xorist | a81cf8585a3ed094202be82499bcd20cca447d879c2e2be6e74dbce50407d2b1

Analysis

max time kernel
141s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Size

13KB
MD5

60d155a69731675bb493c707ae205c96
SHA1

22d7741ea994b80188a8d43955083c760553cb99
SHA256

a81cf8585a3ed094202be82499bcd20cca447d879c2e2be6e74dbce50407d2b1
SHA512

0ca9ac7829299cd1b4a36229dd05db74e95fab3fc60931974c773493bc7d4b4998c8499e8a6cb5f5bf562d8d67dd1f3c786c4ef79b65b9bac4d03f5b1630a33b
SSDEEP

192:Tzdrr1FG1WDCgmjPZcCz9NFoy1Ma27OYYaOCIX5jj2J/e8cwrXpUA:Tprr1gkDCgS3Th1Vg48awrXpB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3008-6190-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-6189-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-10383-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-10866-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-11199-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-11204-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/3008-11205-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe"	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscompression.inf_amd64_2aa5f249d7ee104a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_9cb7ddc26e30b52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_a8a4ecec7082e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_e879d41db6fd1ab8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_6f327fe9ac4fdb28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3008-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-6190-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-6189-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-10383-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-10866-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-11199-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-11204-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/3008-11205-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-white.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-150.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-100.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-100_contrast-white.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40_altform-unplated.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-72_altform-unplated.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-150.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-32.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\locallaunchdlg.html	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\meetings-chat-upsell.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-400.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-30.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-200_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pl-PL\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-150.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-16.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\MedTile.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryLeft.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FlagToastQuickAction.scale-80.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-16.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleLargeTile.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-lightunplated.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-32_contrast-white.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\GenericEnglish-1.jpg	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated_contrast-high.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare71x71Logo.scale-200_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\CHANGELOG.md	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogoCanary.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-300.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.19041.1_none_6698d138e79617d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msdt-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dcd3b364c9b478bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_52fbb1b86a870614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.964_none_a302f6630325804a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_de-de_a3fd29f71132e3b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ertca-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_b0bb9d6f8943a2e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3e0d97c4c052586\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\defaultbrowser.htm	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_cc68181b1b036c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmviddsp_31bf3856ad364e35_10.0.19041.1110_none_2604c8ae5ecbc964\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars46.contrast-white_scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_459ccc96b8ab22b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ype-cambria_regular_31bf3856ad364e35_10.0.19041.1_none_de96cd265485ea1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.19041.746_none_4b0e3418084b5511\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\ooberegion-main.html	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-96_altform-unplated.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..grityscan.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07e4dbb6b9ca7731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cdc669cd18ccd10c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_b464d3e675053bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-web_lowtrust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_64c27b3126a2f1b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-flacdecoder_31bf3856ad364e35_10.0.19041.207_none_bf65af0eb7a111cf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netrtwlanu.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bee0b1b99d47044d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_27a70b04b2458f02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncutil_31bf3856ad364e35_10.0.19041.746_none_a4807aed01fa99a1\LiveDomainList.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b9ce0b804c10b3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.data.linq.resources_b77a5c561934e089_4.0.15805.0_ja-jp_458c29ade7f2a139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\security_watermark.jpg	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1202_none_0607b555ed95f3ce\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_pt-br_2b91b646a85fb6f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-trkwks.resources_31bf3856ad364e35_10.0.19041.1_it-it_283b11faec07ce3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-microsoft_data_entity_targets_b03f5f7f11d50a3a_4.0.15805.0_none_d4d9df7f126bd1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..configurationengine_31bf3856ad364e35_10.0.19041.488_none_a14994041be95c0e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-fsrm-common.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1dbe2c036eeb3fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..dapplugin.resources_31bf3856ad364e35_10.0.19041.1_en-us_402d03f4ca866130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-themecpl_31bf3856ad364e35_10.0.19041.423_none_d4d939a96536838d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_c05026eaafcf5a72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\n\MicrosoftFamily.scale-100_contrast-black.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-bluelightreduction_31bf3856ad364e35_10.0.19041.153_none_b7dadbaeaff794fd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c1a13e5adfb2af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\disconnectIcon.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.contrast-black_scale-200.png	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winsetupui.resources_31bf3856ad364e35_10.0.19041.1_en-us_18f8d1ad21b3e921\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_de-de_6a1d8de098c92d1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\Boot\EFI\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\500-15.htm	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..space-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_9032bec5bbc956fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-orchestratorapi_31bf3856ad364e35_10.0.19041.1266_none_ae717274fd678579\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_b57nd60a.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_15932150e87080e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmiso8601utils_31bf3856ad364e35_10.0.19041.546_none_4ac1b0d8ac60bd3b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\404-6.htm	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.207_none_89ee19e7423ac211\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..neservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f19a22eb367d861b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mbtr8897w81x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_34cb340bf77178eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ator-base.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f0806eef4f18158e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-etw-rundown_31bf3856ad364e35_10.0.19041.1_none_b7152a0f9742468a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-i..o5-codecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_5925cc2e093e5ad2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..otifications-client_31bf3856ad364e35_10.0.19041.746_none_d7e4d92ce9da62c9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netwtw06.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0eeb4d5fd2b77338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..i-appcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8ac4ee7dad26d084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CJOQMNSPNKPYYFS"	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\ = "CRYPTED!"	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe,0"	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CJOQMNSPNKPYYFS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\561i1468Sx1d7Y6.exe"	60d155a69731675bb493c707ae205c96_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\60d155a69731675bb493c707ae205c96_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
b605149b549a1796f72e686436243b55

SHA1
6e04c56b2f2b9c3462720cc9bfdf17a01e2e2f7b

SHA256
ca5829208eeaaa97ad412385347a9de7d92c756487aeaa4ecfb0e549ecd25e91

SHA512
1337513f2868bfce837e078b55679ae9bfd55574532d442f2fec032c02c8547ce785f68fa07ddd715271e995752b792a0af9ba2ca9de8642894d0d965d5609c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
092a2ba0c4aed46794fbbf2314dd2dbd

SHA1
ab8188fb07e9cabed656f54bd0f3d41e3735e640

SHA256
f30e0e97873409e275b03c239ad4ae53d3911b57dbf0568ecc46e0956f8eb330

SHA512
64e3c636c5352eeef5280075c7474a77935bb5550b8ed0b4d11091d4a5d49094b67d62529586c03695deebbd3742c2276ae157fcf0e8a80d0cb9e22b113cfebd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a1869a436e7ae1b5f47c3cbee725a0cf

SHA1
9b4014a901bcf6230f09c179944a5597eecd6623

SHA256
8dfb85807b977d0f26a038860264e5466c86eb05c4570dde864e226465c6dfa9

SHA512
cf9528c75cc1531567e67c0971206cd151144c8128ccc3ef6f9821028801cf693d465efae13e2647c71f9f7c12007b6b7cf0e9d59c9cffdfe18f329e726e0ded

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
02cc2beecc3e4426618da16dc33e3719

SHA1
06e2253745805ea59df4e6caf9ae55dd0bfaa3fa

SHA256
5607c8059b9ee0531eb8e8dcfa35f074e215ad5e97c1a7c5a3ad2aef29fe1788

SHA512
604c6e94438f6ec1701936031654f738be2981ae13aa8b6b029c1a5ba0b8323b94d175c9b4bc54499d4e7ba28012eec4631fb9727b74fc5af9b78cdcb2c91928

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ad5e926a7d280e322de943aec6f08ad2

SHA1
5297579ac1218d88decf0b106cc71c8c069473c7

SHA256
af732055f33fbe68f76f2b409a8e3755a046ce70b513f2e086eaa6dbe6b219b3

SHA512
f06bcc3098cc312acf7c2820b418edc18285473b4e8c7cc33e8121ba642989f4346f7bb13a66a56ab9795042d779e45c205b3b09f105d9c2c01b908b9733cc25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
1b9484fbd6866e2ed2820489a7d45ebf

SHA1
27f1d1c459a43652dd04129e75696736ced72f2e

SHA256
b47d8c0dcca729dd6b77e68400e1a8b50da01514b80664e1b2cd05541c108088

SHA512
11c6bc685e0950e62e7015425904d1fc2e8f90dd3c71dce71aa174a58cbc25397ee67a6292beb48e60fcd8b98d79ef3efe8fea8dc608ee3e26ea8f6bb9e8f9e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
590afcf6b9abd2db5ad6cc7153487613

SHA1
9e5c4204a45e35ad5a41054225aa24d28f1ee319

SHA256
fba85adba517d7184f07c19cebaa030396e66782708b34a8e62e99f72d31e63b

SHA512
0c29bb915b0037ae2fd88be8a63d8430216df0b08557c64f63118c9c116e1bdcd21b34a8b61971efaedc4ba2e90ba9f93d39bac2325a50a9f1417e2a974dafab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
2cc68603b39364dd211672d83271943c

