aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Size

12KB
MD5

811de651e578578df251f2600a4cf96d
SHA1

452096d7b12a25f91e3b07154d713111abf24dec
SHA256

aa0dbc871c409100c8c817383a176fd2dae2b495a654a0d00851ebbc615aceb4
SHA512

9f37bb1df025ee7934976b96b1da84ad869098df777b03e0237a2656ae00166adc29f65d58b75de73e350a598d0a840cdf64dd900abd07b2825d3f8ff20d298f
SSDEEP

192:e/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMC5Q0Je:eebFNw4Pk1itKkpAjjI2YpdmC5Q

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe"	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fdc.inf_amd64_fe3599e7eac09e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-black_scale-125.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-125_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-150.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\Sticker.mp4	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-200_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\LargeTile.scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-150.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-100_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-400.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-125.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\locallaunch.html	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplay_white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-150.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\WideTile.scale-100.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-lightunplated.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\FileAssociation.targetsize-16.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-36.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\SmallTile.scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-150.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-150.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-200_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\Images\dash.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-125_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-100.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-100.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\SmallTile.scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-125.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-200_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-200.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-72_altform-lightunplated.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-144x144-precomposed.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-125.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_altform-unplated_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-white.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_net44amd.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a960e457791321ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_xamlbuildtask.resources_31bf3856ad364e35_4.0.15805.0_it-it_a28e3e625b8b18b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime.Resources\3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmbtmdm.inf_31bf3856ad364e35_10.0.19041.1_none_dcd4982e3ace583b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_stornvme.inf_31bf3856ad364e35_10.0.19041.1_none_4bbd7681e1ed685d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_swcomponent.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8e4184cdeeb99766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_29841988436f4072\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.contrast-white_scale-400.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ec5fdfe1588caf9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnidui-mui.resources_31bf3856ad364e35_10.0.19041.1_es-es_a838ec73105497be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sethc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3c541986c45ae3b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_datasvcutil.resources_b77a5c561934e089_10.0.19041.1_fr-fr_d050a8a129107891\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.264_none_3e2073346f0cf7cc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-24_altform-unplated.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ders-appx.resources_31bf3856ad364e35_10.0.19041.1_en-us_72e435366359c0b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d7cf3a8a9f80f21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-korean-hanjadic_31bf3856ad364e35_10.0.19041.746_none_d8f32b9f6cea12b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c9739237bad8c5ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmcodecdspps_31bf3856ad364e35_10.0.19041.1_none_995f983e954b9a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ae41e1b48171a209\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..anagement.resources_31bf3856ad364e35_10.0.19041.1_it-it_57478633ac8ed592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-projfs-driver_31bf3856ad364e35_10.0.19041.1110_none_fd3f70e1b8e1716c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..alization.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cc79b12df2a5bcbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_nl-nl_e0c0b2ea36e9faea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_media.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_64b12701ff175fd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmpmem.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1f2f0b87f7d8c9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-ctnrgidshandler_31bf3856ad364e35_10.0.19041.84_none_5b11e4395d8d1b02\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.web.entity.design.resources_b77a5c561934e089_10.0.19041.1_it-it_53217ddec5feafeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmicvdev_31bf3856ad364e35_10.0.19041.928_none_ae8ce890d40187bf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\aspnet_compiler.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-16.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..t-package.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_003ed53fb5f5bfaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.19041.746_none_22a6ac8933ff6d5e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Resources\8.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.19041.1_it-it_0bbbfdbee59ad077\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_52d81c9b0be0737d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlangpui_31bf3856ad364e35_10.0.19041.1_none_00c28810de50a067\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfh264enc_31bf3856ad364e35_10.0.19041.964_none_684359d4932909e0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..datausage.resources_31bf3856ad364e35_10.0.19041.1_it-it_3914f359de2d52c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_10.0.19041.1_de-de_6f45c61643d2dcd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wms.mmstools_31bf3856ad364e35_10.0.19041.1_none_309472708ee69ae0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\Images\headerminimize.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appcompat-adm_31bf3856ad364e35_10.0.19041.1_none_8c579afb944a7d61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..agnostics.resources_31bf3856ad364e35_10.0.19041.1202_en-us_4bdffe97dfd630ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dfs-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3fef4f49a6fa09ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare150x150Logo.scale-400_contrast-black.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_10.0.19041.1_en-us_751b79628dd6715f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..2-filesystemsupport_31bf3856ad364e35_10.0.19041.1266_none_f67f465d1a33539c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\http_403.htm	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tapi3_31bf3856ad364e35_10.0.19041.746_none_3f41fc96ee5fb280\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_presentationui_31bf3856ad364e35_4.0.15805.0_none_ede952efa1c70177\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_de-de_763add5a14af095e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.19041.1_none_9d2d2a9ab0964bc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125.png	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_2aa975f68f862bfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_78a5ee8e15045af1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-msac3enc_31bf3856ad364e35_10.0.19041.1_none_feb13ff962a48d22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_usbport.inf_31bf3856ad364e35_10.0.19041.1_none_d54192b9b0949c86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ucsi-classextension_31bf3856ad364e35_10.0.19041.488_none_79eaf732e32e4cb0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-uso-dtuhandler_31bf3856ad364e35_10.0.19041.153_none_c0c4ee134c2535a0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_product-onecore__btampm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8e068270167223e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_mcx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4b30b89252a6816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\ = "CRYPTED!"	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe"	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PKCONOIIBFRWSEH"	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZcWGl71Ec9XY4gY.exe,0"	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PKCONOIIBFRWSEH\shell\open	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	811de651e578578df251f2600a4cf96d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\811de651e578578df251f2600a4cf96d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\811de651e578578df251f2600a4cf96d_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
751e34aa3b5dce693abeddeac0d25a24

SHA1
8a8b6b6369d64eaacde8b2475e3805e2b107d2d6

SHA256
ef9151c3b9cb88ab6bbc2c4a8897275602910c611168c9d4723d4894e90d1f29

SHA512
50e3c363e471fd91ed5262f49c9288a6a3a5865f61d4d3606c20527687b9a38e52bd3f7ebb999c86828899449984e25ff7e01402b623cede3fe6ed88dc655fff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
31dd7d5beb85aaf3b6a3a9fb5cba80a7

SHA1
b81550446fb5587316cbee75b965a82b14bfe8b8

SHA256
7b5f49701913d42530c10e1341597ddcf28152fc505ce0409ff38c54b10d4b01

SHA512
f2e92d24ca349b179d52d3ee3dc12cad54cc982ab7f00455ab469fd8af3e1a434eeee82b15f92183c9f3a2fcc4236cc835506de55a1d2cbe5edfbd5374d7c99e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
626f97289789179740e0326e3cbae476

SHA1
590ef2259eae207bffab25e02c8af82d51e6831e

SHA256
8e835a6bfc4b9e1931c98c726719fd2421a923c390c35259c64cd9bbe6f32946

SHA512
ed4b8f2c0c8b3e193b1018d7e902c399dbfaa83c66132046fe400871f7059a5b82f78ccd8b887c372ac5712e4e5ff9338450cc1b3a24d3fb3c5d3c030852f9f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
877e1af38df375eae7aa9fa8bafb7bc2

SHA1
d158bbe337d85f7cd91bb747d50d369e0b4e6fc7

SHA256
f1e6d2a597a3e6da1897a041fe277d06c3f3138b92549730a801e1f1361bf96c

SHA512
a877ce5f0c9a8996cc2fe62606e193ecb80102edb443334868b61d596e3720db7cf9fc600b01fbbe6bc6b09b8b24398071922c148761443fd1a223ec5a9f5267

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ed9ff9f675779aad01678cf9cbec0be9

SHA1
f18d5b19a78ce8704c03247d908328ede2a8b4a9

SHA256
a9b62b66d80b041db5ba601a0df5f8547e22c657e8270df0d255e9d318efa752

SHA512
fcadaa024fccf2869d7d7ddebbc57fe0ef209147ea449e4fee37bc968bd7f88258f16b3b1b17c5260a196524b084acf89cb63c2f67658e60bd435bcee8161595

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
7ee65a91ce854fa21dab05100ed20ecb

SHA1
d4cc0f488268f5b12e42adf9e887cd9849b6d837

SHA256
7c3a5a29e5e1b8ff421d5a1239198de291ce3206015727aa4e9ee9647a999767

SHA512
5bf6124760345def301d831944c1a953fdacea5579c6355018ad4c4e5f440892daab509d9299b823c1a7475d46c9ea594394142b7c914be210150ce3de3e4389

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
79e48e94b49b1c721a72d43b811a6a82

