xorist | 9417116500643733e12421c52f9e0b0a7b47e8ee54c27e40ad00864de1d5fc96

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Size

49KB
MD5

5e9b5b1d952c74996c7f12dba611f205
SHA1

10458ae6b4a18d93301099f66c7560d2e2fb2d4b
SHA256

9417116500643733e12421c52f9e0b0a7b47e8ee54c27e40ad00864de1d5fc96
SHA512

534853e14b4c28d2205a0251bd08b22a9d7e40dbe13035e983f85990af212a713682ac536200ff3bbe268f2ec376baa291491d56748b4d00fe5790633be94d14
SSDEEP

384:nebFNw4Pk1itKkpAjjGF5rm0qYvjS7kDCgShqNVg483rXRB:n0FmBkpKjGIY7TDCRtbXj

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1368-0-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1368-5263-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1368-11216-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe"	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DiagSvcs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\CHS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mouse.inf_amd64_822333b41326bc2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_bfabc750039f8ac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_93b84ecb5fd1cc85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1368-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1368-5263-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1368-11216-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-64.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.scale-100.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Google.scale-250.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-150.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-400_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalMedTile.scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-200.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-36.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSmallTile.scale-200.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-48_altform-lightunplated.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseEar.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-200.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-lightunplated.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-80_altform-unplated_contrast-white.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_altform-unplated_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_icons_retina.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-200_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-200.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-200.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-100_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-400.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-72_altform-lightunplated.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\WideTile.scale-100.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LargeTile.scale-125_contrast-black.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Content\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_es-es_736c54cec18fa7b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-at.resources_31bf3856ad364e35_10.0.19041.1_en-us_1602f24fa128b787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..vice-classextension_31bf3856ad364e35_10.0.19041.1_none_72a2759b9b5d3bfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_15bb9e8aaf5fa977\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.web.extensions.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_34b779c224cf0e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsAuthenticationProtocols.Commands.Resources\v4.0_10.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_466c820c47068fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_swenum.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_800f9bd43fe53628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_de-de_9b83bee62344b113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.546_none_85962dc4bac043a9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_pci.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_91d87480a41b57f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_10.0.19041.1_none_481addfb5cac00db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_en-gb_3a5aa599f86780e3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngshandlers-devices_31bf3856ad364e35_10.0.19041.746_none_034cea4b1c0ed3b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..phandlers.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa25e1e335f043ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_10.0.19041.1_none_19c65ca7cefe6dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.Resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\pdferrorrenewrentallicense.html	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\logo.contrast-white_scale-125.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\AppListIcon.targetsize-48.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-certcredprovider-dll_31bf3856ad364e35_10.0.19041.1_none_60fe3ad7eec35771\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-themefile-aero_31bf3856ad364e35_10.0.19041.1_none_2fe4331ee906f14a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_checkered_background.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..framework.resources_31bf3856ad364e35_10.0.19041.1_it-it_8a6d66f827d999ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.Resources\2.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a27dc45332041e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_10.0.19041.1_none_a0bf101f014dcac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_a957ea8f6dfc58ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.dtc.power..l.scripts.resources_31bf3856ad364e35_10.0.19041.1_en-us_a0cc2be4ce23ca76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_10.0.19041.264_none_0ce2bf73f5e3d0ee\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..l-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2e52ad85dcd1bc34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\WideLogo310x150.scale-100.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..outercore.resources_31bf3856ad364e35_10.0.19041.1_en-us_f761b9139fc6ad53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netxex64.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e00e6573d8284a4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-system-user-component_31bf3856ad364e35_10.0.19041.746_none_4d87b42ccdd84ad5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-14.htm	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_10.0.19041.746_none_a889d2a595dea698\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.19041.1_en-us_07ce13b1a94968b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_10.0.19041.1_it-it_952842230f15c7fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ad14d3163e41a68d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..filterwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea765d99be98043f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-autoplay_31bf3856ad364e35_10.0.19041.423_none_8f030a1a80df637f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ility-assistant-adm_31bf3856ad364e35_10.0.19041.1_none_d544987ced1d261c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_rndiscmp.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fe24cbc32598880c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-application..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_de-de_f629133fd3287051\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..n-desktop.resources_31bf3856ad364e35_10.0.19041.610_en-us_17fd4f7135525d83\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.IO.Log.Resources\3.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..nt-winproviders-ibs_31bf3856ad364e35_10.0.19041.746_none_bfb4eba6b9f575a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-registryidle-agent_31bf3856ad364e35_10.0.19041.1_none_d55e4952883a3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-e..edmodesvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bcd9c1e71187560b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..hony-phoneproviders_31bf3856ad364e35_10.0.19041.844_none_c87fbaf3835e2c51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.19041.1_none_23bb28d0952bcec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-ftpextensibility_31bf3856ad364e35_10.0.19041.906_none_c1cf767a9499fe30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\currentLocationArrow.png	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_10.0.19041.1_none_4fc2bd76874a036f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_10.0.19041.1_en-us_477355286d9a4b82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shell-setup_31bf3856ad364e35_10.0.19041.746_none_baa8c7ca7cd0355c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_10.0.19041.1_none_5f0132d8aee083d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_10.0.19041.1_none_3843e82b9fc0ac90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pefb7a36b#\c517b5de3ade40af4b13e1c7de729512\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\ = "CRYPTED!"	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\DefaultIcon	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe,0"	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2EHJcamtxIdguLD.exe"	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SFBIKZOHTLHAAWT"	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell\open\command	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SFBIKZOHTLHAAWT\shell	5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5e9b5b1d952c74996c7f12dba611f205_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
baed12469601a92e115fad7d9a83fdf0

SHA1
29acb359a70f70e6b10eafa5a369cf140aec357c

SHA256
f0ece64b888af9372c15f931a68b3405dae87115df1f7ae4b8cc58f3ed11e699

SHA512
dddfe89171c515ead9842a1a723e7d67298e9501d4aaeb65bf24f3f3c6868c59dd9c20272a3164f59c63f6a2c60cd1265be96e2a0858fa96f46b10b79bb60441

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
0e8cf2053da57f16a3b8fab2e6c69d61

SHA1
2a8fe0a3fb934f7a55156815b30316a6d21d1cbb

SHA256
d3d3e5a5a82b3572a2a519a4749711aaaece8fbf23e8e9175b096e65e19076ed

SHA512
4a33f02957c64453abee55c96cdfec897a2b9a7f5cd94314cc07e26ea43ddbf3d520b2323220b4f192fb562120f705b359de895d1f00faf2f882cc7ce0fa7b8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
7f185b71a05b02424898203e53477375

SHA1
7782dd065c080682899162ac08cc7fdff46b7c2d

SHA256
c1b0e98956d31f7836022e136a4f0004f457184f67d4ed0fcb0499206c25d8b4

SHA512
984ae9f331988f7ba08750b8f2274de9ff7014471be48186de6e14d444d5b2d6cef83901c9944934e9d1fa926cf109c9ea9dbc65742a92c70ce96947e4641d4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
70fdbb3c31363f01e5b82e3837d80b50

SHA1
b843fa58e836fc25f72226f62f4ea32a256dd829

SHA256
4756f0da7b0bf23c540f4604d8abfbebbbf7a6d8a4ca573b3be0c782ff133126

SHA512
c379515e268998fbe0f2862b26c014964087a7ef20e29059c9e04223b42beb6733606d0ec735e5db2f09371f4b579e37b8e9ade523ae3f58a4cad207b91e561b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
418ccc874240a4008157dd630aadcc6c

SHA1
d6d20a23fcfd2e12bde128c02c9639fcd70a008a

SHA256
502c00838c017e2fd57d1b4a6768ce917a698609970f0738b64648a94f174a92

SHA512
a562c21346afff4cf9b752a12c8a84b2f47ea6f026a23d6f72e6f2ae2be81f5302f3a045ddbfa9c175f28a3838665c6404bb1cbea0c7fb33f3411e0a4132dc46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
a178b901fb5058c2f75b9f003a8102c2

SHA1
66151f34a004039d714c44645f45ab02d99dd0ea

SHA256
82e283e72cf09f53492e2ac5c83deaf5f8f166e4a4291b2a73cf371870ea8114

SHA512
d44f9ba178eb7a0fdbe078b63ae1e3d7d3df1334f4ee8899cd6980d0db2680234bc21a1d9406b59ddbfafa810529926c3dc82c8c9b4bff19f29ca9e2c75fcc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
e642f0932583b3006aa3e5041fb8981b

SHA1
44b358feef893ed71d6e82eb9c8c628eaac39acd

SHA256
7bb71dda3de268b925a38ec60fafd5d3f0e2feecf03e133df780fba6a1b9dd5b

SHA512
90655b6fd45a67ebd07c80c43b7d9ab8d99ca90ebbd4ea29b992ea82a078059b304dde79a604e36de282af70360f1275e51bd0b94105c7f3d2896d21775ed3fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
8dc71c29797a7ccafabbd6a5db8914d2