SHA1
d44521a5dff8d842e4262d223a7a4dc922e47f1d

SHA256
80c8c00172d0989a656baa638e30c754aea49f2f88353c8c6d79175f0267cbce

SHA512
c9a6ca8acf2a2d879beabc01be19e87f4d7461dba8be4fbdeb7999d2f99f89f16d0906396e204b35a90a3584a9c79d8faaae5d44c8062598c4e6eb3e5cb64883

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9f96a1c10a0088e2703bf4b44aeae6df

SHA1
027121d48afe3d3355031c63e7165982a7ae3c6b

SHA256
ffb1201890456a57bba5a202453dfae1379391ef1bb201c090b61df41afb2a2c

SHA512
f83872a3e71b8a96a6d88076412a3c5f87f34b3245b0a1b8222e517bb0321790b3c31b9adf38d25f52d7e5347c479392f769275bc38ff9a84b609bc594e9d993

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
44469c0710a11ff8cd1acc049e517cba

SHA1
06eca8297227b013c112e166c4011b3503f7ac1e

SHA256
9a88a2c3f88bfeb323bbef044320d646d97fd40c80fd72728cc4abca95f26580

SHA512
a26b040e2dcc931560844ac57c5c84be557e6c4d5be2472092eb314f8c9173bd9afb80ae8b81305428dad65b8e0324e5cec71ee43f63b03b9322109cf1685a33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
21e6ef282481012e93dae99a045a7b4c

SHA1
2be9c570051046dbb073975d4f6bdeadaabef34c

SHA256
473dd46cabbc34d0054b2ea1b74c7feb790ecca00ef5718f42f227ec79c111ca

SHA512
4f966ff06aa8d0ab9b37e3d5c421ecfc16080465bcb845dd0ab0fdedca800dd2eaedd4c2d19dde1c78e9b6e80a7856af84c0cf5a515a2ad35673e4768666441d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
6ad8c853b1e1a643be64d38c875d9ab0

SHA1
7ee73ef1802aa199858e4920ef20650a252a6c96

SHA256
db5ffa9aa03197f9454db99bd7c675d2dd37651010bc1e9c885db220ad906c23

SHA512
44c50270fa267db053f7292d0e5e41dbb4dd49aaa94c48bfa164fefb74eacf47995776dce106839418c81b26b3af6af1a5be817ae436e7dbbc1fe36faa99f34b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
45fce6bcae1c2bcb71844d4b8fdcc10b

SHA1
c8d23ebf582348ae57edf65f1221936b5fba6d96

SHA256
08d01d96e3789f41dfb699caa053a195b98288e824d059765b48c5f9e3620652

SHA512
491309f8b584639afb9eab1f355accfaf7757ad3e342887810f73220e4a2f6151c91408fdbca5ccd2e8ce895e016e04eabe5a893c149bb912a30b0fe5ba1f133

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
63f0c80256fa3dc2651cf5024120f90b

SHA1
90ce5415d7da0e8524542c61fdccb1ed12fbe9b9

SHA256
474ff6748f85ba751d9880b6e9c128ed5e22fe61a100c53d544c5a0927bb8281

SHA512
57afa6d2864a80ccf2cb12aeed69a7f5527a00ede034d10f5534070af08cddd5a3aecc9f06a5cebf469099a8db2e7589ff418ef71ee89ce0ccb61051881b2a02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
e11fc38262969a226701c98fbd474c94

SHA1
c3aaceac1e2a11430f87d7b82159c2c743c636e2

SHA256
e01ddcd4fea4776d76b436cbb233827cd62d03c4a74c7989ef4f427a13fc3061

SHA512
a8da4dacd0b4071ca6b47cecd04c066ca772ba267af33b555be1f1ae32a8ed739e47651e4f5286a5f03f6b9572379e6e19c51b9350f9a111f3ddcf6d31167869

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
615369a8b743482d7b4bd4437c18451a

SHA1
7e889bdedee98d778c51628bccaa96aed9c79400

SHA256
890ea23fc144da437d19f73122990656cecc4641cab5d4c64f513a9daf817b13

SHA512
b3c6145b91e0b223f6e42f4b40563d1eb87720bea33d4614c6f367e913fe0d831e7cd9f4fc381eece486bb453468b547a9b09d5ad036d8048577311de23c7437

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
826a06223a4de862a22f3517bd79e847

SHA1
65c5636387aa144b325780b7e12a26855fb07e8a

SHA256
ffe42d9d3233f116385763a97f72cca0d965f7b0016a33a02af05ff3a1b3cf38

SHA512
5dc725b2357da419e40f8788df8c58116198899498cb40ad4293770a8a3b5242dc674c25573f22ac9258e6a6e7e227e66f1eb1d8f4b506bc9a48320c2b2063af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
b0d0a96fa7314810aa437978a14a7588

SHA1
687a2643321d2c39f39a4ca336ddcecbd6487f76

SHA256
9ec6d639a3e8e9df68c65596993173fed0c111a3d4eb26ae4b8fbd60a39cc7e3

SHA512
0f34d5da5ae70f516bf13f15c0931dcf31f0bea82452a9e663d515e308610bba88bfe79cc2aa04c9b7efe7da452e6325b7048e1408d166ae92d07f79798d49d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
2477696f39c370eaeb4dcfac57dfaf05

SHA1
10a7baa4877a6a96c2ce019acf454dc6e06beb77

SHA256
3ae27cab246021031de2a32e88b03eb88008ff7303f60b63e5ded7ccd2b919b1

SHA512
25f1c361f30af7914351d99e847a1699883f0378069d772c1b14b1db821de9720b3599f16f647ca21ef59d2da6093d304e06c885a43df7c27add82dbf32863fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
2efde19f0f699e766d3e83a5bca13290

SHA1
5c58ffe2f6fb30f8fbbc8596b9fe88042fbfcbfd

SHA256
e9e4fd86085f7ce0df15e88a5cf278d194817612ad61dad98a65b95872bbe789

SHA512
a354e40d3b3df2b7ccbdcf98d98c5b8bd9e737a4cfe23d1c3e9eadbbef806fb4851531b2ed36e9f1480f6d16418abc9a647c6bd21ee67ad6ba8a1109280523d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a6df583697e634a126c611bfa8d235db

SHA1
9eeba2f075d505446e2d9169d6cb8783112a4d32

SHA256
cb884af274814fc78212bb864704e33b4c8451c3a34aade701e5467d3b7a9f24

SHA512
449097b4e2b0ff1ab46fd37ba0a55f23d47fe49ae31f95d564f569965d833d1bb51cf150c66ab7a1a644735c13ac4cd593504e3a08505a4d32439e3997ccebc0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
bb2641e755068dc157d9fc73233b4532

SHA1
e17b044e310af8371e9f1b28f1eff07c4be4dba7

SHA256
dd8d6a78d225de1b6438cde5fccb86a5c103d323f8563bdd737758e11269bef3

SHA512
6acdcb88afdbf1d78a749c7fbe376c822f34dc380d32fd2522cdf0296cf8d6131fa33b24d75ecbbbc9d0ee1577cc69b3e9171924f9b384c6521a7b82c5c03547

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
762e2ba905d2b69140daeb26b5147203

SHA1
4b852c29f8928f35322c4c14f88a3b9153b89881

SHA256
6cf761037eb10810623cf2665cbc28bdffce2e7af5273f8bd864c7d46f203a73

SHA512
e8352c74ea9d8c8fd713212a3211664ecc1e6257f60a7ed08d5b3fd89552663e97672cd0443a5dd21a0497da42c0ae993ef1045a1eefc4f9b5de798a67c15ff0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
35a6157f8537d88030d6b5cafefcec35

SHA1
a1fc87b3c14a4c5776c75ce317fc2f4a117bfc8d

SHA256
349b41d6913278373f537933a1cbd4a78fa3ba6d2be74f839b5e5aced1fc76ae

SHA512
c9ee7769b94d8ffb58b0dd0272475e7895f201a69c216b60132db7ceeb4f502e87a8670c4d14ca1a95aa287ed4eb4071dfb6e9794bcd760be6f912e800afb087

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
957ae4177f786c649ab8ea685dec83c9

SHA1
bab156cd7b8fcf02d8d5a32d94bb3919de28f7bb

SHA256
9e87c3e023c56d0073b92affa66508f0237a0d8e60c85c834c8612f51e78218d

SHA512
e28932baf6f261af9f60fe65dcac93a1938fdb55c7e58ea7e22d523a63191e781894fe0a9dac7c1a302b54eee3f72910c362ec7b5e7fe852e431d289836b2fc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
a227bd97a6cf73759feadd6005d78c82

SHA1
ffcdc8515c050a77ad6c2036ed258fa8604236b7

SHA256
5b69134549a6e2f00604d35692817fddb04b33f5c1b9af43251982b7b0257a4b

SHA512
48307493978f880105270b69a87ecf9e0a9df68d6665793d4b76adb39c7621272723d5b5fce0de2f52e5e1092b44c923618d2abe6c405620460e268efb8f7b58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
9467196181d16aaffb381806a7d1ba5c