SHA1
6879d18cbedf39da30e09bcd83ee99b35104f59e

SHA256
ac95022c72df011ffe2b703896e33b7b5e05e8d5529d7307f72297230fac7fe5

SHA512
7cb93e471bc735aee37ffbe43e76b6f338a2bc02a0549238a200fabb438e836a4f5e04b5be0ee77db49f1fb2b2bdbf5f803cd62921f363eb6847efc02f21e87a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
b5f652e0addecee593afd8b4d9c76493

SHA1
6b832f51b9c4d1eda8e92155df8e59f8de2016dd

SHA256
b31dd50bfd4a2027f623ec16174488df8a2b4e49a916adf4a55a72fc29829fae

SHA512
5337a467ee5bb727171a79dee2cd46c25dc2b20efc8d45027feb4b61341c82afcbc58cb35b6d459efc9dadd3ac9174b0ae00e35e4366de43bfd959e429710a23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ccf668e8b1d23f42ac06e3c4ef4dd692

SHA1
287788fe5fed765456796df11f92e25f9b841f64

SHA256
fe1f393db2755b66ab556d20fc51a1cdc480cc0412c2473cef74f27113284293

SHA512
d977322bac5d8ce408353916bf982776e20dd445147537c355f9fa538f3882c0ea77a226695d8e60cf7a0b2a75530cf8941650247f202b823d0896ddaae5f9b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ac03a5c9f344e8707db06ae28425ff65

SHA1
854709856dc1866c6ae3016822d7488cad6c2a40

SHA256
fab1a905a593067036209f3dd880d23ad67b72bb8865e73b5b343a95a01b2578

SHA512
ecaa1fd4bfdc5ed9de6effacc305342eedb06e043cdb451b85212b20b00796e91e35c2db2810ec60000ff938c76606d89c337d328b4800c987c09603ef6f1e35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
5964b776ad169b9a4e7fb758c0ca64e5

SHA1
898f1405c3a75e658f2a5af55122a39e78e0345b

SHA256
bd62b9d3718f71e2943d337c6b993b8e00e7e0d02f16133b6542676b8b79ee73

SHA512
774e4ba9d64889e55c4749ba7fc30cc2c1f59cf964e5ba44176c917277c52069a647a7aed8542a794bf8eb679e81fdc04f08b89987f188f15c5e672d6b671396

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
71b8ccf69db1e2d67170c5e042ee0524

SHA1
a41604b1334a7b1107c29b0cb53b5f009cb0ab34

SHA256
38def57f6d2b97020d58433b5fd29e5fefa1caa4b6cba38c0989fc4866120a03

SHA512
7bfe9a43b6767d37bc01fe6dd6fe6046e26586e059ac0d6029299ffd6f174c6e5360bb34c8486792f44af6b9260c961a86b59ee47809c9a2fb7975fd47986c72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9071c4775692719d95ca64ae0cc3442d

SHA1
1e7030d19efe9d672ad9998153f09cdfb99d3304

SHA256
ab969327a87ce1a9ebb1cee5d2f96bd48698a2cb307a87db9ebdf21ea30b1fb1

SHA512
7855fe74b08304d5886c170d67dabba7e758929570203141dabbaf5b58e32b4f5bc3bb92bb09c5cbad6489a980e21d1dcdc8d6723799b2cccf6cd8da8927033e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
29ef8f03608df4f8d7d903cf58831384

SHA1
6f067a247f77cfa72ec1f410413a6c92f7d71263

SHA256
afcc4ebfcceef6c1732e58dae163355a01a9735500f2a28babe15bf23d0e3194

SHA512
10544920ec384397ada52e533e8b19b446ad6846801b38786c4585d90b01b2eb723eb35e11b8343a3502e55c270b9b28fd9a7b77fec48a47d6a9b6d8066d70b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
4baed04403e33a3f6fb030105164f45a

SHA1
c49fb65f163c8fdee0ba5b5b07261926e26b4da4

SHA256
36d476785cd26980c9afa7544de559955b3d2309d7378c51dd5430c8508ade58

SHA512
afea2e6d6858f993b66e88a3c0e7a68c383502ca3895d3665f37676463051593805297aa86d0fff468f5cf3987dfcf1fca9ee93c1796eacb83e1b91b2b586234

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
2523c6adfb6b655234b4081e26f480ee

SHA1
56f908185d30f88321f3071a467aeee4247973af

SHA256
c31e8910fbda0ea98474e36534b120c5715b43faa109c6b83226e12c31c09934

SHA512
b87f6a423c402bb71510da0c825e09ca18f3c0bc4b29a09754dbe31569a87ecec27fa39ba0d6918649c55dc99944a4c64249199c7498d61c5d92ac77c9a04c94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
d1bb593addd8e0b5a2bd16294cadad2b

SHA1
05de3739901fbcdba4c96b87a89400494b368f30

SHA256
ef270b621f893481d8cb65d57f72e4a3f56e408b78294baf2d3b413b06813187

SHA512
142e031d2f5e8b8eac8857cee81c18330451ea50c67e9418a7f3af4196d225419631b37b9453cf0aebf7371caba98c12c6a3c89a10c120890730d19f84074be7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
0f4da6e125b4e78b21eb92aa7b62e474

SHA1
6272adee20a0812f30bfa43650cef94ef8736dba

SHA256
f9bd55a0321866b7f7d13e4b662f3b90839a55a9629a549375ada61241468840

SHA512
f169dd5922a6eb2b4402bf4690270016f7d394c0db9e0a851629d4caf821ff3e225f6c3b165e9bbe4eb2a48d07b7cc1aae59678001da7500865c834bfce0479b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
36fccaae0d4cfd1bdca3ad140caf90bf

SHA1
14d8c29468d52c6742f8970d64e91392e1041d50

SHA256
9e948e691c81209f46b0ca5255c312ed688604de4160dcaca6922d7c0a993af1

SHA512
fff17d10795d134725d793dc4e9570a124484b991fd84aa29aaa2c520e9c190e871232b9004ed9de13c27b05a1d8a21b210a5c3acea55363bedc18bf6cf4674f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
cbb8dd483f1813fbe30681b6161a6196

SHA1
3435358091b75ec5d098194d5eaef3a4d13a94be

SHA256
ae0b96c21226795775ab2d0368819bb50cf42668d3aaaf8fd55f5caf3a5124fb

SHA512
ff0f7f52da86a9777ed19706504002a9fcba99c48d6275bf8fdf2815c891b3111ffad66218d4d883ee3a786ac9a7ac7e2ef37f05fa33604431c579476d424014

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
f98f58c441c2a44e8b09698e10b29735

SHA1
33070994f57123db3fa30083080333f9da36781c

SHA256
34cf1400f0cfe4b93dbc70e63747c956495a662d5fbc192bf2d67f8cb7dd4487

SHA512
68caaaa30381ebad9425801fdf36d83c211d0ee0774a52eb8fa1a15f1c00cf5370965ccca3650060a533fdea95e8c313b58af406180af4951c27e204818b41f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
d38ed7170a95725aec5bd053f956c69d

SHA1
a90e589c77f9bc93c69e47f00ab7426fdb213062

SHA256
e2212ed615a01605fa940ef5e6c7e137ad44e1a9cefa21ef12d033d3ba36f8e0

SHA512
772c1a4289be05fbe636ef0eee870dfea5d8353add8933549960d353d727c50f9135f661ff2635e3eb89cb43cc5e4ce93538131ef5874cd3af6fe9591ba21406

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
f3ab93ba85de92988630595687bd975a

SHA1
951d8083ed79e4bf3fddd22f514f7922264c95dc

SHA256
91abd36269ea2f9ae4da795563dd60f94db2de609ddacb8e28e2564941c36161

SHA512
f7b23d3c90e688aa156a960d9a33eaae7ccdb2f905ee33bc2fae71d1bb441352a38e898509675dc073390cc8dd314bfbbf2618496df0851d98d675bc5531c9a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
052b20925fd38a0688510561f0620a43

SHA1
f4393b2a7c5f9e505a19b447cfdf9c22f4cd54d2

SHA256
ed5895a1f737d78e5b6c8664e22b8a1f660bb4a839eb48c46df22604e914182d

SHA512
04d23278cafbd528561e0db1e83215903164a03bb9934477e57fcc68ac9f5cc1a4539273ec04a805829cfde89ba66d5624c61244f157423f0fc4056a53e9ad7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
25b9b6d19edbd56e5812570b708c7ad4

SHA1
96d4f9cedf045bf19ccfb552048e8f11a6e2a8e7

SHA256
980d827578bed1386696f77187e924f2315992fd3deaac30a07c64141787495a

SHA512
2ff7376ac5a3ddb81c2d49ff55a3292a018df9223817f45f0bb4a92455ef84986578245278cdbaf1ab438cfe827c72c23fa1e8054b1f6eb3c8c3267016510052

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
f86e20107cdad2f9bbf2e85af9633fc4