SHA1
c094f7f76919414c4151ed42bea6ac15bd77bdcc

SHA256
25e00dea7aad1a85cea62621a75148c6727595951dc0ceeae09bcd10f8cd05e7

SHA512
252ccde06ec79b2443cdabdd23b2af3d2c9c7876ea723b28baf5e8c5c20ef8caa30de3057aaaba4b4057146a630363bd747bb800cb584ee9327f8e44dcb294a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
4b384dbba86fa35474ac1fe126f53b9a

SHA1
c337ef8a473dfe8120730ff76d9722782670c65d

SHA256
11ef7d00563eb8a61f8ac235e5a1b716c18b077a8bea343a1e05052f5a1ec520

SHA512
680798fdbdcbcfa850bab1402c332ade28e21e9a350723963d3257caba991267be537f249a37eb34e9a4babaf5ec0eb038678cbd5e8f4f8fdbf96a1aa6f73be5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
c7d1ee0f4ebc7a4821ea0903080d195e

SHA1
ca75d84412a6e24bfcbea879b9f6b86743c129ef

SHA256
8732b93f9235fbe74b05b5b723c1c6319e8fc986f2307b9b77ea74350fae4561

SHA512
51f9f6772e197e6bd436e7a34a79b0a556734f02ffd2f9fbe97446030ae9dd162227a62ca97411e01f5fe7b021282b9384deb8db100a880de7d7122ac80f6aea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
89fc2f58f37f57e360daefa69ffb341e

SHA1
c9cb4774fe8ee741abe049c8f0c8d326623681b6

SHA256
b5dd3025962ad0df9d438d801f1cc4f90a2256396666de6ef6b87b602fd709ac

SHA512
116cab58348f2080740d19c5596893fca4d751cdd06844480ec1b9f148cccd2f66a371e9b8357887608a1294e197dfc71a5508df979119e77e8d4db09de1d6b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
acc3eeb22dc9f0f0c5f68f393da2670a

SHA1
7e54b9613c3797b3b113423953d8a6ae9638097f

SHA256
7bad535c45ac6a97cc6775746ad10c1bd417e8b11ace5e30f824801acb639e22

SHA512
1a20872fceb7d19114ae747dd4723e66fcdf71401195080b8b23dfa5d741467c4d2bdf6cbdfbfb3c59bfdafbcc5f796a1dbb30e4f04d0376d78e2cf4c1ec44bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
cf140bd1fdf4aeb39c66afbcd7d1c7e5

SHA1
beeb2e02ff48899e17a633c91d656c31f4efe302

SHA256
95361c768262c38f862e76d64d691ada88cfef058325a06d096f05049b9d45e4

SHA512
5efd5f018c4d6ed8ae41e6b34453992b0b4e9f8967693edb85cc79032451d7cefcadfaf87e79a4c05aff20df2708995eff1d73b8eae0d7d7f1ae7495bdecc90c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
d9810aa1ef6da0602ee5ef6ea8a7cb88

SHA1
c65fc1d005d4746516f9996c5a58c4da4a7d1a4d

SHA256
236af6a386b8c50b48be5e419ecef2f77c2700ede8958aed7d114473687c1ad5

SHA512
94623db220678a07c0af25d2a4b85b5059ff3c5a9e418488f9afccc24576ad7d70ee3f402f3c2b6bfeb2d13cca972471f1c04fc5a8119e8ac2373fb37428d280

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
299ac3f9fa6b8982500730982ace187c

SHA1
3c5e400474a7e75387114a73e927bcf7850afccb

SHA256
c933b58c816179eb378eba98ec412e4332b68a6d5872ffab1fd2eb9729baca4d

SHA512
49a8afb33247ddae5a29ed636f30f27fd854dac2b1535da049c0777f40189d161ee14e5fa90836a959317836feafc9af0707daa767eb14875b394895f2ac027b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
a55b5b2989784ce6eec42738f541a02c

SHA1
110131f0a8a3ce18442e94696fdade09c359abe5

SHA256
183be27c914b610fb024193129227caa2eca266de5fd0f9f92eee80431df8439

SHA512
6374ab85e82fa5de018be67d1eedf61e078ae43f558f491f8d1b6bbba28a88be2983d1bb5175d42566bccd02c8df546735ebff3ca9e85575f9fa1a5d2af04f75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
8c976fef1777c3474dec324c9446a6cc

SHA1
11a0930266954da53d070dca083fcfde88261f15

SHA256
df125ce6556bf83d2093ddc278355f14c87982027f556b4dfeea08b556697870

SHA512
2b5ce0d0f06ca37192b6d527e2b2dbaf0a3328c423c0105461d5baa4fe57101cfd6a7dcc5bc467ead4e5055824c619e1b5a7dfd95693999f15c29e0c72937c87

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
dac59fa870cd4b8c008d0768f5732bab

SHA1
94fa575cc29ae4882d80e2c798cf2c6bcea046e7

SHA256
3d026309ee2779816a15502e04af2766f67fa77cb4ede486fd212f057e29912b

SHA512
7e858e2c33839eda0605d2cb7892ef57fafd7a5d145a540f11456e4b82f6d91e4cd900ab275ac291bc3073ef1e190253be94ad7516b31a0ed3f5f8e78088618a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
a70d60d58d1aefd765919e45991f0504

SHA1
f4d39bf01a14a109f70d89e4c16ac89391102452

SHA256
96f1d3b91b3dab868b201d7594b2b5440a8d100726af4f8314fcfdf83cf25908

SHA512
2a4ae53baee7395db96d7bdc420e23308638f84ea1bd72d01d8e7a0965159242eb84c9504b025c82828a4ca1cdde6b1e275e6b80053cf7d5bc765c507a116799

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
000e51a4cd965cb701f2b456c8bf6147

SHA1
5bc5d4648383830aa5de74043f11a6f882f11132

SHA256
8caf8e822c4ebdf0c6e0600c896cae3a45f3a3c359757b702a1b81fc0dbfa9c0

SHA512
1e172fb8b47a2232015852276101d3bab8d817bcb955d533b24db0988b96e20bd4aef2affdfc65e77f7c4b4a14b7c61ffe00824da9499146409d0512a2ee2522

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
7aba9c4768c3cb8838f615de84ef4978

SHA1
05ad94f042b5be04360164247fbbed9b20b41aae

SHA256
584c7f0abb9ee85e6e0b57f0085e68fd6dab0cf42cd10b6d8e9ac9b2b4cdc53c

SHA512
c4a982d08626bd77280d9b30596b98efd84378b3a7c9d6eaa60c12bebb2c5c978daa07651705b73f26f4c073a714e005aa9a7b17bf2338091edceabca4af9a96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f194f21e2ac6f87e632af4c9f6789300

SHA1
81f45a2daf13afcf3793bc3795930e228960824e

SHA256
40ca14c7dbc7c13840329a5e6b22ddbfd124efc091677e995b14702e72bf9bb0

SHA512
3df785fc9b7c26194f6174bb6260c5d25175d002ea77c12085db011eb57a81d94f088750b7c27f27adbcca5d0529b1da45895e9c1704b97aafde959c2f903cc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
f457fd8f04a3d18c9d3af186e39043bb

SHA1
7e1dfaf1b716a3442cde824adcee12996f2df308

SHA256
7ccbb42a82326ce099e98ee087d5fee1ded375cd3bb8ef0bf7915adb51973e68

SHA512
9b3376785e909749a20c8dd55b91fb84e8faaf34534c171d51c8f29c43f364bd84553193fe1034feae35df0a11d22fb7662971423c4913f3d30d9679a1e60200

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
389414bdaf17d3c2648113901fcab7b2

SHA1
67d7acf52573d99fbd3855124b9efcbcc5bc06f9

SHA256
e15a71e6d51e42ad7917cbb20d6e9ce1f4bd2e0bc1f225f59847660660e64c46

SHA512
f421367bdce2751d2ea8025842d270d4b5b332a9f5c650ca9b6f53a87ae71e6fdfad60e690e3ff1f6376bb84f2ebaa0f3edaca8046894ba8d71d6085851a9e41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
90bd4f2b5c94f63a6beee4c95fa9c0f3

SHA1
1d995ad25990f62b35e6997d9ce0b2e43f4d115e

SHA256
e8d2d48cca68e61a2bd2be4c048c9d03ece0cb12503a1754641bb3fbefd88817

SHA512
bf9694e5578ca3fa06ae599b2a3881e5c6b26c9dbd8fec80daa1cc7e70edb25f36fbcb69f354e7c77ec852fb5485b01162cfc1ad78a562b09f359a23006e008c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
8e888b014803dd789e7e224f3b28e487

SHA1
11f41ebaf95a8559a50f1806ef4f3cce1b1a494f

SHA256
59957ee746c6a6c88fd57e1b6c9192adb04e3956745adc9306b753a0a57afc3e

SHA512
76187d69bcb86005bbe3bd4ef39851c1e8de0d8a51e6c5b821a2043f1b5c447b8afb73ad937268512395ed067fb6738c6a223e9a0155888275192333ac6d6582