SHA1
6262f1cdd77e2cd93bf1eafbec628606e5c3dc94

SHA256
4c303804d62a98a6d02cd8d8aa43c65ad2077c17a08aeb3a2c3365136ce76d7b

SHA512
046d0781278ba5e43942c9097d3e8cd8503e93faa38d87a9790c2d3ade0ee31e5ba2493224bf9ecffe1706142cca6d59f15745d64e6b38d8c2044ab095796a2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
f52db735a4ad1bb7f5e554426211ba02

SHA1
46704a7d7ce68a289e8ae2876a68ced90191c731

SHA256
627199d3e6040434969eaf1babf53fe303734ba33a72eb8c3e5128110e3daae2

SHA512
6d02c566fb9fce0e3cacfa8975844f4d11ad6108f450aeefd295e373c9a552d3b2f50d69cf98ee00abb1dedd9546bd949d5f68c91837adb8dc90e7aa10352c09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
0b351fc8c8626bd9cc1c3a3fb233de51

SHA1
ac921f652bf0198b6d1ae7a8df7cc3e162e53582

SHA256
a8ee7304da4684aba230d39bc915abf886f2efbd93e122f46b95a65232e97ae3

SHA512
4095f98748385107a4ab66ac272d5025cea4cfe32de529b769dc59d763dd566870ba3bb85429a837ea91e2fc17ff6e3d00302bc8e5d7a76fd455f3da34c7331a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
657720c94cc6d18809cc6209b6ab897b

SHA1
7f8a043ada10ea3a20cde4223ad1bc7a12db714a

SHA256
58f9f5c8a312ac1c55b8c7a2073f2f4795007d1f1b0e657057e026547a01aeef

SHA512
dfb5a9d9ac4c6210e5cc1a8b03e0f2666cbfeb03f79cc1a02b01a1ecac3bd3470f14fdb81ff5095a4a7d3594004ffdc47d5dc59398d23c69fbe780641540d7ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
283831fadcc6edc164902a64c77efdb6

SHA1
a5376ffd064c273d3e409081779c34da31e64068

SHA256
b24f21ecf12d9b57e80d4d3f52dab38f08f6030f592809bbc1c0d79a419cca2f

SHA512
c493fd19f3c15d7589197ad02376213d0404c57c1b3b474f17d794a120a0dd64cff06be2967b202539570a2a9ba80ab043e2525565acf0084751394bf463b4a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
dfbcfef2cb673bf4b222b7d0d35e2616

SHA1
dfacaf7740fad206807c08c88597991917e43f82

SHA256
6819f2ac2366d7ed5710f3bbc2a855114d3538c2bb202ea87fcccb02360e7da7

SHA512
b90fc35dac1cdc8cd04471ee31765b2f5d95ef08a0cfdfa6481acd3e1370b598b14eac8e5e64884d67fb17d09421976255de0b4def9131759e00849e2fe5867a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
2eb2d1bbf18e16ed592907028b4b1da9

SHA1
c48c8fb7aeaf1316b09752448bfff240bafaee56

SHA256
04cb891dc789e9e34a221f59e75c5a33a53bc59eebd621f5c7e75c1cbe8ca9f0

SHA512
fc605ac7cea40d75c3a4e6629c6f0c2867fdf5d308a507b6507fa69d016c081d6407ac3d6790e9a35818ad958926dd3f2de93bafaab992d94fdecf76835e83a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
f6ac5f482165f6fd6b15e64f1a14309b

SHA1
5c0a5d20a06db99cbed90e2913fad8752e6e04d1

SHA256
481e713d701a72a4657ec8f0230f892854d3f93bfd28e81a07c10a514542e268

SHA512
17c2980207ba95e2dbb86298c0a3052c06580760d09357b66bfa107910c34020b296b82a59c8ab3e94ba480e2f118bebd2035cd91448f4128b23035fa1b5b0e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
f8aa0be93a9291b6ee0d3e3270b64522

SHA1
ac3fea9093b68327e277af98219adc222254e637

SHA256
a01a76ca404bdf363047f7972525286cd7805d6981ebefbe2f6227c6abd0f322

SHA512
918d1db7ab26f29bb95ef9590044e3343d35df673c3ae885a13361930ff0baca6dfb90c4fe6df2707a7b56fdab974a8f32a2bc66ceac31d8851f2dae9e7aa7df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
0bf7d510e4d551a9b5abc58f677dd462

SHA1
534dd3245b640ecffd4848e2072295891051136f

SHA256
dedec09eadce3dde004d52512c02000292f96e51a7dd9499d67a0c68ba4e7697

SHA512
00630eb0c20a28a57c39762cd502128e6fb8f19b519e1f24916fa042b1392a807783fe08dde6d6bf2247d430b39d3623a302bd343a3275e48f29500e1d0a6303

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
0067f713d24a6ba550ab7982a7545d56

SHA1
3696b361498d072bebd120b2e4e6959ca24c3835

SHA256
7d2f6dea190a9b902f72e0d3a569571b592f02199fb14835dee3b973e06dfa95

SHA512
8323bde9e5c7662fa1b8fa58bdfc49aa852e29c1dbb5d15714ab35bd6211952267fa3854ca45146ee8f5f0fad40f68a8307f1abc3b7b7c805d4c2f3580ae0100

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
ab2dcd1ba7b2411a16f341de3c6ff5c7

SHA1
47e66604b272767e638367f9f5a6e09c2d77d1f4

SHA256
85503a1c8d64583d6ab16d4fdb70dbebac4362b4fb11eee867311ba0a5e0a1c1

SHA512
b577f763c174dad160d34203a6e7260d559af26df83266c81b9cc8683880f3bcde99f4524cd4553783b2cc54d56cd2d46a2d53082b6786124c21764cd782592d

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
1e307c083ae3305bddbac61fdd8930c2

SHA1
e92d2dffd81c8b9e18c4b6b72dc849e8e5f1c53e

SHA256
7a20691371bac858e2d0f22e0ff017f9a4ec2f3ae89f36ef17d07f7fe186286b

SHA512
18a5cdd67ff5e6f9faa5a92e359a4968a300b7f6abd65cc6ae4dc99c5d9311f8f6afe0f3af5735bcaa05e5de51cd103bce72cc88b5f7c9984f682e0453d05c17

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
475B

MD5
45b4d228c5cac94492892fbd8809008a

SHA1
f2ca9fcbc6ad114ef98cb6ae8784bf7578625c0a

SHA256
f3de79ee3696a3abc54053cc01b339c65099251b6b07a03b46b73c9d140ecaef

SHA512
300521bb1a7f5f9ffac45aa6d73f1d2d9ca57bd8d71a291d0950af5d8035e27740f3b54b3b9870058cff4ce2d93413c59577fc11f3b1fbe31a0f321994ccdf1b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
7715a9518c91e4954a836822e5bf36a0

SHA1
4e530b0e6d41ee0ef5cdbc622ceb6e69ff92f95d

SHA256
bac45e2912a843d55664e09475f7003f0cfa14d6511fc6723300c1af40eac6e9

SHA512
c0daac1ec1c4f496b681ed946c3b4cbce93b3f9468a3f7ff898c6f7eea58cfdc1831098f815abb06f009ad6dc4ca7de12014c44e9d64409ff1e8775a6096bffe

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
6906796fa50917cfe470847b4a0a26b6

SHA1
8fa5040a6f541d5013d3ce2ace9a764d5f472d24

SHA256
b0e5ede5bcec9d9bd9e2eb882b7bee4a0be6ee3a78736a68fde8627a2a244fd9

SHA512
f7656e1e69e455fae777fb450988fdc6696dab8a36b5d61e8e4c8125326d9d88386c9049c45ae486f2955a7cab044967dd94a077c543359a7de82fd18558497a

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
d6282fb27db4ffb39badd58b91d8b0f0

SHA1
79a5afe80057b2de1764a2bda1ce11e84aaef01d

SHA256
4f209a5306327e3304d12ebe67cab1b3d3f9a85fb4bcd1008d5cdd8ddf858ad5

SHA512
30308db73b61a5b123319c01c950db0c8d1dd9bde8896f5fc6f77695c92193f10c810a76384142695ba8c65564d5778aa558ae2d25ff5e6f4aafd8c54360a35d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
b80cb7b06a00963b391755a1224d6a54

SHA1
0eab3cf2ea341d8a9ca921072813ca9757ca2669

SHA256
1f44e1a08d742737f273fb6e3f79dc12095e31940586129a56345ae010306978

SHA512
c58aa930b03b185374c8a3c3c58641375be020b7056e12bec8fd8110447d31d15f08fb2ae180c836d8654fecaed170e97f0985842bf49066196ca044dca78332

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
9a4f85533afe2f32ed40f87455bf5d60

SHA1
65c0d891b23a7a1c15b32f17a8fcb830fb4443d0

SHA256
f413556a395f3bef24e6ae72f740bc366e3d503dc7f90dc0706fdc89b29718a7

SHA512
d02e74f5ad5d12516e406f7fbcacc17fd27dccf93683f51bec41bbe59c26e0254a3c47d53228a4904782095ce97ab7ff24a83468692e64668484f854e5fdda7f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9d396a418eb0c843615af2fc764c03ab