SHA1
a6e8187552243b3eef0d5eefd7410c4b8cecb400

SHA256
79df2dcd0d1097fc19cac233e5eb6ec989ee9f9665aeda877934facd0b9aad8d

SHA512
5e8ab813018cf2ce8e939cac4940bf4beb76466d00d93648d32d1707a7896c9afb9419ac95fbd46d563ee019c7816156f321317a05ebb146b3b7663ad9923722

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
aa12317adb0658c451a02766a5db383a

SHA1
5e05b234798be34b66d36dfde9c3398a84c6ee13

SHA256
a31b357b9484b737838eadf6899998e0b623f61a20c6c4f8eaac633edc28ca91

SHA512
9541ed804573cb4b732b478e275c4843f9f5f5fcb7261ad52d4f9bf73253dfd03e99b3043fe81e403241a04252f7e2879655735cc961ad4d1f5116178215f2d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
a970a4f48c46259ed876a28c7d95836a

SHA1
29ffd57b1bdb699ee6eb4247c133a5981e2f4a6b

SHA256
d19bf83beb5c7f8e5d8e0f1e8711d3a81c8edeeb8a397ad3fb0508077e17ad51

SHA512
841e1d2feb691dc2dec2ca90e7f261eb77226e7e1c0b761b44fae29370371af4891e9c226da2e3c3a9ab1127bc06eccc2ae76714a7080e8b322d25887c7846bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
add7b66d5cfb472d9f8dcb5b8f85027a

SHA1
7f673372e4e7361e45ae62d8e606e17f9c714c60

SHA256
935949e0f67f1f08778d1cccd6edf8f28c27042c6625ddcb8d33dbb1fdfc4dd8

SHA512
c570438061aec925d846b5a806ec0180d4e3fe30b9e0408fc21d6616c343e984262f148a939a43ccc726afa603754f1d80a1627579f39d81df8a0fcb10feceb5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
48c431ac39a95728baf53ae5f0c773f3

SHA1
f78d623bfa67ac3f29014262a0a17954f221237f

SHA256
ed599254a0f18d27cd8d5b715278fc24ce1d48ab7b9f93e4e7e1c630a039ce39

SHA512
6540e3bbdf1df9f3afbafafc899873895365f6c682ecae97ed192821d39d3d917c9995e618655832091b0946dd28ff650feceb096729af0e4eb547af487445a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
33cad4f7239769cacc593a0508119878

SHA1
291737d8a2c57a9bd56df43aa4075d2763c9618e

SHA256
3d92bf296d2e7254ffbea778aeacf6b8e6b59e65494152b8c6cb046b8fe80731

SHA512
6990c548e43d16d00bc063991ea86f674a9d7f0dfedeef3ea401715e36f2294385458a81b292b9b21ab30ac0424c34909e300edc01abc29162f8181191077ecf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a2d0731b9afab736af35ea370448d0fa

SHA1
6ccbce69e51a25ee20c533849f5c40908aab5dc7

SHA256
0bf5cbcc59c25c41fc449ba49ac0fc69a873f24b71658e99b768a29cea4dcb94

SHA512
97f97148a2ff960ed1ae83967c3d0863d9aad2fa7458acef2784b09d473afebf0b8fac6ace99b15cdc5a162d83f6b5834fe76c93032839b4a533d2c6c987caac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
dbf6161fb400d331a64f5c7e752de611

SHA1
eb85ce762dece680d111adc0f13e3f98c7abbf92

SHA256
1e91fce9e7516a54fd264a6530565992c51ed769112761abf5e8d43673c64f9c

SHA512
3427b3177b655c1ad039b7ef255b0d6f56a61fff52f8f332f7c19e87df9fc5d6aff393b791828a800342f0d722b54bf5f690a04957af1b8581f6cee7f66a9b81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif.EnCiPhErEd

Filesize
556B

MD5
47ed46ca889a7b96566e26a6146cf052

SHA1
38132c672d7991e14a9a6679e87c60f2fc798d1b

SHA256
782961d677038d297b5bea98ac5ac628523beaa617450a0a57ce7a3a69b8ee45

SHA512
f68992e215116225ff4f33337de71b1d83a1d74099927c1aa2d4def87136164ed93179bacb6fdd26e0edd86dfad34c23f4729342ef45c23d24f21f98bfc76dba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
dc8d032230ae594d15f83fce02ac11e0

SHA1
ec524e5a730fba7f8384c6cdd685d57bacf3669b

SHA256
1f8c2fbaeac0cd7711c36aa1a4884264ac4f357b79a1bce4ba5198a224502a4f

SHA512
651694d2193e5ee83be5f225df8c6c84982080a0a29ea1ad7eb49dc11b9985987486a8aeff0a072288aefd4a9cec2c5d5ca32b62ec62f0630aebd347f28a18ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
91ae478cac3bf945ba7f2ca42320da72

SHA1
eaf3333c386f76e93643195af57eb5d821a5e13d

SHA256
627937bc7bac54dec0a20967c55dd4fc1c3b37b4102cb95203436f86ce4182da

SHA512
fb45f9afc12809abae8ccad6d730c29933c63d347c4e8d1c2caed245f7f621fed1fae08032db521bce7cbbd60ec3486c309624d03e0cc8e9171b376fdc3d9a70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
a6cba54829b485368336b56d830549b9

SHA1
af4523ea690eab517edbb48e0c4c9ae581a9e018

SHA256
715fd382b9550b8fb006778d8c8cac3a60ad9e4cc7a27273e6e89b96ed663ca2

SHA512
d0c8be735a049719939f6802a9bfdd0fcace5abf075d3bd14883a7e5d3adaad92c138ec1e988d0389716094cb40a5e5b21777d69adcc03f526cde0af2073de68

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
2ebd5a576d0272299cfb1d74b47ab7f9

SHA1
ce14cbab5eba1f78e71f10b25ec850ff6b48fb84

SHA256
5cc12b93d95a0fc1723450e262e39fc264d1b7b260c5a598c4c1df705f6b212a

SHA512
3a8bf5be118e9249c50bef7c14e90af4160bbb1bf1b07c6168daff7ce5085e8e2856e57199318ae66c30d4ff2aabee0f0594b765bd5d2798af33d1a2d9a5b098

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
09b8180df7a10d1cba4fcbe40874ead4

SHA1
a17d19446016123cef9265fbe95ceeb43f6be6b0

SHA256
74127f4e4e71499a6143e92287aa4da75f50aa281e37ca4c0dfa602a27ac6256

SHA512
94930c91ad55243aff9aa3a8e21ef0b2bd1dde67d868f36a7c89ce3505c4e65e8aa6f014e6503b0829540d85991e81636799d82bedcb804374ab5762a7ad05ee

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
b9f5cbe76c9d62c63fbcaa784f488ab2

SHA1
748cb7f6be8c8d982d7d2a5754b575b6a4616272

SHA256
03f8730ab17c794cb342ccfa3d4e7ffbdc8a3fb45690a5816e7a5b4261431bee

SHA512
05ac89b6ab713539e06456382cd8712672bfdca0bef2da75ad8560bfaf549890a202c1606ea239ad5529d9b740e6da8e3f6fa68fbb481ca626828f3d7ef787ea

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
7eb52575a060c62cc0264573a1766e9f

SHA1
6e7c0a617df29309fb4c499061c0b8a75447aa30

SHA256
07e7f28c3c49d19bade1af290ae07e03bf0b7d9f547519c3b00d3423c0e0968e

SHA512
06363be2b182d770ee822ad1345b50bad15f60107dc84801baeef92b9998404d477463c8420e77c8b2762c523889979855455c6391da28b5d524a407356ae2c8

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
a80091918feef102efcf3826f0711d90

SHA1
47d6ee507afc176a4674d0fef8a54532ae1f8376

SHA256
98ed9542c43b1dad9aec07e5b78f4a178367a7b5cc34569c8552faf3ce94c60f

SHA512
6ab4a28791163bc8f301fa82a91eb7b8e03dbabf1a7c91adacd2aee373fbd00c071a00dddf192dc1c62bb7520ec175a956c7664b1dfd5122702d3dfcd8dd5656

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
f8546578f718401553809525517cada9

SHA1
e8f0383b44e2fc9fd1c31be627d3efe25609a073

SHA256
c0bae8ab0d9761ec3ad65fdcf4f1526a42ef1c19f5a13b77882dae0e4195b12e

SHA512
cf5f8b304166decee4ca95af5a6946aef149a2af2e4ba893e5529f1f3aacc032ff394e9b5655b56b9807015429772a420692730e81909d13f3c53914cbd1813b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
090b5fc08ac43348731e88fbee4cb25c

SHA1
fd9c5b4efaacf94f1768e52c9611ce3eb55fcfc9

SHA256
90f75bfbdf34356aa9df998bb2c16f83c680123b7c84c36709a1f52215be12eb

SHA512
394da2ed4132ba94b4a34ad3c9a4ba00c8e035ed64e2dcd271ffcc582c6b7071b8b97ce803257c880b83d259f9562c76dc5186546ee51d7a69fc42108fb28e26