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4c886d0104ad0b49ae9cdd756b724b14

SHA1
c60c9826e3ec9ded72f5eef7f4550e1d5afd1d31

SHA256
f2967bda87362a48ba2f238431d32aea97e7860ccce05c1f8815c981e278adb9

SHA512
1f9991e3452b7c07de7e39b79c02186f8715192087bee14d0765e68759b79bac49e60854ad40f020f9f7d720eb15b451e4b3c2eaecd7e0e64431129335900fde

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
837c8864c0a0781463034923a467fe0f

SHA1
f0b70dcedcca448f21a9d8e5b13fbe85f2ac06c2

SHA256
0fc84aed20a340adcb37c03793ec90259e5045862adabd9590ff363674382b2a

SHA512
8fe902e46d5d002da34be36bc24fca68f6d95314af568be0b096eb1c9d0aacb0dfbf330919bffb3e6491e05b25951e68c54282fc430e811903edbaa351fa4bbf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
895d576665e8fbdadaf36a16a4de0dbb

SHA1
bf3b5d01e5ec4a4db30c011cc4d1e57cae8f1444

SHA256
60434bab5bd9ee20f5f20fd3d6b9bb7ff11612c4b88b62d81d39309bf5bc8656

SHA512
e54ccf93a0f164f16f88edcbaeed3bd1f81bf395dbef64b676fb31d1e01feee14fb0707439d0454fe66c7260f04ec66a1c80e14ad916c0b1cfdf7e54a5a03ac1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
6e387bf8b1923652060ba615bbca44c6

SHA1
338c0781087329efdcaf19d127915d4c0e80c2fe

SHA256
9b8b5be9bb3e5d88364c45917d2dd36b594bde8317fc0189be1bb61ec471cef6

SHA512
45c2b17e60f344bfd1d34d20777c2a2f5f7d61570fad30c0b49435dcc10728b0cee4df1e368fbb1f4918520e4803631fd55278d8da32228054447dd6bed2e526

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
cbb737ac45828e36db882215bc82b836

SHA1
506566c9f092a06f69e54aa4dad4a8bbc0f8f308

SHA256
ae2c05ad14b4b4e80779251ae2c7b7345c6f83ec3c61d61afb8cb255fbd357d9

SHA512
1c02f5a6373e58ec2b2a1f7a04d46b8134d21ed573d6f1004ca830a4fdf031b05fccc5ced30e16fceb50620713047b3dbb5411d48da97262da23e278a0fa588d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
ba9b363c997550136dc93a5b5af67bb9

SHA1
7e2d3e8b4bd394968c0663fd18da880ebe1b0cb3

SHA256
6eba4c153f3c2b78d216e5fe213500b77125054df4b67d3d6808b2f3322f3968

SHA512
2cc23485f028ea06b0e1ee9887b337895ed9aab833340d250a47776e7cf35f399e4f2512d98419ee8b718b7e760e5086a8698f057a9f75c710f4a34529c9cfe3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d9d7316872b4692ab6c1772bf38c7d36

SHA1
4cb9df8b308135237e25a0321c48498e97c8bd49

SHA256
3b89548c5e218515cb523ad3faa8b11730f1b678a2f13550defc82612c02126b

SHA512
fd4a511daf39566beda5817f418bea6b392138c837f99140b5b7e915699732c5dc16fc1170b0496d0bb71551cb1d2f9b7bb307f7221d2b423a898f22f4b03f57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
4aa31ae4735c43fbfa4139e619a0d890

SHA1
3552c1ee84169549f8fffa0959e0b9cddccb5c99

SHA256
164f20974c2a94d352836414bb9ad87222772ca0d3cf0a5209628571ede5f5a5

SHA512
ce73d3b8faae2baf296ceae55782dbbc3805673149da77409fdeadb2a727a6329ed0726f25a0ed70e1d9447429a20a9d3d4861193714e29fa38246429316f336

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png.EnCiPhErEd

Filesize
6KB

MD5
0ae841df968d3a38f871cebc1a84f641

SHA1
f92dcd9a2e802265ea4e38a41ea40796fba105e6

SHA256
613143128b842977f727413867dbc37ddbaeee43a964c4889d08e49a4b463bec

SHA512
91988902460db705ca0dbd181dcd1f1094a69ba4d0ab7bf30c1580cabdd6fe3547c4fa3578ef3f4bf4473b82e35d4bdefdf6b464a218354ceba4bc12feefddbf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
6c7b19376aa4a5de8518e62cdc8fe024

SHA1
9d6db1183fa2dbf15d1237b09a79b6b5d2c638e0

SHA256
45c645f532cbadceb0b449ca6a3e7985a751d500466c85f092bc7ad6b4d28bdc

SHA512
fb32c9778c6348480a57d537cb9141ea074c35b56d852889aae957680c359bc178f0727c33b8d1572cd4efc9aa186c64b4461fe049799c74916aa9201bfd5f80

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
2c8259928b65acd198257c13d46b66f0

SHA1
1aeb8ca72d5e7ac65454359c8b8b51e547daaaa7

SHA256
47db2839c8d8131220c83e2d7de23733d909492850e45fa5d37a501554aa8b41

SHA512
9f5fdbd932d299a0b2b6dd09572d0ca258368a5dd8419b38546861c9ff6db865c488d8ad5a9010ffa520e2acb9ca2dae895d6fb3174e96a563d664a055c51c90

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
7fe7c5a6c0bcadc05e9a2330186df6fd

SHA1
855764ab6b420c7028eea2624c06d9b221b39616

SHA256
af5d8c78dbd4eea011b1d5309bcdc2f62c2cba9bf88ebdf57fc0382d46e2c817

SHA512
5826bff51fcd8f4c9846a4adbb0ef9b1277e0f10e9d8145e0e0d8c1170e5e479fda410c769b9ac0981b34ab0358e7322a06a3e77dd330a11bddd8b03c69bc399

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
547B

MD5
4fffbbfd3acf0f76c411387b8c4d117a

SHA1
4ccbd3276e820b4130811fb3f3af25cecba1545d

SHA256
1ebb197d26c10946d0940d6ff5f2c32161ab0df5e73c84ba00e68937010bacd4

SHA512
d59aee6cbaaf49ad727d1c709b11321092101735199388ee39a87f45a5b9b10e8dcb5082e1546c8539eb102e30347e3aba9f19cd1e368617c8efbc1ede0e30b3

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
1812bfed5b7bedae4114d78be29ef59d

SHA1
08f6f4e3186bf9ad4088b235466ff05fb7f9cfe4

SHA256
db8dfc46121fd7b69092562b58de21851f8d88c231e73ea416846a161e144a60

SHA512
92f21dedcd376b9eb10108f90f3b936f60ce7be583eedb2eef257aa1f98eb66983a349f2714925ecf5a67323a040ca15a308c62add5e8712b137ce788a4ab9ec

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
ada2d6f903da834849b17ecc1b0c7a4b

SHA1
32f8458e689e0bc88c37f29a6a8468a7778943e4

SHA256
496c815332f77d02cb6a19356cde3113aa9b30b77332d7ac86594af952c494fd

SHA512
6e94e701cfbef67cbe9b62e800c95141d7b6053ccc96b2d7f93539328959988eb4b17845616e19f13df7b3c37400766db5242bff72a743c294ca35f60ffaefa1

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
4a388125b28527e074b616e132c4d5dc

SHA1
93890905fab42af3cc938ec51a78f8b1ef1fb30c

SHA256
b897d2662500588f5d34a2e9c0b8c318efebf96d78655d9fd6412b91b8998842

SHA512
240b4d0b7db3739a86b5efbb7b81f9e75ff11f73d2422daff1208d50c70a8acf8468bd5af6dc9a318a3f0fa330b0b868d5a9b177812020f794edb6147c8d7c0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
20380ae0495d38a8f390f21e79455983

SHA1
64034bf08e2444a08600853755af93676aca1462

SHA256
a91af682764bc2952d33f600e131b1e74040196cba00f00bb35041b25be90e0f

SHA512
a75cb4589332afe8a0ee5df0cc22f0135154eedb7f9b2028140c1c824bb31df74121881d5d4772a8e27aef54f85b24207852c85039a728f63812a9bdbc1d8410

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
3d0a21425658538783ef06907dfcac86

SHA1
7556bc4ee2faa69218ffb7cdff4645fafd886692

SHA256
5f0ee357c4c67b70f61fb6fa16c8e928f0c2bdb6b8a26f5fd05a321e1dbae957

SHA512
b1ce713400c8fbae76d098cd77c0089cb8e80a9dcdf3f4d63ae0f5ecf1acf3005e059fb558b37e8f01671e499ce8c1bf04c126ef58e17eed2566210bc0157381

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2fd34fbcf7540892cab95093da5bcebe