SHA1
c5147ff3ae1737214dee2e1a280d1a9b19758cab

SHA256
32a284551df1321342914edd73ddac1957619655010bb3e890ef4115e01abaf1

SHA512
68e9ae3a23d25e5afd55a6b9f39c183f174f1c7335f2d94fd455171a6b25623307f9b202a671513aa0b5899c4bd829465f015207373e92f836bac4f940fea887

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
0e822c1da57b6e86120ba32ddd704cbd

SHA1
2209c3d9e245fa415af4a33913af8ddd5cd82dd5

SHA256
e5609f80c9d626f024e0b26932cb44e8185ed23c1c75be3561a640134816537e

SHA512
f7880755eb523e7fd1e4305258a71e976e6b6af7dedccb5a253dee63c90644f91379c303144a49ab46aac0fa552715b9b8ec5b67e17dc1b241cd025b785bbc39

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
63e08d36227d14fe0b13365689e3bac8

SHA1
683688a2df5c2d1bfbe634ca3539eb99e592a332

SHA256
2dc7e1a13d14f558ff6880142d0de274df9022f016c815adb9a45a549ab086b7

SHA512
58eb6658da11b319f2b4524295758e4361dd24a21844ac315b063288fe4febf33111159491e9fd9499b5da93e146a86127edb4b0388d5fe0c28f935176ca0b9c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
91c36bff1278d876b808c95ae6bbf822

SHA1
282719a5b60c17fa351c11e876496fd3b53d3b66

SHA256
d8db0bff05b7a3101de90dd2016be3782972bc567ddd80343fe3f04472beaa9d

SHA512
6a91afa9e90d845979e95634ec387123b065008ad7afea48c1c5ca8f00fbee430ed45b1dbdd535456e5266c67684b6fbf059bb11552b0f4caad8dad221a3c650

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
2155faad7aba2a1158ae92fdb2064c19

SHA1
6cdd0cd87b06c41363d46bee255f9d936936291f

SHA256
90e274e85628eef5dd72929a1cad4c7b80a3759f171d9ba6aedb94fb86854fbb

SHA512
573eecb136d99d48c5b05d1d756c3657b410a1bd2d58bd0bda03b5eaa717c63afa94eb8777da779e1f4bc906e643dac7d3f5c05bfe4ba64f270621c30dca0923

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
0d18a5a0fc24cfff212a12585637c6c1

SHA1
a14bfcc107ff6b38bfbc3769838c259af5f5505f

SHA256
2c0f394cf5752871ea6bbd99ce458bd8d6c0c4a220a33a89b7788f5aa06af996

SHA512
adba432b85567a78aa35f94c2f69ebdd7a53e0108ad91b9ace74316cbf1faf554189fff7d0ebbeffacfb4dd597fdbf1d7ce149b1939a0e44afa7ba9717e786f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
6a6c5358b0513ae3395077ada121d543

SHA1
db45ed8c71de3a2b10a80124bcb9056a8b9806b4

SHA256
ab48c1bff335956549e4db2f1aa6b80b6c6540caf967722bf6797d1c930867e9

SHA512
4ef0998acce6ff861956e63093f4fc2e8d869a72eed7be957b586e3b512183de41ad57f6c2ac77505ae7ca5d3c70a9999b01da84386d5c7f1fcc038906e47420

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
810a1eb28b79816adcd6af4a823e549a

SHA1
4eea4aea79c9651745900fb16aef3cabf92c7abc

SHA256
da75639f8dd939f98b5b565d9b2a9ba456a01fe61650991f1afe9174c84b0b48

SHA512
b3036815d87cec963fdb54ccd5cda791ee941dd0836ceccec32cf325230b256f6f984e483c3f60cf4aeea72e1262f96f48cdd875159986cd828485fcd2d77c68

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3b2ed70f87931f8467b7ca8b0003ef8e

SHA1
1236f921b2a049c9b6b0aee37f663ad78bcde504

SHA256
9984809ae0c656f5272a3af3a9e582bf7351703a7f3644fd230faed8e5fc8796

SHA512
1282507bf098e11f76cab6617c3bbc20d76241473a78df5a85606befdf2cac58c734cc7b17c29d772a64cfe077b16689ed542469c37b5827c46ca24a78d54f02

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f4dfef9b2f0122074e73eda2aa73bdbe

SHA1
3296dd77cc25ba16e7aa94745b74c56e5d96db45

SHA256
d493e3ac6fb44a019c29ee3b5591e252dbe410f0efd84c613edec79eafa4825d

SHA512
d97e0e8fb88bff404a8a0771d43eb80b76f161e8cf383410071dd731473be1c5c9d33241f96a77d877b53280ea884c7edc4627e4ffd65b1fbb9f97a7e49097ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
59fc591f2e09253a5fed3f3555006285

SHA1
180d872c5db9cfe7634b15d33aa9b89e547edf1c

SHA256
0e488b51e5d59e1559f1587b4017f32227ef6e97230c28d9a2ff961c78208a12

SHA512
634647cfb744fb6429f36d3a97d37979c6cac5a538d36361abb168e330002e4b4d9ce85fd7111c0185c0fbd4971776d5452a9fab838743dbef9b78bb1c6565d6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
a10ef632615f560228750357cab5dddb

SHA1
7d1f645488a51afe5b3d4dd19883a9e22440098f

SHA256
1a4a2320c76c19a2af02b3b20866055ed1ebf12f156925a6661b648146a5e8e2

SHA512
028459973fbfeeb6e4d789afc78bcce00768b2c540de469f042e3fb39e87fce37bf04060ed3e1e0bbd3f47c7a3f88ab1aaba47aee55f45380aaa2c101e755ea9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
bd255399a1b39992a57f408fe5ea0d5d

SHA1
b4c1fbf3d692d9853551a4e23a9f0349bd4c6cc8

SHA256
8856f7e15a23686733702d82e7ff65b3499a86802eb5e4837afd009505f3206a

SHA512
ff5fb1e37b7f55c82c223f706537f00dd701a78e54da3f1ede75f453a731a047d9d8836acdca6a305feaccca56e946f898cd1b3749b4833ea180ca4a8ac58468

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8c95ac120c2f1fe95f19eedc4d17c1c2

SHA1
af8fa1e9f7c157ac6c2b11fb1f36d58d0a24ce43

SHA256
6dd7ff076618384245edacc2265838bfd81ce2021e892fc29a4ed6a0f4dcdadd

SHA512
8e45e192e909e79798914f1f57df22aa51fb05d539fad13f4b18158e1cc5ad4681d8d597ddc780684c035b519a867ca1824603f785ba9b8106d1ddeae934b502

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
e187644066efd374f2c0143320058bb1

SHA1
2d41b69b25f49fc0cde5b3a826b944a387b75d23

SHA256
9bde365d251e670703cef70f98d4ed7417bcfa58fc6cc780fd6b2e39a6588be4

SHA512
fb39c85575ccf896f062eb481cd43610b607c6b2a7926915b3b80b2c602c80709ecbb5ea7c4139525ef79b4e79d3bb336183f6b0d1b1b4b8c048d85cd592b8ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
dcedd6d37a355423ec86761a0acc306e

SHA1
91e4878741e3d2c0556ac1b3ecd5daa3566d12dd

SHA256
b49eefb8ca06863e1b7cfd63eb4ff81876aec0f3080094298e2397e0273163e1

SHA512
0e69b12ab4cd4539e01b68d0863bbad2db5399c2f92fa13091743e44e3a235f50f885fd1b4d3c2bfd53ac2db2d3684693bf88e7b6cb6a0417bdbb2b9b1f12ab9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
b10b240e03af763d5aac720e0194a0c9

SHA1
5f0ce802212a4911b6cf887784975e6cb7a22224

SHA256
9d630e4448013338abc6bf09d47a4d1326cac586b94ad386dcad8caff4feda0d

SHA512
303ab17bb124df396ec5d10b6c06d461a94f54b7c775bd4fd0b6721c4089bc0876e97b569dc8e70c0dcce66d520a622f7c5cda62b677cb443be5e9490c61b742

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
cd98de1ac0751832d1b817fdef6eb154

SHA1
6765b5128bfc4719bdf9aacb89829c91c355a30d

SHA256
904327e453463dbc206507c2712c26f679c4ea7cc2d4dbf5df13b613110e5353

SHA512
c765a7367258ec1437c19b2ee254f366d2ded44aa704d868cf3e598b2cc03dd1a04b1b5f9969b55b43bde71d57525386bdd06089439669b4a7f101368cf34a3c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
5005fcf118de5d4b10b2f723aea3d6c6

SHA1
3c5a34451709c56a0fc9aad625a1015dea1857d2

SHA256
6b020600d7f43e6c907f8b022faac2be32eb540561c2b01ac8acde7ddd2ce7dc

SHA512
c0a87aaec104097105f00bc1ee493edc91848b93b68c1f3f989bcff927f27e7f872ced1b9739c1cac080db2eac77cfdfd7e17967daf6c88c2c4f64c5726276e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2586fd6c7f7918cdc8cab0a776e13fcd