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e9afb55a7c96e5614c328904412a5c4c

SHA1
a75f3bd873f4c50b54adeefb1ee1e8a963181729

SHA256
4eb7acc3729f7a0fc3bee72a0909de6708c3e62b81c22a075a5b2eb19ffa94f9

SHA512
bcf099c34e242ff16119b9b95508e0e67f213d2fc8c4bf470c29cd94e11c27176f1e650f2a8f2e0afb60000b823b20ac8add5ad30a4167b16d68c4f08a5915bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
430325779c4f72eabe05ff41cb4e91db

SHA1
354fa0adddc5d32d0103d25076a437093529e0fc

SHA256
49e00b8bc090144502ef88686d300850508195baf264d78a52a26257c48608b6

SHA512
bebfda4100983842cd7f7511294710763c3bea76972dc8c7ae0d9ff08b6c63f4b4ea14a9970a94e6cb42e6b143b93326cd2c3bb0b99773f2f249cbde13b535ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
2918fc5fa9c26cca480d50e649411074

SHA1
16bdc2362b2ded5711f7c6d94d867b9405c1ebad

SHA256
70ecddae93c3e79dd815838ab21930abbab6554ad3ee4e37001ded55d1300ac3

SHA512
67ef23dfb53f5c4b407165095110873f2ce3111c8ac59136fcc5c6ce11de15d20ee1b6388ea1a35724043a9483648f7af09a6fc85eaccbfb717eb6b60b471670

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
c6f06ecdd7ddfad4a8cbcd55c24f7917

SHA1
e0d799794661e4316dde95f7db5d64c6b28783b8

SHA256
e8e4983810e7bfc0882efb9f8bf06d563466be5aae2c3704ca57bdfaa84629df

SHA512
703e2546ff46eb3447c99d9060b4811aaffb23ec375472e94a8b6ccff227605a3cb549508e809bf9f94bd1090d5e7cd5501f89d6216e50195372fe294b0da5a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
bd023b40f687342ea10f405d520b01ef

SHA1
5b7e4757e03dfa9ff1bafba07a595df5f9a56b38

SHA256
c697eec97c50ac718ec0a107845a6db8b2b217a44baa60ea0ed5f71102b0ebe9

SHA512
5e72aa7a0c1ba5eaec6f58bd0e9e0a68dd63111b49377f491047d115fccfa71cdbcace03917c5f5e363028a5beb8dba818b5d3ab80bffadf21ff38e248b33a0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
18bf0d6a1b5b737a62003ec7b46044ba

SHA1
234b629120d0e42bb4d78e81f28b87c1fee65afc

SHA256
941b76b87f62bf7c0a9bb144db6a284b8f0c91486b2a173de0f278db75a77bf3

SHA512
21138e51435ed3239614602eb1c8fc14ad322f48b1681bfb1f11be2c0a759646702df23ddd6fbc79363d6360492e524831a15069cfa977e65e90164f12ea658c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.EnCiPhErEd

Filesize
5KB

MD5
13a5bbaa4cecf91643cc6cb0df7b8569

SHA1
1130edcbcfd3e0c721090888750f3c735c4b060a

SHA256
2455d90b188b7cf27e2e15d03ebddf4b3b63bcc7b5f7f5fd7a0b515543e864f9

SHA512
8e1fe16a013c19f03680804d56e780f1e829e6e40135798cdefefe60d2c7c99f2f08094805b4843eccd1bd6d899c0710752a90a67b65ebebf2a259a4d0b612ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
8b0004f62dd5d925d12f285859ba578d

SHA1
91b0ce744a0b8d7ee3a5de2a80629d30be5f5196

SHA256
d4d2b2cfc8d38796a0ba3c681bc183c2e15a10d5bee625e15b20df8c293e5941

SHA512
722f11a97f1e5b525b1e797ccff7aa3d2a0eb700a67c0fb97454514a1a4737377fa09e27ba61809e5f07aaedb0ed2a38c5d2e14e1c3771cd6b28b86051c9b3b6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
a4bb72ade3a08c06d4c41ef876d0ae46

SHA1
26ed3428e174f3ac59bfafb9acf2663fb26046bd

SHA256
2cf618c51c7f52d13e7f3eeefb85980ac305d36ef906f64a02a06754a368789a

SHA512
4d8ac7abee80817d2267b94ad57cb242d73e86f79320831f66d9e630412338b82a51924e092489915a90a2c8bd06e2325f854da8b55ec5d47a731124731380af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
1cb184a9c9d12ca036168cc7f4d14fe0

SHA1
14d0cfeb15a551fbbe546dc3b54a8e0a4bd17830

SHA256
fb997624ffb2a1dab44630264aaa69ae51241d1e832f94f3cd30cdfb774dd161

SHA512
3da5bfba75dc811e93272a9c00aeb4fad42b4b0c3d51e90e9a3e6831859617274c4a7c52cdefae472c74d8c43aee2c2b7e7c1ec61398c766bf5fed3656b0a6ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
6a6cdf3604c87fe658539e0bf980cfac

SHA1
355ae9ce4c024e3dc1fc852e3f99f6cb531cb299

SHA256
a86d4023a5e6f4d612f2ebbbed6f7e1617a144182c63a9d6e234c761ca9f035b

SHA512
f5a05b20b49963cde77142173213de1f39fbedd4d0de1a4d8a90852aa6128db763fb0cc743b42625fa016bc9eaddb217527813edd20bae21a98e35a0abe99d16

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
dbe5beb3a933d9fe8cd4b09c2bef4762

SHA1
0ccd45f82c100e533402194c4678f95773314f48

SHA256
9eff37b22db43362165d46bb27982a8ab510e27ad08117c8840208d5e61c4a63

SHA512
0ec50d3446e25c62a47bcae380579b3a530599005643e895688e03efa1cd7253603209887c7382d3326284d9835c842eabb25c73e3addc4dd1d4bdb8644b61fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
3e03e9728bcef1bf5b2026f425941b01

SHA1
fd2dfcdd828873460dd16e6dce682cb4eee992cb

SHA256
d3c6c98908c29eb9243dcdcea9201e009b35e567c13a399bb174f3c5857f280f

SHA512
1ff4e1d6d1090d80383d8d671849793acc76b4cb5ab25c21dec6fff49d52f0a770b8f3c613a5ea10d568f9e6af7d0a15a82ee054c63b1c700ec51456500e7396

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
9a15e26458369f412c61b7323bba2eee

SHA1
5f742eef93c29e65a754f44743456775f2159d45

SHA256
261f9215e6379d31816e3081d471395d3503605388de973ca825175dd9f534b3

SHA512
88d4d14982c32f0fc20c7ce754468ed19c4a9f230b4f897792142163a7b371336a2eb901274365cfc86bb1cf9e573b093805bec18bc1d0be2ac64e5ecc58a6e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
d48df3537753029f4d3e002e314d054b

SHA1
375369a8f758bf33996ec9443cac80c0c0d1516b

SHA256
2584457bf66143e24c462ed6671e10560b4dadc5538f65af0e81d40de6a3afa2

SHA512
c2aa0e38e3e0da8f4392dcaa836340ebacf7c569a2730f87a2743af8b567f0d90dc7c47927d3b8215f2b04f136b8129184d1d675c248dcc0bfabf71e300d6aac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
8fed90287b14af1ecaa9a0683b819134

SHA1
49d5b3bd73a88116b89c636015db2ec2d8b34c8b

SHA256
2405e967b1039c09350706ce7c02406f6fdc80ea7b1582c13223b16d1645f834

SHA512
efc1d26392091c297be2da9892d1bd098f871e6311ceae2f1219123968e893367e4d9e66d0e01771b06923e19c183efc69320ebb29b97ff3a04b6af71e43c311

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
e824ed0aaf5b8b61ed916438d89bc583

SHA1
37634a7f370fbc2722ae21658f9c7777a6ed3d0a

SHA256
6c56ab1e2717b5377250f60c214a8e40aca48195d503bc7d11177e71ef6ca1a6

SHA512
472bc3797ff991c3ad79bf6b15b12ef8863d946c3977841b7978a578849264cf16403b6049567c2b353c46b17ed8ac5435aab4e8236ec20e81ecadfdd6ab42b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
3eb9d537ea183651d80fe0ffa87f2ce5

SHA1
b714a43253e5976682d68fa2ce5fbd876f631054

SHA256
85600a7fcfc917ed40be8d440e1edd64a34776d78398e5d8cfcaf72d6c4b217f

SHA512
1a65273222fcfddbcca8baa1841cbf1e5db0e998c7092296c57f548ecc217c35710ed1572c3a3e544681d41cf819d156ec0f4762b2d112e506cc6860e2590cdc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9f7d587a1cdd9e9c7059ba5b94a678bc