SHA1
ed3c86fd5af0d6e58a1171a8583c8c3cb1d84be1

SHA256
30aaec2b08f3291da76d1596d5936b37f3d72310cbc7a4bbc9050a5f6939c33e

SHA512
d9968aba739ff8d9abbc0c24172c3f887498820e498ab9149b7058fada8f1dfbc4d68a6bd73476d78311f526c98a4993dbf72a1fe1fab3315dd3ba70848ff3bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
0111194e1e38d782727b2a848383b9e7

SHA1
c8f46a9467eaf6d4cf46641af886ba4ea089612f

SHA256
2c32dde66605b479358189b07542a6a52ff6e79f7187e4bee395fabaab039131

SHA512
87a130d3b8b6aeb00a2a0a22ef636e1a20ddbc69bea41be31bb6bc8c0e281eef835ac222fc2437e55bc2f51cd6b838dde38fe84eb91c9fba5edb908865bf77bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
0abc1f28884e6833d17992ad1bd14212

SHA1
86cd78862eae0da977a7cbeca23f29d827229445

SHA256
2924a831a99ab55e1d0105062584176a0691d545ce73b7f53bc2a862620a01e8

SHA512
86e919cf4fd7a22987765d3b470a56f0803f0f513c0e9a20778a7671dd721b04bb44cdbb4265421e32cdafa8df96ed10eae544f29900c67ecfb41b6298192e2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
8665f811737d72fc3454706a4a67f747

SHA1
c54ccd464f07319409170ceb3c6be890b6483a50

SHA256
f7c44931544a8be585911d1a5a03ae8de7c0bb840dda7bcb467f83bdba880050

SHA512
e8b7cbd81f39de46d0ebf4aba73ca3f4dbb6e4ce8a393b2750ea602041d9c24dca13599e8d671398d972251920456bc308722e3ed1e0651c2958c8fcd68799a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
a6fe35d51aef1cf9783f1d0719fd72d8

SHA1
2d78e9c08f21de8cd55169943669a8cb1445e9e4

SHA256
0aad7ec93e8337bb8d4599186de98193366e12997363b5e81ce90dfb5472519a

SHA512
59effaba55abfd8e7d9465d9a333664473c3b12312dd2afeca0a1fef14cc983c539653301518797a91bef044e8a5a5d26d74990c37f4faad5c03961c659ac158

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5aaf97cef8db7ca266743d95bb9b7118

SHA1
09a6b9d3cf77b4d535e7bd829d6f8e5cb994a196

SHA256
7304c744ecd4f9f0d1030a467687d809fa728a3ab0c26ab30791e1bfad3cc358

SHA512
a0a2ec7cb1ba3c1fb95813a578361f28b4c94283fad64ce8b0a28388a0ea690100eb9aa520ed9481057a26fa35a805684dee509cc35520f42aaaa8e0087dfd66

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
81630d8bbb5364fefc5cea7bfa5c4fe0

SHA1
d1996a3d78eccbc2c7464ef3328b5e9c4adc7ee8

SHA256
935b8fa07a7ad3ec6b7bceb69ee0ab50ad434ff8f8b43c18012b19733938224c

SHA512
238e6980f1aa288ed111c5aaa5dec681f4707b65feec917171ee5097d7da7a83bc92043fdc34c79cb4b1c5cca80a224d8aa707d4977d14644515611ec77a9616

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
4b3ce01538461d730ff251c300fb5671

SHA1
cddba9cf65d027202af6cb02e8347df9bec368ef

SHA256
bc30192315834f9f6de9ad5bd17d59f8f92abfbd5472fc8225ae44602bbd28e7

SHA512
6b777131b0360b0cd3b67507b6893066ba269e0be86c917af2b0cabeb044dc8c82bf759fe638ebceb4da5856975f6f73948ca30c43d7b6619f12cf1da9c13112

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
799de339b5c7739f0cd2be0e1e36dcfe

SHA1
40982f299e34094db613ab4220cf5411e66f349f

SHA256
a5315b3a57aa1adc6e13cc0a9c419aedf5db1e879db4c49598ccf00f29f108eb

SHA512
f98b13716e1fa4a1d18ef9e2b1d324d35c6ba3faa12ea43af04332fead9d6dca4072916bb90ba3be5c556549000e57598506f70793744ac4740a180f3d55771b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
c2de6cc4bb6b4f46668309b5dbb90bd3

SHA1
42e5fdbe9ae1d332e419c9e1ce56e07369a839f5

SHA256
b8ef8163cabdf6572746de631fc245926486465babf98a46a214e9864cc69b1e

SHA512
49a5fc227809b1969a6c073185068cfcfdd964fbab79931d983b797a692542985be0439479a7cf30f622727c7910736dc688c75e4a6f0f889acda86ec9338b27

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
5c10f04f51477436f37e3f38f0ea6357

SHA1
b1f68c33b686ea90eaa6efa48912cad83fb8f439

SHA256
33b551c63401a4b8f82b00d445457d94511561c2c966ad613f7f28d648e8f854

SHA512
553c4a3918bb7e83ab988f80d12e07f57264a66ccb40573433652a7a5f3c80c178623cba60e475ac1e5d8999f24d46897618fabdf89cb9ddc0fa23543ccd9ab8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
3f68d1022a75176f8c45f3658e7d69a5

SHA1
a900d232a8bee6db1823ca95ee38057d9e75b5b2

SHA256
eb7a60bc5a2dbbff40389884054132993c8eb1860fe3b82ece7e296cb1b427c6

SHA512
21c8bfe3e4cc555126e1d5091fe0fb73844ed71c2f8ba722d0c9334a832316f846da03c0fd026b2867e33d5bab500c35f019ce604e1ac32ebe8fcecc0706bb3a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
66ab0522f3766138f7a4b8482be6780c

SHA1
d57b869517ffaf66e88c1bed0e8853339d3acf34

SHA256
efb51ae18ac670874a434a5d1d70db6fb2d1cc51a867a5d9479d6c0f7a48e85a

SHA512
c44a117df45c13861d5b926fa284c39f6426f1270fd792647ddec286d2cb20c3fb1cb478e0bf5b00e1a1bc686477d446c56f9aef93382886d18dafb8d39c9ed9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
04a5c4dc5ec1901867e16d8703e6569f

SHA1
fabe56d24ac972c4273a05f17f21ef7c1447e43b

SHA256
4e072d8ee0626a456c7786b803c8436b9a52ca75628a5bf53f06d2186bcf1cc0

SHA512
a1849bffc01a12210b4744c2df1d20e590cd562fb18e7296afdcf722690fca113064fbec37118d4ad748d41deae4d3cb826ddfa27538523fd91616b54af99869

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
cde03bee6eaaf201c28864500e143aa6

SHA1
2e20550afc49a38acd3136f8cdb55a538c16a81d

SHA256
e87b46871d8915bd2c026005584b1837c2f07f30c854c3113a1a280dd8311bc3

SHA512
1c4ab82c10b5c816c55c2218d2bd6231130f90a10f1e8b5e1db8f4f60edd746d3a32fe232af0670ed820fdca9c0935b02030e9cda57d37bba9afb71eec54aa35

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
7738446a707a0d5cd915a738a4087dba

SHA1
42dcaba68e0e97c061fd6f5a546d686f4bc3d882

SHA256
fa227a87f3182d0175ffadef29f86433ec55d6fad44a56de81abc14f53d9b5c0

SHA512
3201335c48fb53394ac889e8e8fe2285a48cdb94ffc11d176fa9cdf2f582493088d279077e6da4162c28458afb243ca30b0d0bf36305f4c0fef8413526a2db7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
1ba6f5b7511f3caf07ba088d5c4e5fad

SHA1
42b9574708da09160ec814d7a689be345aa2f4b7

SHA256
f98024b8f86132041519a866088665ef9f43058399e10979b4d2ac4f49ef482a

SHA512
90685217d4e49b4d478e61b4cf23dcbc689900e0904d09ebdacbeea9280fdee501444bb1a5c9570c720f6d43c624563b1f94b57eb43dc02915c72acf3ca7b52c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
6a4977792ae9d1dc8d31c5ff31826582

SHA1
9f333092cd7a463d6d314f4e844ab7864e647505

SHA256
686cd433b99f52f52e54ccda6aef686fa03271f984f44d68af036fb95ce46222

SHA512
756c1363dd0bf2ac6bf6b4a632a223299455d736ab4acceaf26dd14bb325189df5c504a4f6957c1c8783a4d97070dcffe33f9c7b9a6a8e91739048521f9533d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
3848d8c6da493df7adcb3f24a0aca341

SHA1
3aaff5d1f7a8a341f3e329138bc5d56db8a52d47

SHA256
7415e61855bb0aa5eddb339a7aa5ae806a40d3d14a5fc229e481c961633e5cfe

SHA512
6bf432333296a585ac9c7bf01dfc6fc21fa54e503ab60840ad98a80cc37dc6475af9038de95502143e2a9a7021eaafdaf43685c4a11b753342cace6dcc099819

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
a23a7d6c074482fb0f60c85e98401ba3