SHA1
4df4d0154935346475c067b86d54c7f76be4581a

SHA256
0562b4988f5ac6a16c9cc87f3ed153c84a102b3fa343dea97aa5064d57aa09a7

SHA512
f04283e62dc43b7f1a2ff688b1efd681d71bec09d9ae913a60fe7146dc70620224de4256ba7dc898614b8ad709a7c4898b0dabc32ed4700dd9b18ac7947c815b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ebbfa7a2310cbced3e2aaec1364ce44a

SHA1
5205aa7ee74b5b509a5664b83ac56f970856cc6f

SHA256
ef1f3ea223e25134151f4c37525840e76e2bb1e118f2df3a3891a78783b23482

SHA512
406e90146c2d348db5c85142b65d7ee1792b100db0540ad781183a517047130a4be497639f504495619f0b901b08ecc11bb493f2bf1e1078f5c3c505ebf324c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
95d14e7c5154fb6b0299fd5988c22400

SHA1
4e5ffb4cfafa3dedba452af3fdf04ff1b953bfe2

SHA256
b7f1cc1ee432bbbcfdb4aa94aeb52254c45bad6c8e1564ca6425b720da71682e

SHA512
6430ed8414505a737cf8bd89235ed28e1a4a68b1c8e2f1317359b45405cbb843727c720b43fb9801ebf0602324bf4ce6132376d6cff2b974adbce3a0e964b218

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
08f89f412f13951ad1002c41b1c55b1a

SHA1
dd84151651ad99b2afe6fec4ec7a7b4f4432b505

SHA256
ce681d347604fd50a18e1a35dd9edf849fa73dc44cad441abe83ba1cba7b5c8e

SHA512
e2a552d7853d42904fb76db89859535c999c406d00224266174a8bb94a8eabcc5fe83a82757afff7d3ae3bc4b4a3395108844e420362e9372690955ca54ac988

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
03ad63669602c19b4beaa4a14577a04b

SHA1
73ea2da5be3ad7ab4f286aa2d52651ee8e212bd0

SHA256
0ded3d68290cdd7d1e0553babf1254c26008fc15c0f55b1e6a342a169822433a

SHA512
2e0800bb481da1f027193a28c33ab9bd52dddb58f1c042c9a3d82c5bd76f0d5b79d7df258a04766d7995087bac8c43440ccbb8023003d33c7307d0c81a872590

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
98221c97a00fc208e40d7ab195af7718

SHA1
2f2b45a29c7614e2c3a07fe9a670df2868e65871

SHA256
b18b0613eb03391fde2b40ed5c086406e5a04092efd3a5b4c5bd4d915c5827bd

SHA512
b8dbdda477a2f8c17446405601cad9e6a8156e7727396e72cd1a4a01a726c5ba7460caa12bdc5dffd62ef721f7cd700f9010a54df3ff9fddc724ee74d6cf190b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
2a3e644bac5d99882cbaea342410af5c

SHA1
f2048568e4c826defe584733d5a3db8c5386eafe

SHA256
53c7e88c9c43311ead0044cab6f403d71718f62757a2d6b75069230c61db0fc4

SHA512
7b6f536762741668b8ccfafb2d5ddcf20cc73347e45372c6ccb109c0e04f66803be30cd7017cc08e93b9fe47a177296dda01dea29183aaa8136cea4dfc2622bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
300a4fe7fdb37e785c4061d03f51bf36

SHA1
599bc89dd49cc769bb33b2b46b9d894ce43782d0

SHA256
b0463fcea76bff4bdd6a09035bcba1dbade2bb5acce7506912aba0f9d4e08a6c

SHA512
30e498a84c840bfed55055c895b92baa11e64d3b71bcb5061ab0a6b852bcca72c71756a1d9901e42ecfbb317d3246ae21f5f35f0f78077a9d63958ec5706576c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
3be69bf2fe3a57b08d408464802965f3

SHA1
bd33f7d5a394bcddf7e49298fcfbd3eee40fe900

SHA256
463bf5284cc7b7b1e62d39a0729e44b6be2138a4dabb1923f5f35b0664e55604

SHA512
f1532ae0a325a1efe22bea81d5a99e8513987681083d5f37d2160b46cbda832c34c3ba34aa5e55949cf90cdeeda4f96682fc6026e90773de38aab7dcbdeb4fe8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
87aaa7c34d93b89c7bfcf29568ed4c70

SHA1
678f86ccb5f34ff246dd54d25a154bef211e363d

SHA256
f820d7c9c53bf6b1001cca1a861ba7526f260950facdc88df4b776726fcc472c

SHA512
3eea241787b6605a66213c68f5397cadd726b4021be8b41a4517c790926c55dd26d426ec517388a8e8fbbe21cf254760e553ea13f047b6aa746cf0d53aabf87f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8b9ccbb5687cf252a44f92e87077752b

SHA1
e0c5ca4734123b67d0ccaeff14da1f8729c8a9d0

SHA256
5e341836f508abc652f678ed1a12c252981f21a37ed10420a66cad17f1780dd1

SHA512
3458dc23271a0a3bc65b4bca2b13aa7c16112ce3293e9ca1f722a649bf0e4e817a47d87573e8225f581d91fa414300ee3e9a99e0bc954c2e6028c64b826e454c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1c2b4d690750601b5c9c5e6245de12fa

SHA1
2db9028f302db6bc1a96ae55534900470e1f2903

SHA256
55e918c62e1bbafe40efbb6888191109944ba5eec1bed1a319ec67885e80ef69

SHA512
e2703699f9dce614743dc233dc7e1a93b433709f728db3f0f82b99e2da5a6ee44dd3b73d16a719f20cf1a2a2a336695277b1da82968fa149903b190d43523a96

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
668874ac266a3293e74857c4ba0a7e73

SHA1
7f4b3c8f33064e5583f572f191512ae5bc6d998a

SHA256
15cf782acf15d03d37d3bed901e4c9519bc0f1b902072c4d336acb84083bd398

SHA512
edeb036623e4b9498bf3b0bc5e844a372cb712e03d539dd29c5c79a3cfa0a6a3bee80ae731720bc756066f233b583d20c679893f20c85f00ed0b39f1b3224db6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
eacc79fe7a3a06aa5347f76e624216be

SHA1
ac30934812a138093ef8171560f557584b0c92d4

SHA256
9813b5bbaab619401d0438bb2e35838e4526fe5e88582c938a12c9a87cc6ca9a

SHA512
5349f8a47f202de0ebabb864085048a3ba0e0c71dcc978ea405fbb47aa869b352479fc33b782701e360371586809c15f25664a785f47066814d0067676f98e9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
2c31d37236c0e50a3e8f5f0c76828d00

SHA1
cdd5d32917adc5503cf39dd5ea13a26824c87db5

SHA256
724b288040cd2df0f2a03f9cdee1258f3ecde42237880501d28bb0de76fb2899

SHA512
e0cf8c154906f533fd568dca3cfb279d21761a009b8f2b661a61f30852181f2d53c41e8da0a822ae7217049a340a28168bd812d3ea5dbac68e3ed4e9d1d88880

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
cdb1781be7b49057e82780ae7bf6d7a7

SHA1
f1571c0ea995fdec8a3c220b462210f1af4e3664

SHA256
3e04a1894446b63ae1289c4d08e340f40ca13c82cd46b93c1b6bdd99ea32d234

SHA512
ee9f4cf0d410b6a749cf4901679bcd330aa6e77ace1442eea98dc9a94823eaf2c2b6c9db30bb7bc9c5f78dc4636c87408508c8d09a39b04d9f5079b1c2438710

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
1131f6caa752ba6711573fcbeca5690b

SHA1
7b14308eb4b69ca05a9dd145de88342cc49c4d9c

SHA256
ec9528a1505bbbc1af91617414b05dfd10ff2a9cef736807756ecbf1eedcc45c

SHA512
d4f41d68a2f6db32464959fd5aace636468b80569d061496013b933eaad8ca45c6eb5adc4f81b783bbbe7454fe756764f021d3d9057f3010ec9c562ef0ba9741

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
2a9237b879242bc1a67d8dc8afb74115

SHA1
702cd4a3e59b234128a95b2c748b889f2de23bb5

SHA256
63c227733fd8aa70afa0e2b7aaa3c725fcd64045bd5fe4c7c3bcd46759a3bd0f

SHA512
351c1a859080b1e311bcd703744300505c25246cc68af4adcaf1de965518ee7244ce151b682fc695bebe348fc6462818934a91d18afaa96f72f45aa59bf12e04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
4569f720638b87ecd4d3a881db045447

SHA1
e873c3a924b64929c7a83388f825195b34e2b23f

SHA256
0026b5adb2b94fd869a67b0ed6697f8da72ecd46cb29a7501975ca8f30fd245b

SHA512
3b9c81c9918dcc6b0861d341b5b5dd89a8e309b3c1feca25c30af4d26d9264472a9eb0f3a37539fefe3dd9c1ae6d68a7de7f16d7dc9f9a349328a1cb32dba933

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
483dd77c2116ac446b16a6691a44ba8f