SHA1
de6d950b0cd9ecd67fec8401796ae8f0e3fb6f66

SHA256
950f083082732683c182719e6111371f034b1642f0344e0ed4bafb6d34413f3f

SHA512
e00a573eea0af05807ba4279761c68bf16f2b311566c1fc0d49b10b23be788d9cd8f939aedb297b4c26a16af3c250efd7e4153e0fb15d18f3adba85f57ef6d41

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
e50f9f9554a3e9882918da20b83f079a

SHA1
e0ae49e50a838e050822a2fbd440a0a199c4708e

SHA256
abb59025dbcb72d0e0331f79c9543e44a9ce214d15cf71683de19e11b0434425

SHA512
10ea1fa8547173168cb2a38a2e48ab6bf746773c652c37a5f3fc6678d8c115e81466233e957b4538ae1fab306400a99e32eb88fe5708f5afa79cf686707c6cd1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
3891c8968256f89a7819cffc14a809f7

SHA1
a04e9f2bf4b5b5210d35e4768b9ba8aa0f4a9284

SHA256
49939add67d71cb3293e44d425688f1423f5db5ae94f3ee173084755702f03e6

SHA512
a772745150119f5de9638b5d4c08c7c11050ad1dffee1afbe635414ff733092c15c0749c46ebd4fcd99d56bdc1ed6e2210c33f9d8f687c2bd82bfc505856f728

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
096dca1281d8571f82777a847f62bbe9

SHA1
4766b9f75781616c85564942b1bb9999b4221247

SHA256
ae2650d8bfc8c3852107d59a8302db016dd0d869ec50bf4e643e25418ca1f630

SHA512
364431e9c328000ed19fafc526d651ef672862f4995b757d40985e0d0181100d27b6ad4039a043f84dd236bd84b6799de300d51cb55959a18fad517ba0fa5fc8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
f7353e51a872ce0e21e847258ba3a259

SHA1
eabf1d39a5e65f287d591d1688ba2c01fd23a8b6

SHA256
e52d341b81340a4555bdd101912abfca3c56687fa6346e4286e1ce522d9942df

SHA512
335c23c12b8d6cc962092e80bdf7ffad834020c7061f4ee4439aae0006d20a69fa789158ab04c15081499a028f54aa7c2cf6e0cc51ad018cf1d20042c6821c52

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
5686d2bda1a7a2da3f5679c58e4247bc

SHA1
cc9e750d5944395382f23d303c438ac26c34d6e0

SHA256
3b45da8d2d213c87b319950047941422a8e773a9f51be50206a7a6f96f4d13ea

SHA512
d29f91a634556617edbaa7cf4352e4414af2b778b8d01d35181d086a2ba43107f67f0f50ed06863da9c304524858289fa2246997fb5e4e2b806fa6e7da25ea05

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
a71dc257abd21d24bc5e6dcfc9ec1faa

SHA1
6f3cb37a668971fb6a506e237b6288b412c7c2ca

SHA256
528171343dbf5f189e205d9a3d9618a831b8da19c5d82cedf30423959e5439ea

SHA512
37fa240956d8b81ef2e02df50bc6ae9ec44f55025fb9b07cb48eaab1ae464514eee1d4f0a07c751c92ca649b12f25a8eaa661cbc8526dd03d27b94b2be4c5ed7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
1ff5cc91b1f4dcf90fc0d5eb667a9918

SHA1
bacae52b3148b1341df57c447aeab9cec3083012

SHA256
83f73e14e742589796fb7710fa7c487d93bab6fda4efed9502679de87367064a

SHA512
47bd72e5bcd071f84efea2b50a4e38347d9b0402aa29b7547e9e28357a1047042fa317ba7145dfd6fd4725b25953bcd796bc94706ca56f9d20fc4ef57981e314

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
6feb190d2f8957cd6bdf7f68dfce1427

SHA1
ef78c94dbfdccc074e3808c455999571bf2d2697

SHA256
46cf3dabb5eeaf2bd50eb3742d23d4b78f9ce6c44fd8c4b193df719d4e999c0b

SHA512
ae147bed4dfdde3b1bc5857dbec18e5ee286c7fa96513fb4a7d67f7966b89b39bf04210845f25e8ad77e968206dead906c02e091e731d7f87d7e62b012f7171a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
49c21549715ae49cc02337758ecae6f0

SHA1
22744359ab9fd7bd85922ade3de140dacc808f2b

SHA256
2fd1246ffb23527dd75c902f674ba0ad966b3b33bc0ba8db949ce5871f888c99

SHA512
5442ee5119f95235a931ab2c04f8d424ed1536c760b133739cdc2aa2f1ece91c4162eb5101f360a6cc0ed8d3a8c70ebd0a0006e808d880ff0a51b9da1b130298

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
6632f2afdaa3287239a8d9cb5754c453

SHA1
c63f8379d44ee5a1cc1692fefe9aa1476585fa6c

SHA256
d61c79e5b8addd71e5903f87681825eef69f6632357d6086f95298304394f410

SHA512
be6b61ebcf7316539d4cf3d20be6847571efbe8399db4add53055cfd704ecd1baea3cd8a5e1ad305042732b6bea484f7bac53eaeeb76adcc1ae35c22c382e9e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
7b5625439255926062effbe8f6a4366a

SHA1
72440b827f5976443b11a4dd3dd940f7201c55ac

SHA256
0feb4ee08224897acceabb3211e640dea4c2161e231e516faff0161c8dc0560e

SHA512
5e437149f70056ca6e58cb5a6e62e6d70919f3698ad6b01aef59b6eaff2240773c339a69012f904839564782b0bb2373341a189a68787432663a619a92ffb3d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
4d26dac5e08935499a281b094f8a237f

SHA1
4b8e96759e91cebd4ec3db025051033299868499

SHA256
9a92ff5b2a13457d146660df88ed2c409f98b4f0ce936064d8b05050223f8475

SHA512
0b587db1d1811398515c383720cd699a1c0b11d902bc752c78dea056fe0b10464539937841f77f21ca89fd0f938feb4c9b85d671c722de4f34254723fa0019f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
30c0b1100ee10220cdecbe7a338c4ea4

SHA1
8d4057f338b83994686ff5e2bac1ed4d9edf5bd2

SHA256
7f5a45fde58aa6872e6b56bd58926c0105d205745882ac986b08964f047ceb85

SHA512
e332d24e0bbca833ef7ef5d7e4ba0c89415f2fa5f057ab46b00defa8b1326ec668f7f9ab31c1be78d9fec5dd24119434d3577ac488c193f03c661e32af042bf7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
971fe8af710ec9101a0f32eaf6e7104c

SHA1
8ed9512e7ce4ffc8c5a0b42ec9520e28ecd44f9c

SHA256
e12b6d72776684d6690f923b2ffadaedb3ec95c67785478fbd27ac89a0e73d7a

SHA512
15f1bd6d6e3d7ea50dcf81b41c3c900a67e1584fac20d27cad13834a6b63d8d166dee5a3ff2d91589139482d715cb6c13e411dc7a81ee6883bb3d4a20142bea8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
069f5d7b7c3781b4be9cca071ca804a8

SHA1
3d65910674915e3a76f9ad4943d6f8fc7ee87625

SHA256
6265ac58378be735d8971808a88782a9be1b6d17bb9ce1997b801375bcaa8e1f

SHA512
84754419d20d73bb055911186d68f5fcdc7f1549df141a4cc07b42ac5e9a92fd42ab1e11b30079609dfbf1e07dc2e894299557d1cb644f522ae38a8d95b19243

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
86b35b1c2d8c5a8daf12bab6df8a4610

SHA1
1b0babf617e268597a081ca0c10fc4e402a9cbb0

SHA256
a32cb3d0e154aef55a53951af4b6e8d63b7897cff519d6af1d33f9b29c793a64

SHA512
74ca9d8bd41fa2c20945e4719bcb11e1f837eabd47c67862fdf734255084c096f4580330a61a0ad6c3a0f65f954dedb17de831483bb5766af2720503727076d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
77629029f967d2d881fe83e26d31577a

SHA1
6e2abe8ec091e4c4f8584ac34641cf41317593fb

SHA256
929510326a5b577b2c386b8f352802d12eeedeb8e7d571a6285a39def51298bf

SHA512
b35179ac2e64a04caf1a3e6b0a058efdb240b9d20858449bd05c6beea04aff0249622658a773ea55f91b8b9049b20ef78d1f512ec1affb84e739d1eed20e84a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
f0fb6a68043a81f3687baa692da52413