SHA1
82a4d20a04e4d90f9eaaa5dde1a1d5e154376d58

SHA256
06e6fed5c0f849f21646a5bd7df34fca92378a3c5cd9ee29ad576873e4cc575f

SHA512
470ff5890bd8a74fa082905b0104aacc853c8e5c5a37793325f7a544a47465eff18fb42c8167201b0d505e08ace80d35154e64b57930debb13847fe21415ef91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
2aa004acbfd6fe7f07c315e0a564c69a

SHA1
6ee64d3015afe8b841fe9a8d1480583a72e4b613

SHA256
b2fa19c742d44cb9049ef9ffbb28e870f9dbf2d1ed69f1f9624be2a00ff15aca

SHA512
3f7a9f99adec35dd68eaa8f7ae82b0a35666a3498ea0649dc1e2c1b913045d669ae837acd84adf3364808d35fc5e233d5940cf0bb21b64d892341a92d1dffd6d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
9f1bba2af0938d82e0db6625e6b76b6c

SHA1
4fb2dba669144a80a37343411d808a3a8f94911b

SHA256
a9685bf228aa12028203431d259ca97a2b1cf0696c040ffcefab9182679fa3b7

SHA512
03dca7d692b3a0924dfe3e5160a67d0d8d07dccec49017e2310cb23f7b9b74a619ae0c87bb441de98165cf30393a1eacf967f06d32580079a047a9faf7e8ae70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
a62679efe8844ed931f85aa64b01c2b9

SHA1
3c63ee1e282ea5f0b9ae7a08d9cf83e63a94a05d

SHA256
1ae29e6f2e155ce60c2e1cf8f4b5eedf96596edc055c1ac0be90eac78fb6d255

SHA512
a58df276057f7ba490ac30be3430103e3f1378cfdea93a3f98c467da7bf54bb51fe5df9d87080c31378e5e9f5b8728b4830d34aed18b96811acd37022529605c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
343ac9cf078f3325ec3ae1f0246ce53c

SHA1
93f8737974013ddd18cf6d87aff01529bf9c15dd

SHA256
e2f94b2ea2fbefde740004de32df58a5a21e9688743767197752c2e4f0617887

SHA512
9296e1cad24970c0177b3577d7e6fe9bbda8843956ea48d48cef50b0fa35db626311529b09557a1f1818ecdd0779fc46e67cb6b404fc3eceb825dc0c32bc91b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
9b71b7a9d3b193e30b4648729f62b52c

SHA1
891d5ec0feda599b08ef2b3cd52dfb7bf82c062f

SHA256
c5c69f64fb4f4acaaa3b27841fc695c6adbaace11e54de5562c2798cd76d0893

SHA512
e1b06aa2980cc18256cc3c30aa94dbdf73acea51c05b9bfaa6916d4c447cd1d382cf6efdc44641eb3563dd56f2c59a905bd89dfad6715fbee51fb83854c99ee6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
fb5eb7086f424bb93b95adb6cc72889f

SHA1
7f2c82b268d31b232b8d0e5471d8c2b4fec32e43

SHA256
e1dead090e14b30629df47b4a26fcdc2c66e4cb35117df4e0486a5244e56346f

SHA512
dd4bd5330905ff5111303cd74c08a384b1cf5d92c2ea46204d2ace5e4da5aac38f123e5cc70a859c25ff17fa7de35f712bb1dec3c0f26fa6e0a6a2bc7c4884b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
2a0b9c5bf6b10258c30ddca5610e4a52

SHA1
e78e65f197d61d48a5292166e6c00dd723ed45e7

SHA256
8bf5dd18b94eb1a48e42720f53b672433fd0e6cc70fb8bb61169134d2c35b063

SHA512
8e58348220f2c3cde9b2bcf036a9db0c3c1504e092ee0efa8d175fc2a151e60b07e6746ddcc7fb9ff03a594887ad58af8919262eb2bf648d5a189d2cc69c53e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
eef1162ef1148b58d5b3d5175aea3565

SHA1
7e9803a7fe33dd4c83d44532b94dc3280220227d

SHA256
995a592a62a42b3ff695396fe5e8ad56cdea32ab5c856711dfba06744e067f54

SHA512
b22c8c1a8e644c1d2eda786193df1567304b0270c917523940d9966273acce207de1e965a1a1352eb2857009fba72e29ecfacd279ca2fa2b628edf0f936fe98f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
cff42b6e7347362e662122a6248ddfd7

SHA1
7299380b8e9e0a8e49552c60546f006e90c68f36

SHA256
e6b29a380721a99e6a77db371950b3f140804928bb4005183dfd959646dcd763

SHA512
36ce9391860e93fc836b59a3cebc1660840498171e65d09218b88979e1ab1e3802970fe1628944d03033551da1e98ad4cdf56783505e2387b95a50898dd85b09

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
fa5a7ade2a17d7425683b3b288b14bd6

SHA1
c08ccac067aedf2f0a8b62c63f869563e30753d0

SHA256
169f6d075385438a8c0f4ab5a187b4751bbe6b3f146d049c4ca807dce3aed77f

SHA512
2adf7eb4d516a7c861f49a1570d6e5a03cd75cef96dee54b1ce24a3610e652c98ce5e6eebe0129374c328f144bd45d87e4ee1f78d51c26965aa9eefb26c3ef88

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
f9cfc53ec75dde0e670957915afd5bab

SHA1
184f6d7820293a1910620088571c90040a20d6e2

SHA256
4338e1d226ca235f5be21172ae7156ab9ddd1b00f846dc3c386981af11f549b6

SHA512
f6044355e936b287ba811e9cbe72cc1870495d931282ef929e43cfbde295edc5aedfb833f116743f0de819fad35ddf451ba95120515731e0ca7c5e5a0b66a503

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
930e2e016c10680fecd1cf6bf86fe5b5

SHA1
7e200282f6417adfd8f060d43968f447e5d65836

SHA256
9dec01e7b02d9f1ab04f2d7d12a7113c604ad4341104407d4b86158285b4a0b7

SHA512
505a12c02b3027b651fafb15f068d19adf26d58049371ac0a4ac2d4284dfa349f71db01eb4e550d23e74070a11e829cdff82bafe06f7452c74507fa2c431bbf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
40ff14b642e2a26ff1d953a4117ca91f

SHA1
8d5c0273ff33f6ddb48e4ab2ac62c36080234597

SHA256
c792c69cf81f70e9ffd44c7afde3ad57c7e432562679db576ca9aebaa23059ca

SHA512
1a066432c3f88554dbbb90a89b73043431aeb46431bfefa58ea1c96366affec762cdaed6c55c7d6e148eac97d21c4bfc21efbdd08682ba6fc1bf37ac811f91c1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
91708a0d22c32bc12643b2f6e9efa337

SHA1
ef30f94273c32dfc66273d251cd08f6206ae44d0

SHA256
79f153f31af4dc488d933235594830ebb71725a08e5087494f051a1d0156cdc2

SHA512
5a76314e77516e419725a04cd302c6fac706a6c53927c6f95869a78ef78cac64e43c83ca4050d0bd55e664067e6cc45a0b076b27106731fdceafe6056f67813d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
fd2ea17330c78d52665242a7dd829611

SHA1
36bed80babd7b7427ddde525a458d4e31ed27556

SHA256
7f64e05f30d9baccd9e76a8d7fe45577cb63bdd8e1cfada311b9ed4d7ff0990c

SHA512
86fde2a203761b2c35704b6f6b3b8187f40a8d6563d5f8ae20808ef271d5054997bd19a9898658053e8518bd8d41cd1b83f25ec1d07dbec1111caf991b532132

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
8e5f5b450835d6fafa4ea681cf8c4f98

SHA1
beb9618d9e737d2291c5d5433bfab4c209b5a395

SHA256
0a436212c7130024c375aa13271eb46f3b387f30c1cf7e8a2e6d9f9435e276b0

SHA512
eba1f3c0051dcc6beb7f1e73a270b8ec873883b19ac04088ab12fd974fc404800608355fce2021525f4925c00e075a7fd7b8749f9225a5c87d5b7409062b25a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
3bc5a84e08603f76bebff1a6fbe2229f

SHA1
f3e40f267ac168e6f92f8cc4816981b77f474d4e

SHA256
ff54d10fae914e22beec477210dcbc3c36e1387514dc35891ba98f2ca6fb861b

SHA512
7f7380429516f01f7afb14d605cc1411edf1145bc95bb79bcb35010ef05bc65388f2481f81d348eec9f32085f2d2560a0c032d404c64179a2504ab25945e29d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
ff6e7c57936ba1ce7d3b97a18a646152

SHA1
429a4f4211fec4c5e3c4d0c76a7083cb27af16fc

SHA256
49f0eb953daac4f32431e688d91beb23b5bf27f3a513411e22266558daf8fea0

SHA512
1aea50a50192dc4b90bf60e6409bb2c1004672b24bac062844f3f8716d41e43bbbe9476649a0bc2fcf4ff75292a783c979de6698c614325cc086b66636ca463e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6e9461e7551d3d6a5385168f770b4f97