SHA1
881495f73c51a718e7d0b7732c1183fea745a014

SHA256
ef1ddd6b39854678b10ef943a26e584b0c66e75871d7e9528ea8c07a3ab2d47f

SHA512
abe989ce3080828cb8a5f6d5ef7c19224d8eb406d73bb652d9857860923fd958814a1e3910b321c5bd6355b9a8a3c4eed917df47000d2d33e4458ba7bfa11add

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt

Filesize
77KB

MD5
a0aaaef0d6ae2e7433b8d7bc9f5b3bbe

SHA1
63fe5f684bdcd3c781bf956332f92e2a7c627d01

SHA256
d6be989b5eb02d56e16c66216a336f0b1e704aaf4af55e2703562e3f19ee6cd0

SHA512
16b4dfd977bb17f7515c5dad1bf255368b219949d935dacb3f0f7593a1aed2d92b7fd676955c1beb3d56ae3357d5d974426fda0a44332a6630fdd29b016508e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

Filesize
47KB

MD5
d50a35140d240000fb8336bd23c2b7ed

SHA1
7bb43425b856c6280991c692b18c8a922ae53718

SHA256
c419200b45b76fd8fb5cf35b01c44c5c32c514312aaf6e7cf1d026d396c904b1

SHA512
b9ebac4677b61440418643c07f8aeb141899710d5136dcc5d1ebc1fdd658cd7e2b0daadc2c49e68d68aab29167c25e6240ddc4a34e0f2c4fb60ed6ba31f98931

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

Filesize
63KB

MD5
7c5dce670a801183247ee08c6bbb8a8d

SHA1
5c5b25764cfcfb0a96e374e27f49d3b57f480428

SHA256
e98d46f67fd4f6b56cf348644e37b80e2f582866137f543063ec6e19958ef0f0

SHA512
2a8787d96110c15f3ab51d914612b05e9aa7312360e5480a22e731a3cb4fe3dcf7bcf5053e2ea3c2ddc34a819d81070ca39abe719ce6d1430fba1167d9c65f2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

Filesize
74KB

MD5
eedbd6bd85af6ff03729e05602af2a78

SHA1
2757331d65af9d7281667b8c150cce6efa770981

SHA256
2409bd061fb61265458f240e551c8f300f31ed568bd45221eadec32ca8b95a8c

SHA512
c58cf4ef3ad319a56e5f74f70165099bf2929cb8d06f4a65814b61672bd69ceb362265fb493bff9aa9d47b87d001c7dcbab4427f300076e6d73b8f0a42d2876b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
5efe32a453c44b505809f9120a2e41b4

SHA1
0107b4214f195b0e9ca87833440f203d44ded4ff

SHA256
4ff55a9059408d69086a381db9b69b0c55e9b42ccaabfcc3cad0d7f5d0573303

SHA512
2bc6c02899762b9308dfcf718442b1fca48170c36224b19f4194a88936eab534c403612983d5e5418a888491899df5177dfc5b8e4a0e19e969feb1b0a5438cd4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2deb361d7a8927e480eec78366485f1a

SHA1
df07ee615401f62c0cd72a3254a307cef100d243

SHA256
dbe2aa9db2afa45d26292f6378e683c92e02d7ee4df3a41a8650f89b54e10a85

SHA512
1b66c912f06802c84be3a1ee5d3af2ed6e062c5300cea012b6f651a68311684bbc21d02d9be54fcecb1526377a9d774aae528d9cca61fe90c291b0b9793f8af5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7613cc1526079e7df1b0f7547a6ee343

SHA1
0ccd0bd9f5fbd2ac21e37739371268178ebefbf1

SHA256
3c30b62095f8da34def1531b39574906d30e13f0a92d225989fd328fb878dc12

SHA512
a9f9d00581e4484398a63d437824fe3d0ae83aaa79a09be9ff1f6f08a2851d5b3aa372bfdc0749d164554069ddbcadcb0ff07a4bddd6c1e9797565f77a2f015b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
101b4bda073431342906a584bf1a5a17

SHA1
8d867f24c8aa4a2d4226303e8b0c884cb4ed7e09

SHA256
6702691837c9c6ab6a4604db20cbf93627c7dd8d60182873ce96bd0a33b9f92b

SHA512
86c3d813dc2865f6185cb89b7948653cbc611a5feeae923e20e22577d9684ae62f8dc2c0ff7d86a8ab2829852c6c5b8384806fc30625b7c0b1248dd74280a740

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0bfd3244b94d32fe4ed4cc4a9dfdab9a

SHA1
740ac7978f4c321d575616685ef02d646e70e71e

SHA256
b6d5b100d00ca28a7915b063a24fdbae95354b0eec35493aa9cdbf8da146b460

SHA512
6d90d1f8ba07f9ae36434f95a16af86f2771dea53a6afef48238615433e125b4d117d18a1ec9247a5a34dc0e1dd51b4cab629d19a38631e7157fb59b65a31a7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
d1baf938cab0a4440010238d26b882b9

SHA1
b9737fd387e922676c11e140b5f5dbccaaa84cef

SHA256
663026c87359c5d760e8f6dc8b1217c13f0530f4863bdc32bfe5a688d80e431d

SHA512
1851c135c3a8669c5222f0a80e4b0f930ee805a3376d0681bcbb94c48ab564c858ca18f69c3cb4e1c1d6bd4cd1fea918dc55b4a8cdf90c41f6dac22c2b4016cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6e8861c48e34d68953475fad559194b5

SHA1
e41a7479070e6a537dcd6dce325b91900ae9a3a8

SHA256
a42b133e8bf0123faf3cd9c189e16b8214a245a47d6258ee553dc88bcb914fd8

SHA512
c97830dc3b41c034dbb80f7ab38eab6a180b0a913d46b973944a47a458d9733d01d5040cd9bdd9b10664c3ab5263f1ba629bf0905fcaf66985fa2f7473cae913

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
63f02655d4d9e26ecdb3fb9daf4e25b3

SHA1
3a80441dc499929034c1e6e86c775178c8074970

SHA256
433047ce3bea55a64abf81ae137eaa2e4c2d95ffe97e32d1ee750bcae29d0d50

SHA512
fb9908aa85a8b4ba6e9460d1499127dfbbaf6344a413e7cea36f2adcc4260f9458b07e0740dca4ee3ab8c5f51e841a14db06a85000fd8750d1041c97309d34c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fbb2813d54c76c83b4f6603e0dacb9c6

SHA1
56b1c6f50d4db96a0fefac46624b7ba2c358e114

SHA256
2302be2d57c4d3893669857589185bff56296f31c35b298985db9d6b1b1ac716

SHA512
114230b7b8b365f242f3b53dea92ce97d4d709f60d0ca8aaf8bc6eabd397b1be0d71526975e68daf1a2b03467ee04ebeda123de463a04662c3ad35eaf4510785

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
fe6570afd5abb034e07d78c1211b80fa

SHA1
2effd6cb805497cdf69877806cd8e0b587fd762b

SHA256
c06dd0b6362fffe7d52e3668592ca84c1d75e062662b4e8feffd90bd5dcc43cf

SHA512
f8cd8b547e83e7a92fd8a3ae1aaab33da6320bf6c51b025610ba3bee92b204eee169a101099ba3488082881ed29a095b8fa7449635eb94d39d999c17a93f5d9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e601089a6caf7f5b96a62fc4205e9dc1

SHA1
dac3c5957fc3637769230704c2cff0d4484dc8e4

SHA256
c10c8ba65cceec9d4b06f3b6dd584fb65da09f54926ab8da312f3caaa875c561

SHA512
d1f49cd1f8c68d4782813fb3897c11d20583b1df6cd56f538d210b5c7d62aa8fe0c4054c21ef4542d2ec9dc6cc7b7a7c369135de63e7f97d3998fafb44f62f1d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
526c10fe63980101999713cffd691881

SHA1
381b8b3422ea736abd1c57f7103e9af21ffc446b

SHA256
0366b81d06ae570eb6a68e36bf81a199bfce8b609a13f243d6f7ea3da869dc51

SHA512
16b4c613ebb03f737672494222f2472f9cfd0174aacf20fe2fadfcd4f28603112832523d7b81ec9ace54057b2128181243b4c6a2bd38de7cc8ec72c99678883f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
a99d4a8b652adb3bfff43855cdf6426a

SHA1
48a4a2f43bad06a41c852f3bbf4dd734671bf065

SHA256
c8798c0adbae4b7fca18d78243dd838ce8a0e4119b676a673cb0449147d362d0

SHA512
59cfc8f2709830a15009ce8d19cf10d2edcb5525a5cac427fffa3607fae52adc546fc3bb91e5a744f3daf296708e0cf015b3ff4b6e2d2fecc551d11921a07f8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
cec67991ebfd216bf2a169b5946d124d

SHA1
195cb0c89c7f9241e53e71b3f4f70d825f185c34

SHA256
249f2db15c75a92aad436ade0e6e1fa5636370f1e0a2d0f15155fb3defafc72d

SHA512
059f61616ecf03aee19ae0f77937ec024d8ec771bc318298f2af87e72fedbccf82edc7f553097850277f4c34579dbe6ca1b7ab24f46c9b0d57fa1a5be338012c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b235cef213dc04fd0b03c65e54930385