SHA1
319aa21fe9ec8c28c80f24f4c3442bacef03916d

SHA256
c89284586984b3de4040a06a5eeafaff9f8bbbe7168310ae7b333f6706ace5da

SHA512
8fc5ad8bb007bd795159e6dee953ed27d295bbd643b880dadf5bf5feced33dd5e30844a90c59ca0d582b9cafc3c7e12fd7a6dabda55f9a0dc6d2c98aa97bda8e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
887aa1e10e266071ddd0d39fa52c8729

SHA1
7eee19cc16ed0f1de92a1da952748c379abce221

SHA256
0c47fed4a4343209d9df3cc4009e18e2928ed326429badf37045fd672476dbf0

SHA512
7e97ced8044a8b302e32ff70a6c60444aae7383aba87e5869ee162a3cdfa3ca854cab71dbc697818ec64e9d39fe6537339b62a374907d47ebeccfb28ced39c0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
f02a8895d62a998e70ddbf8c12b5fe0f

SHA1
d387e946447cd0b0fdbdb5fd997728a2722904be

SHA256
1888b2098cf231e40487ce6255129d3f9974aab9cc1f92e70e754c80e60ccabc

SHA512
a84a03f05b99a846c69b700167156429f55838c3cc1723f2cabb1fa9524f1697c253529ebaab1c5fde873b16e1d033529469c4c252e4390f33001ffcb336d617

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt.EnCiPhErEd

Filesize
77KB

MD5
49ca8a788526b9456c98642e360b2e80

SHA1
f3eec9a9dd1e710af23e7435e3dccb689cf8696d

SHA256
393ecf6297c898904c3fe5c1ceea1841375dac9631064552e0788bb03839b8db

SHA512
06692f8598e3972f20f444b8d175d48e10974d8b1fa85db56963b68d3358e19708cc800cc2c8578124feeb6a7f100be4e1748e7578ee1942f55e17321e7ce031

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt

Filesize
47KB

MD5
75b1f0555cd2c6dec6b0b928fe92bf6f

SHA1
9f5a4cf26bb0a8480731b0652bc098c11bd9d2cb

SHA256
9be30ce1c3c09d016cb404ab45ed72ad730733f3a39809955a69c1c257e8282e

SHA512
1d438cec1cb823043cd096ea22dd3f500d2c9047de8984d36d0a42218797f0bb5f8039acc333db3170c46e7b12bbc677856df1f02ffbd790df4ba820dd0fb6d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt

Filesize
63KB

MD5
165f22604c644f0f6d7dc7faab93cb29

SHA1
badf83271ddcd27718d539d67ccb932354633a86

SHA256
345ef1885e361a1ade793ee778b275746431bdd29c6c8904831ca61ac7d1acf9

SHA512
8bf47fda4b6fc0914e34fd110f08af0ad250ede7306c378a8a79eecd86de66d62e0e0ab1e29985f82cc1214923d54c1ad584bc93585b7a0f1effa211544d9a01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt

Filesize
74KB

MD5
50f9d3a2781d60d131323f764abb212a

SHA1
08ea1b0f6720cae67f9edf8e374903a9dc6c7f2a

SHA256
98365a419d7384fa288bee87a6c5a4b42b7db9ffd79391ed655ac38afb75a6ca

SHA512
4c4e40576ffff79441c2c1eee0436fab4c72b8b953f814b4958a789b17384ffcaa0030a746bcb012daaee7ed338e6bf08a0bbecdfedfb9796d5f8841965866de

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
0c6d17ae3189c0451a7bfc88900bb6c8

SHA1
9fdb1df1130d604faa897f5501a0490714d8c86a

SHA256
6afb66315a2257b61c5844af6a02e3b72ce989a3814ba2a344bf6ab07f411201

SHA512
65e730d382a2b3dfc6b6e1fab2fb410040deac70ef309f49ead35a1df052892562737f2d926c10e56b069e21715999009e2f6b631d863ccc0a20705a1a292b6f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
ff90b3c73b332c9b798cbe3430dfb3ce

SHA1
27c0280c1d3d1d683973a18b6e534a369e0bd27c

SHA256
488d8a612961b51552397f7bf37bb3abc3808dda2ecfec05395e1618e682cfe1

SHA512
965516ab64903dd1624ece646a2e559234e6d921cef6d3e062a7922fd5e6ba559519621f2dc67314d0cad156604ccad0e45f096e6063091af00c536b68fa8586

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
017ff9eec228ea675edb4c54a62eccfd

SHA1
60b919e778b156d72c332bef3fe8708444a69a7e

SHA256
3146f190dc97e0bfaa64e51503b23aaea5d38e1555c8877c6e84904123a478af

SHA512
c0b2bcac4c86b5a92513d7f9b1371a939fd6307ff2385d2db07468e390ac4e7d6d602342ac79e9fac8de8ee315c981cebd1b6e79301b1a1c9e0a44d3a75418d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
a765b50362bd043207476503ff1ac3de

SHA1
063f4c4bb556d0c5a5b38b80e4ee9811e1070066

SHA256
a82e72edb49d0ea62aea03c428de9cfdbd282e61f5a2aa858c349fce1427b2df

SHA512
dd50263cd96b0065ead1a73c02d84dc4be1beb2050701148312d6c313f40b1154413fa7bb06f05db38fe39baf3ff94a504e3e9c2e7dba35bb44017195b24d039

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d1a2c97a2f096be740ab49c353952c24

SHA1
511a7f2aeac0635b741c7a52b887440afd1b53bc

SHA256
3baf872bca6a054c759e53b095d65fea99a987e0c40c65bd354b16da2ab8a94d

SHA512
36361e4b9cee4269e742857c7c03357d06409079b70caed4e74632657518b8ba47c1813de0cf60cfdf261f4bf09bf0a3987fafe705ed40370fa06bcb7aa13cd6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
9b42abe43451bdc04775eeb47921fa30

SHA1
d250076c4aee1d04d52a383f5e5853a13a719b4c

SHA256
eb17812b46daf307e8c638b27e62b1c4aa1b53dbacb0c7185d7a2763e24b71de

SHA512
92344be9408759514c653bff7f3700e0054c33db677b9af0e97fcd75e616bf4398057a530e72134cd3ef1cc1ff7f744383c4bb49da8b8174fba2b378012a386d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
37f34ee5b21c698cc670b4e9115bbd3e

SHA1
f3e542454ccc442e6a9ffa012a3e5d43b36c1399

SHA256
f0eadd88b1bf7fa176002de0e5e430c1c8d33fa5954df669dc604074fe6f6f31

SHA512
2b01cc8f8d4477037e5519ac2e432b177cf1428a5aaa8d5b4731ce0fc3c1e4912d52f99773aa917eb24401f0aec89bbbc0f0a363ce1b7109397461fde0df60c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
c7fe26ed3a5493dd2e24e0ff4a243dfe

SHA1
4e09cf9a3911045a895f54d375513971c3976ae0

SHA256
3b4309260cfc2df173b05c310a1095c036959f9bc87f4821f290bfc4ded6093c

SHA512
0537a046b10ad27364ec4d38d4542e95dfd55d5bedb5f97dc7f1375904e66618ef17c8e858b5c2bee8ebf95888892d2ced2569cb03a38515ae24a670c60dd70f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
1a16b7763bd6dcfbee9034dcf055d991

SHA1
3972b70dc90de6e08011c07c7ae3e48cfe18eec7

SHA256
1a19845e78078e84b4fd436040c544980d28eb38a2be326873bf34199c525fd5

SHA512
15691455ccc5d55a31b83660549f463ebc2fbb8656b1ff2dc6c09ca93aee9d3db2c96db1704149e3520ff79d8c325111b6f1a6049ac12619ccb497d4df1f5cdc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
15823a28ddb2e4af1e91a73e06d70bf3

SHA1
86889b43ccbd0417609c00df4ad4522145d57cae

SHA256
73b3fe71ca45d827370f09e338fd65d3a750d3067aed4fd45d032a6a359dc0e0

SHA512
dbd73873ad2d680425169e25dffe0323324b0277031d37f37d1285dd70b0375eb8c94d93ce3959bc03e1453105c119cf653d80847ee68bc6f2976b0e655ae7ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1905f8d589e7dc321bff0c88a2ea2568

SHA1
79438541a5bee6cca4a5c5fde4752c6d4cb81483

SHA256
28f29e6799d4a673ccc8973204f86a3006b2d15cd04d51bc33b5788245dab5d8

SHA512
38244ba73f9cd96166cea8b7701df6555bae7e869aaab07d290e5f9178c94f68cc6792c05de328bfe96c9456916304178aa2ecf82097fb2bf703adab0ef76967

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
4530c9f378ff2b6015379b9ec62cf10c

SHA1
680d951952a68b3ef07332a80ea5e12517cee163

SHA256
52876db08cbe8be9e599cf16733ff153a74e19de854670ab526c3b5c97169764

SHA512
89d331dbfa2f768eb2a93fc6bbf89fc06379cdaa95c07bcd924a083f75805b0812111e6bc2563d4139fe58d867ad0e4d0f572ad7452dbec806deea51bdccea06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ae156564b15c8f30b8e25891e1c6e55d