SHA1
a0c0671da261d64c0af63af6d78c4800997b285d

SHA256
2b8befb3a932da1347329c3c0faea5d4e3838f49105580b5a4a6c43c9754e01a

SHA512
48de9d455d94781aff636ea1e4306933afd4848bab1db486046a2b6d7868f21d4199e02b92c48e5a08647fff501a383f21ffbbcd93368d0cef6ccb52c694731b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
a8090426f417dd8db229d51490b5a8ae

SHA1
15dc2ee303cd60fbe935a0151d95d9eb60e25a77

SHA256
7bdcfb8a86daeeb20e91fab84b0473c2f859b4ab0258adf3d5036b51c952167d

SHA512
b3cfbe8466f1b17c756ba9d3c70ce420920bea9a08368902333b23a9a1a225e6508e43d30159a60a5f9e29764d32ed5c5437c8e9fed794cc488fdd3d71b4145a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
0cc57ba22a2972e4a15a8d76e54da386

SHA1
1ae13edbe0c34f6847b297416161e045779bb515

SHA256
63d6a9787b8c209e2af8c71c5a59b228d0ea381c6d8870c3f916ac95efdb5760

SHA512
c06458e33a07e7b98b3d236c9ce73f80f10d4d8ed3934bb443158762f3060ac85006028a5b28f0e6faf385fe46f5d834f24d3c5df78bb1b64357475151dae0a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
57e73102404025039b1c0355571eddf1

SHA1
cc36bd9d2b0c815cbfaa12f5d23572cc03b06916

SHA256
ee0557fd8a4726466a2630e097f4b79662e1d9f0fbe48f486d30cc39a5073d8e

SHA512
c74436f3208501581540a2b634f41ac6e3bba443adc3f1be2abc9a1d3a6f487c74671faeca5a33590bd509d00a2a38be301e6847b9ebcd87903064d6094758d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
d3ab25695e7565d00664ed81038e847c

SHA1
1c0903da45fae877b46cd3338ab79ba7cb016bb7

SHA256
97a44a603d798e69876e557d1e9a93473119021cdada720eb153a8a85b040ce6

SHA512
95e81b46c32c7f9d65d8c944c6045f35de117db275fc5aa2fe68e5766e5166d1e46984d77f5090e311c1aa30c0092b7d62e72fe20a7d5783edfabed9dea8f4da

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
1f6c93cb9b50f9f98c0850aa95fd2ae6

SHA1
d9ed189f377b4ccc3af1ecd5267573447a22cc32

SHA256
9130607102c5ba765cb110856b2faf47c3df085820f6e36c64a32c00302ab8e2

SHA512
898f80a1b4fc7eaf00384e91353367e1b40bb2b93f07ae54e0db535e224faf0803fed8c1b9bd26f8e948cde4acf0be44870ddf38c8a0f804043389bea3045255

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5b5c12f923d27ee61330668ed6bc4d8f

SHA1
c63f08314eab243190cbeff3249a16eb9202d77c

SHA256
7eedd68d73f75c53adca66588fd802141f8d73762b6496d9d0197495bef386e5

SHA512
0888c5a9af769d5408244a1dda91dbefb5873bbaa9fb2aa7168c43ef322fce584119db3345ae08ecf04355a6906e7ad76673251657f72003171aea82e8d87c1d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6bc8459764cb9157a2e8ce62c0652ec8

SHA1
795dd78ceb8c81523fac8bde12e4fc44d6bf4784

SHA256
0fca113a1c0a24051de93a539a9e1df4f5d453e00ee5f354cd4ed8d19d4393bd

SHA512
70a52cd1b2973acf04429155779f12a6e3c733d2ba906b50b6b4b1e88607ec5e4a875a116e8923c5a02cf12a8306bba0f25fe1cc50956644fc9d5968ab8e3c51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
b8bf18c7d548cbacef1a856f2c8ce5ef

SHA1
06c00c2a469659679c4fecfbdddf0a8b2be6d2db

SHA256
783bfd9eea38b5720030ade6918c4c629cde00ba13493c646ac5a693be89ef9c

SHA512
7274b6d461dd5816776a2539a50434a40ff396072f193bb7d68d64769d0ea9b13c1d2b876f50a1b14a271f9c1211c1ab29d70247fcf095bd2bd806aadd04b6c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
8c08058ebfa37a2269dc87c4597b009c

SHA1
341a269774559396e7fe992cde80f7bd95aa5c6a

SHA256
48af867f372e34b5c69728bdef6e26371dbeb705628cb4f53574433e8cd3adf3

SHA512
3729adb080f4d720acf819b2dca50493f1fda825f5ccfa87c3efe2b12c6538d7a9df82e506eae1c7768ff93358c6f7e4705dec4d7c3622f8705052684e2d7500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
482676076bcbc2a86f5ad860644a392a

SHA1
701329433d9da2abc13e722203994c8d8b3e738b

SHA256
2f3ee991758cecdc09743aabe0e694c629c73bffb30fefd6f70d12a67e77b74c

SHA512
cb99ab583e80d9fc31bf92710cca94eaaffd94a669c4da33b62782092f05888677795f7595b91904263093724366d28e6b5bc8b300e12796fb4a38b1e7c91cca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e7b446716b9db90dd1b525af2dec226e

SHA1
4c98535da286cc977aba7aaffd9773706138d379

SHA256
5f5d9c9a9fdd2fac81ae77f9019cd70ac6b10b18e83c4f0b1b0f249e33abe6bb

SHA512
872e34d715216c2ea098d0a8b0db262f2978bb1b7e5a0992832089b3dc3df0e65b5cadaa5ab9e2c35daf85057b21ca2649319f7fd828cd249a85d533c2032529

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
5b987769fc92bd2272b4773a27cc5621

SHA1
8c551623abd7723c52cd5f10e1abd4d0893e5fcd

SHA256
960f73b5c28a6225438cd6287aa275a9931a98ab234e0e683972e8903bfc5b4a

SHA512
9f7c75d84d72d8ba89bfa9f733dab84fcd2e9b715989c5d2c92fdb19efebc3549f4fde2a69f26cf061739a629dc5952675a7fb336e5cc92a64dfd7c8b8d8b6ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e813b7b4e3f531e39929c1d2b7fc91a6

SHA1
f26d327df650a06c5018c783d2a1251138ff9ec9

SHA256
e4895838d8eb6c1ff9f928a24c14b77999fca5ed958b84f33a33f33f6c7f17f7

SHA512
8139806d28257bb2b631c4e81060c95e8c54d2d6f552b44b085a3b90e017a25d741b6c74527cc9f345499901291a9a80e2dddb85d74464cc2e27da28b09f7782

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b754cc6dd289feca3a7463d7166242c9

SHA1
b75bae1ba2fdf76b46ccb9712578d114071b3b78

SHA256
bd4de465207622571b6d4f0653d9e142c6d861e81d051bdb63bb636a0b1bd788

SHA512
73fd351757598590dd5c75247d84c775c8bc4f2201828b839a2b6d41391d2a452b46cf5126ef8244ff6bb06ee8316342354bed355cb4f655172f1f83485180de

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
2ed66c33a08fb4f2e9c8892d04a96fb7

SHA1
255daf6dff023af86a4df0fdb43175ec0625033f

SHA256
5cc27baede7bb077e6ff088041eaffea9722b0fdf980daa746d8039951b2f6cd

SHA512
4adafc3e38ffeb9819faaeae7e61c89e0ddbf45279950bd7aa00102bc7a4e18f99017cfdff16fb30070ebf9783bd1f94c1ed67d4579fdcf962ce91cdc5983b58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e320284b4a98558db8310dbb6e8a1046

SHA1
814a22b2ca4fb4a9a0e6ecc851accd27bbc9ecd6

SHA256
04f3a63741d9b63773958296aedc088b688ecd368ed77d79a17569317e1fb0d9

SHA512
7486aebc0a9a82c78494f2f9fe73b56b2d76b4df690cd8089e0de6ddde581055df4f1db595aaaa5025071202858d81f47e8f609b5066e4d25fd75379f66146d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
446a9f4ff70ed7df19352c88eb0849e5

SHA1
23e034ce3b3d575d7d664c766eb3761863de3a34

SHA256
ae60e9501655148d698dc676d9d6becfb4e23457620e1a953125baa279fdb0fc

SHA512
dbd9c971b7546070e93a4b6205edf127e6a58229bbcdf4ebab7dbc0aa6e7e85886882f30c45c8d0747060faa1e22c4976475f0dfcc3112240bbb2955a51f8f3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
416f8d318117f550478329e8b2551fd9

SHA1
7e85de4cfd1fa061a78af55baa506af0fd93cca8

SHA256
609c90c254b71a36ef7ff346a76a679c2ec57eb5759bd59251dfacab3e221e7f

SHA512
d714ac236b47547cf99f33e07987a0f4abad99648b307e6343f30256635c9cf819844b76008bab80f8b23521fd2e8c2ff65d4e4ffedf67c4abc5cae55505940c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8670c2860b74a00dc60caafd1dfa12c8