SHA1
fb16e76a1e7e0941a61c616bfa061781b35720c8

SHA256
89e83e6f72727783820398f5d113f0e25f540723ace01a31cb48e03fceca7352

SHA512
6ae3cedb919dec8d99590b0b09fce28e626538aadbb80b9c818cd558bbc207686e35a125fe5a16151b6b6a6a1d8e2d15a69c425b7a1dc0744cb666e217a337e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
20803c2fb8dc060c500cb1a2c6b00d71

SHA1
403ad94fe9c4e7d5f556e04ef3e73d0c0fc7dfe8

SHA256
c8d9ed440892dda87995ffe59152e68ce66a12b1edb1d1280acc753250bb371c

SHA512
cd86ba0ba3078d4f970c9fb979a1f019a1d9cb6d293d83462649c9a70f2219964e31ef81b04594d494a342b4e6e1a503b6e7bc086705c61aead7eb4355757350

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk.EnCiPhErEd

Filesize
1KB

MD5
bbc50e90956cf616570a474f92450ec4

SHA1
6f9069d1db9b30fa9bcbe4b362e8c876996feabd

SHA256
619db61d8a2fd5f5761e380c72f597ab6332ce5aa4bedcca5e94d06d62047c66

SHA512
7e00cbc7ad3afa03f9d9c105847f6b8937ca553782278710221005fa07b1da32de50fbf4c10aa87f6b9bd327b0988d73ac146dd4bd1dd797cef630531e950dd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
a0006c114d11414a6246552c1df5643b

SHA1
24cf7356931ad9d991161e3ed0555d9e9e7fb78e

SHA256
25e92f930240d74b933fc8bd6412ccd37abd7f8f3cd0289b4029980b8e0b9218

SHA512
d6ccf394e449914073da69ed6d5a37b5b0bbd1f9a24ebb8f25290d904f3e31a202ea3313ce4538c44a49495f41250d6401850fd838f617e0458038d2044b27ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
cf972c957684da36dd63e48ba70ea445

SHA1
a9623206b5e42e7422cd3434eb91f564b5a4ba1e

SHA256
2bdb4953251a29018a3a9e5c812e0b158c2a383191810ee58ff05cb759e0e98c

SHA512
e305f0b1acfcdac28d79b70f34b1d8299e29fb1f87a968658ada18b288cc8116790055af20e637029209675a6e381a787820dd34c9ae3f99fde373652c7f48c9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
48a39fed7770d52397a1cb56083b8269

SHA1
be6cada2669cd2fcabbe2eb143dc1bd88a626210

SHA256
098d32fb88a7ac80fb04611bc835689c1c00de74206eaa9faf00752d8e6e6d99

SHA512
8d6a454af57eed7a3da7f46f2d959f30a8054b2178c76136de46242741574295ef24cb07dc53aeac7fb758972ff7af68db287cf0520266f11f38bc673652660e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
242dfbfc175bbc3cc6fa203fa6507baa

SHA1
a3334d88aa96809405a24776759c1810229b8f85

SHA256
97b19b833317ea61d78c952df2a35d35cfdb9c46bd63873d6fe01c6fdc1539ae

SHA512
09a6949565ca32f470fd492c6c61959c944642b4fc132c5959595ce2bb5f8461aa44cabb9984f6f0fa343552e34c7b9053c05a13608b1c29d16b15a9603ca333

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
6a305541fe44f24c6289798bbf2d9a5d

SHA1
852052c6fde62b22e817e21ca6b1420c315f719f

SHA256
b62b953c5fef4fd95da33ed07b6f3c90f1ba7eca3b9fbf87b6349cb372037cbd

SHA512
6c581080ed08cf2afac2139c451b9fe7a028b4ecc06e90d18f0f17d4307e2d0dec7fdc8f95b7e4b28ab432db370d96142bcd0f56b25e95223052e80252d012f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
b040b5217168d50da9605abebd0e370d

SHA1
b7c0fbb022073bf3742cff994f53416f1ceee7c4

SHA256
70cb5b98b757a1c10047dd5f26c9c7eb0f2f601c083833ce6a461ab3bed357bb

SHA512
a4cc52f5d1ee5edc4a8318fa0ef5900f2497ebad0d06e57d4337d991553fd3ab8f38e3b4570eb3c29311e8893f86be681d73cf5ea467c3c6d3f96e5627b415e3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
4607eba056695ab5e5812671090b4c5d

SHA1
e49c78bd1edae47a9478c8e1f6ebe8308412f313

SHA256
50db4735b6023b0f1a35ccdbbefce5b99178014bdb271ae2515bae39f066550a

SHA512
37d0d6d21bea24ac97c74b540aa4066680ab43d082b2697671bdc10b6a18dc09487cc4aab35eb470adb35d51649d500cf71937d88d615e53ca176494feb52060

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
7cdf8aa23bf3fbf367bd2a4765a46280

SHA1
adf646669553c36ef130a35b06ffb1138299a933

SHA256
212c59865097c3dba47c9ecbb24fdbe6945c7aae747926dc218f0977b22bc06e

SHA512
82a122c9fd7ba35d70e40e35e81403a8cc430a53c198cb5ecbabfe9416abe829f9e44937efe51ded23e812e430644eee23a8f53b781d8daf3bef67dcd9fea4c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
2cb3aa41939a58b311c76e6112c43ee0

SHA1
f97d42fa874ae1e16c112207400bbb695b79261e

SHA256
6cd575941f519a76a1b04a3f776cfe927b72b8815021f6531a4f1dc2577ec351

SHA512
29d840b5f8f61ededef9a25cc0efb82a9859fd1ea171df373611ec4a06f87ccc8b6dd2098f28949656c8210fe4c5c7d1a84900fecb9f73f0798372af6d8f80fb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk.EnCiPhErEd

Filesize
1KB

MD5
412fe73ba161d9c0647f9510360da990

SHA1
b705d5c802ab3eb0bcfbe96779b22fe5e9a354cb

SHA256
34c42caa85034e522a4260fe2a7cebc062902efcb2db34c88bebc3e2712e6af3

SHA512
9d469589dd31d55bc2d707eb4ce763dc2be03ef0d9ef6e2b61c7fae2e68ff094b599d62848805107db73c2f9bb4a792e937a3a120e53ced42466c29d52d7fa5d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
a19dc0cc608f029168df09b135a1b82e

SHA1
980aeed11e345aa448e9949b702dfa3c60eb9ced

SHA256
4415477e986e89a127d955c65fc62bd432bb8d0310e835c3038e733defa5bfb1

SHA512
36e758f61f50b6f61041cb2fe59998974571dbd13dd00895b949cff58e318df0c65807415ec250cc91f465181abe2e823d6209487e537cd8453808269a4c1aba

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
28bdc18a44224e094d5d207ddf92ef11

SHA1
95d8deaaba14ecf93ff2b70ffd2214ac4c28f9c6

SHA256
6c743bb8c324ff28168cc57613aa0d265476004ad7ba6eaeda1deded4f9dbd68

SHA512
6bbcb6df35f90c0935e4bff6d6ba4b94610a12367516ea6956cffb508d53cbc1213472b841dcdc3f6c255b01194263b54a71b3acdd3734344340622767637081

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
bf06426d6e7a5b2f0e63a1aee0ec6c3b

SHA1
5f3bde14ba9b83834bfb1375815f3071885ef7d4

SHA256
fb0892113a05a9b65dd440ba909ad3544400313004cc7171b104a4d2c7d6dfbd

SHA512
4225c17d3895a4b97a963332c984d7ec43d145f0f3e30e5f1ecc0d9993774e72202529fba645d3567ddffa7a49d8e9faf79555a2de025ae31eb5c937de7a19e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
88b6e4fa792502fa68d52004cefb6aea

SHA1
b082db201182d6612abdcd2e5d86e4801d230670

SHA256
933f73cd0a9e835c080be98c6cc5eb7b17107c029cac3989e5c0646029a75edb

SHA512
f0687f0934c1449acdb92207648f990457425d557a457f628137ff7d4280b8c1542db15e7085eda9046665d2b3d320f4cec23bd596ce2dcb299020f5724b9332

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
1c01a99b3924faee497024c132dccc44

SHA1
cf25e998db632eaaa0a884a3cd5f51d53c7d4159

SHA256
2cd075bb46ea452374276ed6fe987688b2068c0914f23976a5510016a6ccc8d2

SHA512
0b5615deb1fe37648abc9ac759d6fe3f0f8b7c4b6826e6288b67fa63c67fadc3d5b4024d449408baeccca76a349ae20fbaa5fc773d7fc4fc70a669e422992e55

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
d60a2adf3a49a92a75ee8c5fd33991cd