SHA1
35aaeaf8f9a5fa5975bdc22d44b915b67f84f672

SHA256
c26b8baf5383b881c769551a4d307bdd7b8c7467d5cd9fb67f1429615cb4be28

SHA512
a08385569c827a32adce738d6c044e1e9cdf13e3719f9915555ccce86ff86ea400b7a195c0050447ff5f642de2bd2b1ddc85c3ed4263de8f9b5b4c7c5d7ec1ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f5fe5ed615945344a3e8e5e23e5203d4

SHA1
433e3049138c33813e2dad5386393310400f8947

SHA256
509ef3a79c2b23821819c202ffdf7b7c7d6be7c722fc37475bd2e1d0fd2add59

SHA512
3f09dd041f94c3a47b10cbd92e26dbcda0eab4195ef1353ccc387ddc07aac3f229706ce2a4ad5e78770cc1d5a454eb35a18972e0dee6f2014eaed2b372a8672b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7801dbd0528e6e752bedf197970ce2ec

SHA1
0f95a54ecc456d445f34839228258de975c2d72a

SHA256
57ec98eaf9cd4a65adfeb42c802d98c9990b64c64f4eb4829b385df81e556695

SHA512
1e563721bebee30a8f0fa47e8b8b84349477b8c6c6c6e1bff31b244699e1e321bcbb54e41ebdfb6fce2467de05da9ba9ecade1bedf7aa555567908fb92346b56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
070e5f17b02d6a28c23503e945acd09a

SHA1
bc826331abd55bf50d68a9afa8f26167e30654d7

SHA256
0ec2988e49c2ff6bd0755c17fd4117235c14a4186fca2301a8c95fcd56f4fe42

SHA512
8e720e8199cc7ebf208d1d72ae54ae58174c08301ce98f3261ab3569ecc0c37b090350a5f7012add4d18b634230a390c9ccc500f5c88e27883e8e9536862a217

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
9ab7bda958f25b29727c95e8e50b98ab

SHA1
c3578da4efb56af30cb058752848363e772f4bef

SHA256
184a69713f5e73d41dcce75a35ca3332e9d1dfc6bc43d3dbe6c03f744f087c86

SHA512
fd05f5693487c431c9c2748d672ae8f6a41e6f5d37f4722616280f730839e1da1baf4722c33ae5f1ac666d1e622dee3b7bf277315e7e1cee5529055eb9de1c64

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
74483ca63ce42a76a7c6c889553b2950

SHA1
700ecf291f65197b05b9aa3fe12b3c92b3ed6813

SHA256
68aa42ced4c63a6716b0845c1583e989508bd46149308456d4f8b3043c6ba0e0

SHA512
eb848b3732e4adeb9badab35f481c67a706b7a846e0af0a5ccf5cda2bc2dba08346735ebf218ff415799da43d055f646c2c73ffceca1fb7a5da0a6daa9a4eedc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
3db2ac57c815e2c23b853515171ee494

SHA1
06698306627203a6a603eafd18c462d9b03daa01

SHA256
9f32b182082bdf0f49e1157a8610e960b9965443c215dd5921097d67003e1935

SHA512
cfc7babe59439175692b238413a56140185aeae4fe352b25bf79d684cbb73ef6b82d9501cb80137f6602e7273423b065414c2a37ac510ca1445ea9de70d1e5c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
330a024739f54380572e28a2651e4e48

SHA1
26556f4f7685239c772567e97951272577b3ceb3

SHA256
a5099b855102a65feddf02ebcbaf1657572019e6018054a5c9cfd78b4308952c

SHA512
0ba63abed1a1790d2c41d04fa02d7836da2d1d4f389be1bd99298e09f9cc4a000e7bdc6800f68cacf819626dfcf4e6b0695e021abf4f5fdac915fbdcfc15e365

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
41d45744032d96684b98232ce169c9c1

SHA1
49d3579636165ff0a9d9a310a49f998635cc64f7

SHA256
6785b2caa225ea18eda2e66085138e255626d1deee29fc9159b2cb2d234df015

SHA512
3476c9c73db789d21a8355b6baa09cb2925870a38154180cb2fea6158524df3194ba60e069f327945449a3ae29ccbf7b74f4a4d14519f41e760970a9c88687e1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
0c58d6b1e17763a5e4e99a3a76440fb7

SHA1
fcf50868c0c8cb5c317338d329e619327a812ae2

SHA256
12a6d466e94c3dc0a2d8f242244dbffd6e621d683025c1a7ef76cf0276c1e228

SHA512
7eb0ecad097e3b529dfd290e15a7e1d7966ea62af8ab269ae7652a5631dbf397e91735b6ba17208088a02214023a3adbb84e7e868a2e5b9da0598fc6deb3efa5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
7d0120c2cb3fce4f159a71bd1626692e

SHA1
f5fc5cd0bc0d9abdab19455aafeb9fa1f3d40d28

SHA256
b76cb37e31137bc264366245bd9c5220e62ecfbe405d46fe5b3e2acbe7024d1c

SHA512
96e12bdc381306f3dcdce17badf0601f2af47a99d0176e3e2546cb65e217d1c5cf87d34ad1a674dc424b981d5b9dd2f807cefd28f4601aa8dadd613c12d55d67

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
e14c46524f0d423fce0c4acb8248ae6a

SHA1
d7e56ae1677c21029e54399e93962e6def3b3dcb

SHA256
6e72635b8146e32fd7e4fec46dfb1671eb7b59a2c162959e3683cfd089bbed7f

SHA512
2302c133dee53484515cb638441c672e37df5792f7f81c53d5e127873e460ad532fef17372089fa57b169806c6a053a4d005a7ffa8d806eda884d32dd2bd5f89

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
63f952ca0ec5081414ceae94060c92d0

SHA1
df5f6edfbf1690d762ea6f1d377e36b2d8972175

SHA256
1adc9286b47b60902abf476f40305e1129c1ca17755c0fd6cdf8c04de85940df

SHA512
8d09b570cc5e4e34bf673eff03ec26b4b2180f8cbac8e8c84bb01be8cb80ca6de77294589ef0395df6f0a25eae9fbbb9248a269e3dc591dea67f7391ef4a6204

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
50a699931b61e1d87afb493e32fb2729

SHA1
109fb2ecd3c5202b53a004ec2d4da33bee89b5af

SHA256
6995fba6e6e8b8de5e90d913cb594cd17ec3fc982bb42f98fb8ff9d602136ffa

SHA512
6d5df842b14301d780b6f7ae380459708789d23b5db5e2601b75b8a2eeefd67058977eb92ed93443243a235cc347d06ab08f5505c0166a172b3e438b097c1564

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
64d08afb5d184742f6425079150aaa3c

SHA1
07df88e5023c10f30b9ff8ff2c0912f6d79b756e

SHA256
bdb7a3dfa33fda22e9583eeb8adfa6c4eeb10e148caeb4cc8d97b0a991680d49

SHA512
0b4ed1ea533ca01cb2b19de87e149c65ad179e485a94936d187e637134367faa35d630e1ffed49095125fe2d2f4ccb3dc4dfa24247b12cb9e8e5448600bbc84d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
967bd2cfbea4f877b0295a5d8a0812d3

SHA1
75023c85c466c79678f35cb3e5df1d699060d9a0

SHA256
0e99c6b1a65baaaf745da524ad0bc197b3e68e9fabd1244cb5fb48d64fc01f24

SHA512
014473b42da6ec13d0563df81e4f14ed3aa3baf377c96335d4fd7bc9571a41bccfe453ff98df37e80ba3747df38642b39d347b8bfbdfe91a6b4b12a9bbc7352a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
6c8752ebeeee500a3533476dd0d7f85c

SHA1
7301abeef1d6b726e23cc4a8c8fdc032e820142e

SHA256
8284ab0f98071503aae1422645d5d8f04cb8d03c4649556c89cc8ae2084bd9ae

SHA512
aaf2b44a4be281139f6b7a25f07c7cd23501469f871787d597af712c2595c3bf340f55ddfaec2087a3a14035fd8d2321748e83e9778f913113308401be59e736

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
13ee7b3fa2e72408101af8b901f12311

SHA1
2ad14da20bb91e2623ab93000670175d61e14d0f

SHA256
a52e1eb97c1cc0c75abacae3849933dc8c21e6e9b2fb7df94bf4d884451633f7

SHA512
98926e7ac8e9cb0bb0b99c2f49bc075e9e7e86c61950924b1a12ef339e3907671453b2a6e69d0069a964821b2a572f6464a39208388419036f29897796d9fd45

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
ea440136650b4c9b77b990b6e6884277

