aae266b

SHA512
5bd26bdebda9ee70ce74a4f7de76a391cd41673f3564164b94bedf198200161a13e83cbb6b8586d0bdbe47f9b38b2f689e49eb1e6473251da204fab9dcc503ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
c33bdf796a1851a8b6446c99f6e27ec9

SHA1
1a4d3acf49df66f7733fc46da3eda5c1e55fe402

SHA256
7efa0fbe4ac2e54f9d7af6440f6481f04416e639cb0c1cae5421b809df5024ce

SHA512
071b1c5db6d56551b8976099f3430d4202a39e2dfa751b34773a354570e1eee3d291e9f9371f6f7e3d6f636bfe3024572293e690e0a72eb9ed5411ef2a6f2d74

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
1c93c577b9842ca521fb50530c179254

SHA1
59e69273b6433ed93aaa2cf376a3451d298edd7e

SHA256
a6f8a5fe11b1e567c63e6bd6132cdf60891f9326a5bf3e83290ef85d1399b675

SHA512
31e3467f4155766999475f8d6b2491bb9cc72443424e3ae4ff3f23df7959aa98a66506af5f24902fddd27e6f74f8cf9364bf8ceba6296f5a45a8022666249d67

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c22a07a0759d03ef875ef65f9ec17772

SHA1
ba13a6757260bb46ebd8c510d74db6220ba21b43

SHA256
a34d1e0ca52fcfb255f3924d48bdd32e2e1aa4606d706203081aaf84d6346030

SHA512
d264273d1250e4c6a979ed36acb7cb62a0721f45b70db7a263bc01554289b6e48d40755e1af83b3a97c91608ab1639dc89e86230f8e6729549cfc2112061b9d7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
2a8899f2b3556c272e067216e586f2b5

SHA1
dc7abaeacf52478cfc4dff17797300bf7ce7a0ed

SHA256
da3b47505e1a46d11b333e5fd3ff16211179847636dc3938b1bc1954422dc40a

SHA512
6dd0b3c78e7c805dccf1b337cbfc7d652c1a4daa243ba0915fd99f483e774774b2e02e755b35a20ff1fb3e251d497a031cd7379e4a51f7e659b88d62404ab654

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
6e26f60cc1fa1746bb1866f365e06930

SHA1
2372351ff091a54f3641e5d0df5f496af55fef37

SHA256
fc91480733586b083b84cf70d83745d25fe349cf290a2cb715627d99e15369be

SHA512
0f71e49329b512435892ec95801ff2b8d2c77f1ce1e19210cca1de9e2c70e8ac447cd23d5a93711eedbb62fbd3ba6f5236061cf6aa3cd33aab809258b0468657

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
0f9fe72d40c2522507bdfb4e4a55de2a

SHA1
cedf697b2cdb17979f16e87a240e83c7b83b8ccb

SHA256
a0ce5c11acee1a6cba7f75e678889362ddcbd07178187eec09b3ca115fd82576

SHA512
bd74cf4e564281e1f64140f3ca9e80aaeeb661ab3babd4096fb072117bf067dd5f49bfa380a52d1317f7959726e9c18f4e740c994ace9407881acc7569266ff3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
30df9c34f0947711e5570c75b8e1e1b5

SHA1
4d546e3b33ccacfa54784be1375c49413cc9729a

SHA256
ee865721338df4b9d908800df47d5841494a8aa277a983f49a11195e561c1352

SHA512
31c514d7f7d3086e4b316e8f5c83f2c285a4b03d1802e42034e512fb3649e120a7d25b2dcf12891578680e06a49c13ac686affc46d0ca6f7a3b39b56873d25fe

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
a145e8aec84876ab814281b92dce7ed0

SHA1
ad5fb631ed7bcae5076529928b16a54e4e433928

SHA256
a85bf4ea49761115d2c1d5da6cd617f961b6a9610d4cbf445438db2114c5d244

SHA512
ed0cc0d3e298b9bc894421356c07bfb1d76b2b0ffb684e564eba452d03edcb6eb4ceb76dde3106b68a07664b52026931b1fd1f58c6350dd40c3eccb53389478b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
3af6a0c61f683b1b1656883dd821ede5

SHA1
6eb54ecdfa262017f7aef46b3926252f33e74c93

SHA256
d502ead49dfd2daa9abea4a0d75705870d7596872440bf88ad3fc2ef606f15a2

SHA512
edf507774a6d8612b77f605a0739672b3f626254e4e8613d7f77bb6b8779b6d670a2597323afdba32fb4a43130deadee3a817d5db528c79b35a4b62a851f83e1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
40206ffcbc70d4a2ee7988b34cc632de

SHA1
fc309f8b37c304d3e76ef3364f49a0e436afa028

SHA256
744a1e8bc3352f48607285fbd698549450a85c6e78984c955e6ce454db7e4189

SHA512
3fc1c213bb891118c839773f1315343c8f86594887373893d2f59faab15a85f4a6f78b6880d7309dc7e22bcaa80cefc31902cf0b4898f9f25c9a52313cf8d6f6

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
a2c7ac93b4241c4726d4efea4ef87a4d

SHA1
47aa635649df786d9ae134c0c213796439566960

SHA256
e53cdf272c6a9f2b6be20327fb8375dc7c1a8efe2a66dbc8e522118a8b928a88

SHA512
ccdfa8a9a63c0c597fc86f4bf47ff5204406731ecde7451d827673e3eb52ca072c6fa52f032ccdbae37d341c4cbe63b8d104b13e1414f1f8f7ddaa31f5431fd1

Download Submit