SHA1
2d4d85d2ce941d0622d09f75571d9d30ec531746

SHA256
9058e0f714d187a43db9437e682266436f3763756ee6044b645abe3582e343c8

SHA512
dd88d2335939974c9db4ef7687fd2a3cec2b80ce94d1f8c8787ecc9549f36458dcc3e316fac6d84060fa914eea6e946f48f655187c66ecaaa3efb1a91b77f5f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
b2338270c5e568f1e8d69b9da58ed9e9

SHA1
e5942aa39d00dc4c50e7c08299d2b7118b55b65f

SHA256
1f17350d605ff48b1bb492cdddd00f5ac59edcc2f112e783aa2fa8fdffad71fb

SHA512
0f83de1e9ed881c05ec939ba14a38956e02ea575b163370771efc29a00fb55f1d9ed417f24c4913ec5384481b16b7764040cd9749664504e098bddb7aa374f3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
3d17b8bfea7d6026ed7fb59da3f3840b

SHA1
3258a84684cbcb8e0ab5b093591dac7b9a7366dc

SHA256
5caca55dc6b3bdee68acd007d6053cecb7344f478e729a975ed2bd5708369665

SHA512
a0bbd91c25a9f21afaf1266aca8889187dd6096f3b9a7f660a9f333cee6e4c4f738e76ee029246c4c52eca37c8b39ce89cce54e8d1116cc55e621ea1f0f779af

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
8940c8b6cbbd228092e548bbeb7d5cd2

SHA1
abeb4847c839f5bf5d0109807e5e8c2a8e9df99a

SHA256
aec15937413cc2537673b831827833dc540927478817b2982fe8bd8aefcb18c5

SHA512
85345546c7a83ab57317c8ad2a9fffcadd65ae939c92df5cfb369310298ae1f63d2e12ceec7350926bdb890b12d4680fd04d7fa824232a4b96c0eace78d52712

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
61e6cc2203c3a217d1a5483494ac3144

SHA1
bbe0855981622358eed88ed0bdcd1453d5bdec3d

SHA256
f4670df5d518c070c82d9adb181ce2117e09769505fb1bbb8b70eb974a6dfa8d

SHA512
a260f63b47fd4ca7fbcfe33592f33f6c59a6a60e50bc5c59c721d2a3b54d5210d2d1b64bc2e8d28ea93635d2a2ae98cb33c84ae7096d933b4b7e6e952d9d8817

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
7168db3f22e9f664374606b893b7887b

SHA1
b5a1d4625775184905f07af7a194e08be777c06c

SHA256
87ea5f4515f293f779775ff6f441fd88cee12b3a51c5d29f8c06675d1d562f03

SHA512
5ab9f6de4be1947c6ec369e8556aae60984eb6b651d17915464e6e0288aee7c3d5eefcb9e5c3399e1c66362ab6b96280b31922d9f806c5ca3c423df92a1c8fab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
148f0363d93bb11689381ba6148491b4

SHA1
46fe892ba4e14b64cc1a4f15f3548987fcefa31d

SHA256
2439b5e37d1fd157c6bef4546ac3e5cebe876fa224d95c0679463edba48875b4

SHA512
6f5ea1a38f9e9c3a2b8acc4984bff794928d8fe0ad98acc4f97df9925ad96b27058fd0b0e14309e278997ff3f36ef0d257c89a8af012911213282c953d5ff440

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
732f343fe85c06b72e3e4c2cff3995e4

SHA1
8d3fca5446ee9a19d2ff6466219e330d95f008db

SHA256
aed605f60c7390308eb5522d9eb512b000a4554e35859868c60501cccbc8b5c3

SHA512
500866fc1ce969ad9d31fd937de8a32536ffda32b69d21816e3e79e88e4c59361088f10c482549561ad2fda514ad29c7776c7a202c5964119b94a4bbf9a99443

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
530911c5f14ddaa0532af1babbc0dde5

SHA1
ab65bfaf2adcb44430208a20ac046e0be20ac85b

SHA256
f9a15e24aaf76b9067a154ddb54b5ee82239bf468557da56eadc04d9b3ff2cfd

SHA512
6ea00a289174b5a01712a71f6d1b17fbe4af9b0dae3a5fd2438a172a18b43b9014cb77eeb7407b017d1a09ed6db3c7f39ad12f844a52d0ff1906fdf32882861f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
01e18a2dd0d9191a9c04b6ebbb244218

SHA1
c590893cc09f318727cd62aa9c44569e830e1f4b

SHA256
6bad7a69cd9498ff4bd751cea8c63ac81ed96e4e5e95cf50625aa63964c35b3b

SHA512
e6637bb459ed483a9cd8cf29848c29479f705edc0a043e2bfc52297963ee76a92b883997e209f8bfa04779daff61695d8252daf6715116b4b61a3588572d82b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
5370b0fde82de500edc2ae9f8511bf61

SHA1
1443b48fc98f336526c92c251169e99d720a7e33

SHA256
753cee7c1a4203027b3bf0e3df972ad2efbc92ca3734f82bdc42ff0266fe1823

SHA512
b58f7828265dc453c3005cfa4af178fccdb5bae7f6ae2ecc85d0cc55dfc366276b4b9756b8f9659017453ba7f374b1f46f24279e57a0a71d2d9466d983a77b9c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
e921d840f3299d2df43b2b7c6d9b6a96

SHA1
5b1be036f033cfe05d3b0139ac1e66aff1ede59b

SHA256
6c4f622d0c153905350f717e0e51b0f31daf74cee2603dc29d9c3edd3b1a085c

SHA512
34cb13061b82b392960a78e0c0a56a95526f3e8d64d4b1d897585db2e9bb39b5cacd5eb81748c572bff0c312977c2b9ed05ba3a74df7c02ff4b34eadd2186b46

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

Filesize
1KB

MD5
327ae6403ccb3e99000e5b9d64ad944b

SHA1
019b02ec3c3f28f23a4883786f56ebf53a2ae46e

SHA256
f18262425919b9b209b51badf8f045231daace920db8138add7992537b59d017

SHA512
b0cb36d9300af673d7ed1d7e4155b90ac69a74eeac29f9033ad0261cd6486d98f92b37ed7edad9ba88957ea34f69c3144046b30a9e018a8ae4690da0b23f3e22

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

Filesize
1KB

MD5
18feb9e128a31366e99361031bdbc645

SHA1
9e2aa58959fb4fae1c3b666ef6bdf4a4017c4650

SHA256
a35e9643a59b047c019293eac9def37a096d82ff12467df494394212141a7afe

SHA512
750fe00636313649c2a59d78c82fd92a11ba097d8b1fa322e0bd9ba8d0dc92651f0ba119c4dcc63d59ad772cf82a1af5bdebf943591ad08971882b6af909f44c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
2338ecf7cfe73a6d421ccfe6d4d020ad

SHA1
9a1e4831cafd8ad41c9412b0cef2aca8cf17c6f2

SHA256
63c2d764126cd5fbdd9b53587449ddee75576b7108718405c7939af886b56196

SHA512
a62f98a97cb7c159f7769c9cde1c71e74ebfabf79a95485ade8b2b5684c09097c8a21d20c798cb0748922c469248c129ad9a72872a537cc6c33ed778876433aa

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
991b01bbecc9e914eb1bc4a3db6ae8cb

SHA1
209f0cbbf7a9e3255085b618db7ab673c354e971

SHA256
b1e5475eedc12a0e79aeef1ba4aed0397b20e3bdaf186f23787b1c01a6ef3bf1

SHA512
f491f426ee753ab8ab1a8c34a89af11baa1825bb4dfb3d34dfcb192ef4c89e65c6eb4d612c7513d8d6322f2c3ef8b62c911ad0673c85e226bb930848806a6a69

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
f6db123ce93296f5b0db8b6f052d407f

SHA1
e17168387e2bd37d243e037236a40b83ca9222ab

SHA256
2d947242d016b0bff2b09121cfb93f0806b370ee45922143104e6e0a6b9859cc

SHA512
c4ef118d2841de053ec72d207e7d4812cf4a9facc560a2d1d22bd05eed3673909a5792a0b67c0d30780307b51f1b15f572c5d558628e0af65b6b4ec3313fdb5b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
53558486e5e6172297f1b3caa0419722

SHA1
fc47cf7aa8937c9eebe043fe407c909543deda4b

SHA256
2612b7726a3ad66663eb3075f7e419b9390c8ed5432aade97e6e94c47622db7e

SHA512
562cdb498df77b1c5df85555d4255e7b3f1d990a09de573a6705e069f9a8fadabc3959f4ba95814508d7c1730040671fc0358328c1d28b9734fbadc9a8cccdb0

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
e8bfd26c957a9986989f3c82f42050b2

SHA1
c949d85e6cc427e925a491b43ea9bd722100ca9e

SHA256
737b14afd989f647762968461c100f55881f22d5017f24ae93526148b6a576ca

SHA512
dff7253802db94b4adaa18c239993ea5a7d104d4d427e6e6a9c0ded8c1087dbe396ecea12dc839fa801ee740a79d90b8723eda30557ee8b58ad176e8330fbdc8

Download Submit
memory/3008-6189-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-10866-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-10383-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-11199-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-6190-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-11204-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3008-11205-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download