SHA1
a120b57d05dae79e767c79572f24cb041b6ff1de

SHA256
ae15d8049f41e8d252b9471a45a6a70e9aa088487ced1e06dabe75c697dde66d

SHA512
71efd873794500bb9029cef47d7202e4d2c61de472297ad6f60890888b397292c238e505a4bedef069f1237ee18cdd0ff8102441e25d954df484b43c886b496e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
2723b904107c807cc733d08124790668

SHA1
6c14bb5dfec3e31bd7ee34ea004e317e59b45bd6

SHA256
0a8ee3b8be64ddcfa7db6b6dda13a115b352475f1d683e866707184bf838d87f

SHA512
5ce4e256573a8d49a706c3821cc0619b1d747fd4e33fb05a740556f5abbeb0f40509e7743adc017e44bc08854a13819e2fdbf4987e185216ebcb9eb47a59090f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
05685db41f71530d277ea2b60b826a2f

SHA1
d55ccf1d598cf2063ea067748a2e4f833df46974

SHA256
5dbd523a9dd23682698ed7e89a0b5823d46c0154e6c59f01d31b6061911e846f

SHA512
ac46d2072af2e3f75ead0cabd5c1db9c577eb5ae25160d47211805718d2b8ed19c46265bd70f0724fc2afabcabfc2894d5d9afdf6134df12ffca681cb733cbb3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
236970917e29ede895cbb4e352c40401

SHA1
d9576c711700062313c33d1ed608ebf4d9c7357c

SHA256
a8c6919e002740f9645c2a0368390377f98d418f6147247636f6c9433f44569a

SHA512
54a179317463c306e441dab139475c5fb575d4dffeca42da49839cdef1c32654e5590608356e9eb3cc051da9b4c4950dba8ab69cd858210c46aea517a214495d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
298fcff7cb91fb43a62075c7b43deb81

SHA1
463d2adc9bc91016ccbddc52bee803f689cc0da2

SHA256
ceae0833583d1784fb2e2dcc02d65d7a7ccd39e20c930d6b64f4824f01a6f7a5

SHA512
d58536191beda91a49f1e583782573f07485f4c0a7153ee7562951e6abec5ad919b7fcf7d60286cbf6be0d69418ffeac49f79f83bee38bb0093b7937578432f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
a8dcb909abb7caf4917763d93f8ec9de

SHA1
cb866708b7366c788fa3b7e3616faae030389d4a

SHA256
226306ca3acc4761c6b964228233f573e188dbaeeab40154e6a2c7031b036ba8

SHA512
0173bd0301b568ecde19ee31acd9da190b1c64a5a3485d2c69ff8b5a0c6bbe652889e398ad72b09ae59ec12736e9e3df52e8d729ac9e245648173f257a5d90de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
882795fc79fa66a7990393aeb3ac57d7

SHA1
45b1c5396b54953f847e045bff8bdd695a3f40ab

SHA256
de1c0ace7f67ff3944a24015eb02c213d338fd8d46211c9bf631e729ba89bde1

SHA512
f130379d12f506b807a4b1e6da8c1b859467d7919b54110b141eeaf10e19c74cb08e229cf4ed7c36f30b8c3af2d1ed892ebf7a6397b4447542a460740f945edc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
159fa14314b3cde9c35cd8992978a158

SHA1
90ed708a3bcbc2c545d1c9341eaed3c276db402b

SHA256
a07ad04836226deec2b3613e1788a0f21e660cd5b71f80fd2ccf8c70b665e742

SHA512
617cae1314cb9eac5ad0aad47a1d769217e7ace37e14849a594bfb8e459ff4a3a5df0928fd6a1898c12dc420fca122a7cf54afaa46bcee333bccfa307cc1af46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
66f99e2d38588395f146ed0d62a8c1a3

SHA1
69afe88172a07608c5d9e4a77d728a572b227002

SHA256
0aedadaed9a6b5f73c594a79f2a8bd19c11d07503cc768ad62f02165b24c2cbc

SHA512
2024490974e438c777fcfc7035752b9d9317a701a5a21d6238fe22e06d90cd210d00adcc8f426a3315006513a4c550e2bbc5aa9b4a711fb6c8aab7a984d1a78f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
4c5dd3213ed698da0007c57ab1c2582e

SHA1
8e05d1b1d6c711ee7a47c1a16ab6f79346a3c6c5

SHA256
bc7806a61d1a67dc25eabe8eaf46d9c857c43fc95b6015433c6b50f2ef226ea9

SHA512
460f6ebf0eef0e3acc238579bfb9caa16fefb388dad5610199150d3bd7d629aa14a46244b449c9a4251b69a2e3135d5be0795e20648b42d258f0c1283fe96df4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
95accad9080edc5aafcb3fa65192cb0a

SHA1
1ab684a714222e8303aa6eebce7f95218c280c0c

SHA256
b823d058fd38e0185d2bef4bdea54c09d4e4f4a33a0de2e66d92fd30a856e711

SHA512
2258e7b4fdcab5a04e7b24964330532d858e3e67d3b54d0b3f66a21c542a439d513d08bf9416569b47a9d5ab9fa20ecbd562c9264960e9ba9afa77925960e03a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
d33742c59760b880debf1bbf3e432f02

SHA1
01580d5be3e5eb64f9082ab7122824469743158b

SHA256
d10104483762c1b4f8b4df87487a05533d333486d0450bb5ff98dead4987ecf2

SHA512
66facfa886af60177fdce309c99aeef21c78db9c7f3c0a59eb1b0786ec4ebb212bfc6a5bd863d2c37492727da2616a219d8cccd19304f52755ffe75d1e75341f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
e7ba8024f06eeccd0809af9da7a56448

SHA1
5b9f9113dfdbcf664c455d78ce36baf297428db8

SHA256
2973246fa8b49d95747bf5d3a6ad73749466b721ce709c205cdd624be5c1363a

SHA512
ee4e80d013f7d3ec63d0075e3e4ad4a28f02eb36bc32fead41ac681fbe20d04c97a433568c902d697f4c7e69586224a09cbef63e329eacdc101516f4ce7620cf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
85e5ce5803a9d4ab8ca5eb3469a16ea1

SHA1
1a65ed3f0bee0480e40ea10ba230213cdce515c1

SHA256
91ee989458a95d70e0980db6b6267d1840d3d775e9312eace5c90fe9a44d84b9

SHA512
bc1eca404fc50fa8f875cad23cbfbf0d73a4f2991a789f6f06e67895741b05bb1717bbe913cc83445e26a199e8508f719bc19b5aa5408164cae8b8b237c0389d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
35ac946facba8d7000dba623a69101c4

SHA1
72fc58b2038bb6d65baa939c962ac749430a5158

SHA256
80820c6c2fda2e46dc730e1544db7963d104aeda452ef8baaa5294ae6c099965

SHA512
0e2e79b80e194c7fe203cb731b844fa48b97f9954fec732398874527e0c368d30ad01b83ded66805500cd123097e9ffb25fbf7c277e178526b7bc36ebecdd286

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
6f0351ceb3c9cc25c9d97c574e301b31

SHA1
626b1fed381c1aa99dde06faff0d3fba447a953b

SHA256
97dcdff29b4a49172b4b29d7ce11424f427fc979ba4f62ede1d279a729120c12

SHA512
d32eac096ed44fdd75b4341334c9d46301364723db52ee1ac1a88525e444e1f8c3a00503973a8a60b71908c832cbad7140ba9a7935fe9da458e8b2cd77488024

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
884d8ed853045271840069283e9097ae

SHA1
38749edf33b718655fd34374b73d395c7eac221c

SHA256
8f0f2492e551515c6317fc49a768ebe72450ce0731f95530b5ffa43cfd2892ef

SHA512
f8598ccc5657b8ee3b9c8391aa4d53497da4db2eb113ee97e2dfda28dc599d3e8419714b79fb7921b8aea0a85665931f536f89ef4cc6d18128507fa4da98a0a9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
0786dd263af2be245c1275426b0490f3

SHA1
32c0a1a2008186b43c98c7b7e4946aa0afe2660d

SHA256
8720d737d39be5d8dd9d05301b298f3229f6572490526c782667685a7005bbcb

SHA512
033836adb31909fc8aa0a251bbb25c87c1e912a7ab9e83d0ee7a3ef30171e0f94fa47be130bb1f5d8914a1fe7deaa5f6ab3ff98fd3843ccad2a16e11ff571594

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
aa148a109551d538cd9153a4b8048631

SHA1
171f90d8f2adcdf1665e00b3cf729c0d4bf14a73

SHA256
51758736a653c496481194e74caec0e188719dc9667240ea5f875e472ada2fa9

SHA512
e9a04a62122f527263161c57fbf478fd6bba130f2c2f81a1769726c3be495c761a9913e1ddb3bfc6fcbddd985f7ad7306bdcac293b80c9d689f950e951dee479

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
3a20cd77da50bbcdeecbaf9e00002200

SHA1
dcda40280c56b646d3d9f6de21052cdfcb7a2b69

SHA256
85d210fc5b0830d9ffe5e521b09a63c155c04bc172beda2a1f2fed3e8c582745

SHA512
757545c828c3f2a1968da00996665b970bbc92a2b2cde62d20525c4bd09bb1bb8ca277ca3857ac24ecad7a444f9ad7415511e6efe82962992bd09b100d3a2858

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
38dd328c697306772ace7c65b63c6ac5

SHA1
fd103397db109c8ec91ac32b9f4bd732021cb8b0

SHA256
856fe56f3fd5742ccb42c9bc5ea78d014d35d0597df51fc03ce1d29839855399

SHA512
688f2eba4d4bd63087588b484caf752435316975ad47e1505857d1d9124ae9d60d7a0fbf7ba39bce23d20056b19710d5ef85bd1ceef24103a3a16797ccd6be8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
de65fec38d8b31e1be2ec7ad2987994d

SHA1
f098d0535a3dd61b194176f4540a50bdba6db314

SHA256
d53d8078c025a3288b12e390f63ec1a5c0c37bcc6da1ef8abd7e9eddf2d78c8a

SHA512
a7a641950bd156b75e59a8fdb7452b45c9c938c77078cd6afbb7e4b780a0624be2371545d10727a1d4c563ccd83d27f78145d8bd3e89acb291dbfd52cff6bee0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
c9facdd2baea7ac08375019e13430bd5

SHA1
929f56c5604410c4ea0b0aa8c50617544f56390c

SHA256
938509b72f04eb802a00276178e16f6180c2fb1e986fc8653e9333bc6c5c23fc

SHA512
24c39bdd5ffe866baff7667cfca46b78a08cf4c01b6b21be2d9235dc8fad13be16ed709364c2baab3992680b74dd42bb9516f934e40cc574480785503bd51017

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
087d38a2e70085f9d2e790d39a2d075c

SHA1
0475358875115573a63c9e88be1957c0d6b01d8a

SHA256
5941716fa7c22c7058e9b19de36ec7ae22bd7e75e76a0e94d984021b7fd9afcd

SHA512
24dcc4cd2995c0ad6604349c153af6b75b3a5c4192d7dcb699404ac7692ed3de5cd40dbb178d6de9b5caf3c233340c5605b32e2d9efb6e0585d2780fdaf6c42c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cb644af2c2bc1be525068374be80d7ae

SHA1
fac95ca3593be6cf83cd2c2b5dad2c567a15e693

SHA256
926ab88abe7feb60cabf34a01c21ac92572815340716e0639913b3483e86c51b

SHA512
b91db406115a025fc5ae33fa86f8b4d0c29850c6430cf79ce82cafc728a15410734fa32075a23edeb6b223b654ff5fd89803a41b69ae8802506d1d1c66dd2f84

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
473d84a9fd0d5b78947d6ccc42c8f6d7

SHA1
adda9952f0ce2dccda18af567ecb24220e6c022e

SHA256
209b2eb31fdba17839e14569ce18728b8d7b32c56e848f1a90df144444b0fa4b

SHA512
9f4784c6aa9e26707cec54fcb39af78e98ca63ecff9f85cdd522ddeeba6821001e4ca8ecf8c027b0ab79b4fe2b08c8fc66c06ceaab92aed5562bf522077dae22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
9b6936ea9fdc76608497908c4a795d36

SHA1
e69be8172aa0286f8ebaae7396458d1a6d618429

SHA256
f0c7958a59cd2c6d2eb26df4336a7f712396497396dcf3dee042cd72adbc54d9

SHA512
a5eb9af746cdf7193275ecb5c0130c338bca0941b7eae971188122367adf6bbbc4aad51c89e91d81c2c64887c8de39d6236c0bc5a2062b6d64c2a3144c89ec63

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
7fef5392dcb3a2efd0bfdd82bb2b13b2

SHA1
e8538a08ab30c7795dff679c3924749d1d49e54f

SHA256
72609f96f565ccf8c906fade7b52b1a54d9bc988b0210fe150682b0303e3e881

SHA512
08c03e8b4cfad84c3c3cc83e1001017c1560aaf2e05ae42efa92accb89ccb8197ba0d20df028a9b0e998b9129a998d2bcb08962226274a779c90f644dcd1d755

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
edfa007085b957bf4ee5c8c179bc54e5

SHA1
c465c621f5227c6bf42430ce0538527b30adb459

SHA256
79785f6d5bd472c60224acf86db490e5b1b3ab540571b6c784e32d29ce684439

SHA512
a5fd00514c3d78d9e75bd73b2601c8f6deef11a7e5a460657bd9d709171872787138c023e2e1b70eeb7a420604b64a34fb6c25d0a4ae53eec5756ee3f697d452

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
a6fcf0c16092add0fad887c2436dab6e

SHA1
a85341e7b4de5f2fa1f50b851c69ba28630c2650

SHA256
88897a4f9d3ad9c6e8cbf400fd3a5df7bcc656e9e2ebfb5543406e0f9af23455

SHA512
815985cc251eeb11527193d819d2f4919433389d3c6837b36e613a27e2a19532d435828084e7b0a352f04e13f3f4a8c0c649243057c0bc65e93586b6a66a3760

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
adf12aa31edee52a71dc58c394dccc73

SHA1
d12077b7f5c29b9955f70d45778092a3e598c380

SHA256
59142da0d17e2250011451f8bf41d0b0d640d1cd9a46a3979c31e9d7fd4e68f7

SHA512
76c68426ac5deed87ef7f212c5710c36e1288a9e2cb0481f1db45e7a2dc303bee5456f5b0c519f77e2d9c2ded265dca2c6ba79ff848644ef8d5fbf1ae7f01bac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
d60a2a5cbbfa51030664864c23dbc9ca

SHA1
2edbda28a143ac9da0b75112728760ab8751b2fa

SHA256
7fbf06f579e55ad2d2afc67fe8cb118922c3b7bfd65b2d87434ebc42135dba36

SHA512
6691b6081fe11a9e2ac2ebea5c251cd843dd2163b6163536938c940ba44f1c05adf07d203beabbee710cae7f6122bb3d64a0d88feb75a3f6bdde2d8bff3c2162

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
aee554f2f1dd1d8eed517335e4117f05

SHA1
a3cfffd5975eed1bb299ee6afeb82544d4db8dfb

SHA256
37b2053ec6ecff5d03973f682cd5eb48a4569b621e134a23b2d79e19a74131f2

SHA512
d8059902ae7dd9a4550dd14ec1d52d5afe580c9310d2285bbe371c138f76ef8383c3681c36a19fbcbdb1a8a7e0a4cf7d0a32bd4ab5fac23448a5ab2b9232181b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_theme-light.png

Filesize
276B

MD5
2ca150a2632c911f135327cb6a8942f1

SHA1
f0791b4c956dcb20a4778f4e2c8067605705c563

SHA256
ad22894d6d50f4df78227d90ca54486df37438327f90adef3e6a118680d69e2a

SHA512
f69d6ea1de46e34adaf69da08b8b9f0d1631c17b7c761062e8e2b45c594e305639059a6f34f71db1d2db60c4d49b2ec6b4bafdcf4605cdf22ea10cb45babacb5

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
4d7883ed2406fceb4db5c90624a74c3d

SHA1
2d25e685b7ec7b4b744f960b68746992743c1cf1

SHA256
14ecce90045d3da8aa143b8b9b897d2086d4228143b58d812c49f2f9475d3fa8

SHA512
01bd2564181815e8dd0c517e3d065c2a8157d1fe0107ba5ad34e44904c297b4788f8ceed8633bc287f053108abc835048d95d11b6ceb40079a1750a00493038a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6fc8466294c87dbe42a7036d6cdf9093

SHA1
e8d51c0ec38b29adeef2e86c13a9867f4e91a7a7

SHA256
b3975c5598ebbc6b51ee32611fa6852c99e64c6f8098fb885c65f69197eddb11

SHA512
25108503dff88186f608a2ea2fd8155e09e11ffa63df6e7a30aee75767944afba3f47dc72bd4f436b5b5a92d6c8da34fd82564961d8e381756d9fbdffcb0209e

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d8b9194a59c9dc2ed2a6aad9bd2cc5fe

SHA1
27966fa81fe6338d56c967b60eecf6b1101d639a

SHA256
e072ab4aabf60d53bf26e4c071230dbdb694265eae49053d8a4995206a1f0214

SHA512
25493af49cb9ebc4a7add8487e678b2a182fc55c6d245a80d1e375feda34b9993edb64e0fe03121558bbed7b6b451c66790f5a667d3b7b7f197f9257cfee1a31

Download Submit
memory/1368-5263-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1368-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1368-11216-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download