SHA1
b3ceb60b2cc6f1ac431e64adc41def625f713512

SHA256
a54fa001239ea8626f62c9ff9505f6e59413b702853653aa2635db6ee8b87090

SHA512
dcf7872186727216160cc3e491f679fbec65eda88f552a07b9fb6e1573ea8b126fdae007d030700c8896dfa9743da46d3c557c6737f8ff5df9410b0e979a21c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
a0b370e1ddfaff1803afe31c43cce7b4

SHA1
b16d2605a42300edcb8863978b7fbca73f13892b

SHA256
99c7e3ffa5ec693f81b1939a9eeb49b1ec526663960588c4f3474ffbd5fab323

SHA512
07e59b1e44e7f854f1d82d7fb9fa87e18fb49b55bf41be0d31f5084f0b757c0a79052ee790b1653e0eb7834de3291b7bf671647c20b28012b47949b3d2968a3b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
6c98f4eaa810dd870bd96a8e9323f9a6

SHA1
16d4c3b2173368b771823412a4dab86dc1ec44b9

SHA256
1f211aaa353c1e9b3949a4c337ff7711b8102729b9f7a4ed7adfd499ee2e2342

SHA512
5e16aabc285f334bd0adc60b95e260341cbfcfed48d0482746711cd67507a70a24a92eddc19df70c760c792fb5bc0c9e442f69172fd49243c72cd01edd3b8da2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
0d5eaf0b38142c75ffca321e0b9c7423

SHA1
9d439d04d667153333610aab1008eb79bb5853a1

SHA256
1b58c294593c03e6ccd7770abad5fd2414f84a5cf929bbf692af2a35319accf3

SHA512
c55a92462a0e6eb8da5252e17d5e984748f8933d2589c6db11a1057aaef03e8f3848d52f44fc8a2d4d8ff1f87be2b38b9becff99ac23590de9cc9ca45bd97a44

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
8d573412f43fad679675a92a0d5585a5

SHA1
eb6e4ef7054900a51d1a68539bc22ecda5316b62

SHA256
cf7a3fb52e0cb775257ce0fd254b95a8ff166e7aa18cd2466e43d2c2a153d073

SHA512
dd8c1f492cb177f855b174b005e9d4528ad99d8605221c8c4edceb65426d6ec98cb93d107d02ff3e9ffc3d3d89958e93256b7a938b8df60a0c9a6e66ca08ddb4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
d46cf1bde09408587f92420c497ed919

SHA1
bef66c48f5742b391f07fcf42b8a2e8428004210

SHA256
74ec18e6a718b49997dc8ecec92bd14d1609d385fe9980ee9da825dbb935716c

SHA512
6a229345de4c646f3ff4d10bf6ab4c99d596db91490b3347786490b9903b3e5a658168b3f9c944d9a586bae0960822b0f1b28a845eede29a6304471dbd6c5975

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
a74f826920a62199034234f784201fde

SHA1
c6524c766c21783eb5ad8f0a67204b611cc8c30a

SHA256
ca51eb3516761c67ac9aac535fff62416590f0492dbccd5e6e2d8ba6f262f5fc

SHA512
2ede13421008daa59840039d45b0f7af71b2498c9a7bceb243f1460461c7c315df013ce14a1a87ecbc26d49579a10d27faa446a0854f57d73915b70e3cc82250

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
1039a4064d579d83a13ab94314ba6cf2

SHA1
34b280f560f6de554053acc2fe583f82d9580fac

SHA256
b3ba5ab81e324c15d78db838d101b2b485dd88e6e488d4762ffcfad8756714a2

SHA512
2686ec5921624f293aa68a824dacbe09bbe7165d45a43ee098b35a98c93a83868179b242740e90fc8b8cea471ef2f289b409345f29131f53fa02c865a4204eb9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
8611e10231f0de72fb5da94c67b3ccfa

SHA1
1edcebf5d7e1d53391e4359554812f8eca0b608d

SHA256
55ee69ae7a3c9c1a9e18e8ba8e2ecc6f0162607a4e7d7d4aee94a52ee267832b

SHA512
7878b5cef5219a7625f2886527f02770d59d6c05cd44ca26bb2541feb431468d19427966ebc8cfc5fd118fc62198a629a90227060f5a9efc7faaec8e47bdc1cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
297887c33ba79f66f2803ab6f487800d

SHA1
2aa7997b3ce16ee7a0c493d8174595b1a461b6ed

SHA256
3fd20bc7ac429af2dc0220f93d6ae5ea53e199e93ceaa79dab59e57c917a8230

SHA512
c4a9cc1e8c4577548dc8529f739c02f69d2584018247d5a922b4b77f7eaef9a288743c7b9d243d6947afdfa0ce0ed7cb49c2654af99b002b8c8f58f507cfb00f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
72a0fa27575fe882d9130c83b7141c82

SHA1
8bcfea0bb951ccaa200047d71ca752f78f35cd13

SHA256
2501b6869c5dce1d080321d93bc60f581bf660b0f471098cc20661493a868221

SHA512
fef4303582b2fd6738d6f225bcedf224166127abb568e35f0522358059ded71f03eab1c550cc5396c4332df327c3e95f51eb98d4a969802d4792d536200eb1c1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
03d0d22e53fe0488ed836af80d70ac7a

SHA1
0b02dea5017d8a6f8ec6a4f0e01a0a3386be913e

SHA256
515baa8e4c160777b4b07467c0f72388f253b58de7c0a663b366bcea64d6d4f3

SHA512
1d28b19e3f49f8ddcb77c0b02b6c242e54c9fe0e3ed7917e2997d8cc60aff5f07ed7e97559161db1eaaa61ec95142618691b906468c884518b82f89f07a68985

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
5529a11d5d7a7eb324f9950e0f01b136

SHA1
e44b31fd29c942dcee81d96a2a772e5248271467

SHA256
a3ecb3e9d970b063c23648e857e4bfd491f595a81a4ecafbdd63a78b5e9ac229

SHA512
1ff51414b742d557cabad8f30147893b3e7146a890cb964ff81a9ffa7855db83f5a83070fdbc7ad0f10ab55e99252b584544bbced0fbaf3ec4532bb121790931

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
551ec907fd26013c36ed9fe91e12a3cf

SHA1
59671a31c158dc9ffdebf32412d36a935d4ef800

SHA256
dddb7f97219ba8a35ed42b49aec069f1436209585fd5f578563b84fa5ffee0d4

SHA512
93f6aed3aa0727aa394c48dcc07f41fa7639970953512306d0df05270ac10b66cb8f3077af9dc1fff66e95799674b42790e0e6fd0b5fc00a7b74a05cf11ce08c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
5ba06148365274215671973681992dcf

SHA1
1a0361ab37b9940005fd977c6bded5a2bbf3201a

SHA256
aa7b1b7407acbb511ee8929747f5beb5503fc33ad117697c1912ea2d106a4e59

SHA512
d031433918a4dda2771b777cfdabace39cd031296d0b7f81ef7d002d0763e2f939313eda37e0ee6783581d6681caa523c861f68fa320889c9bf0947e7991d49b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
d3a5d1e4ba3746a9a9ce780a1ab2c3c0

SHA1
8b9bdedfccd80c814994122bfd76ba04ca478a77

SHA256
003549a0af7f37c137ee8a2f09569db17137b476c0c6b12004583e95397a1b29

SHA512
f960b89bafa11703ae962ec2073b48cf68cde077b848313846c047308c4585022449ba3343f999fbfead6a209c8a68b01ab81a354be29079ffa10700d9aac241

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
35fb3d528ae394c2dadb28b94b0985e8

SHA1
8c82340a75658858fa1fd2f9b274d70e4bc9dfb3

SHA256
fd3e8af2ea5c4d12347b595cff6d8664c5bd5e70a7e75408089a3288fd074c12

SHA512
362fbd47650812421107922ac2f510d5946a520dd08063943f694a114f55c3e5d7f03f7d9347a803bfd7c1b265c2aa4dfa7bd652b0de3ed25fbce6a708a965d6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d4f5b256be1b7b53ee7436e565e62917

SHA1
04e6f3aecd333599e646f3e71922f192417f7d43

SHA256
b9232a0045bf577a2aae7008f491c031b9ff60a07e7406c106d0f44c2dad6f8d

SHA512
a9d8834ef2427cbdb7b95010662484b59c83a84b552b724a0a6b015908239cbbf329ac4facae8c79632e6ddb47888ac520645899f04a22927767a82ea180a333

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
715ff5f8fdec11fef1b44dd3654afe9c

SHA1
2965d3627c64eea41c3c84421e9114b8e3b6a03d

SHA256
f1ea71ef72063919f2ba9d19ca960f17f19cdf897e93b2870d92312fb9fea5b3

SHA512
509c9099cd3a6f00b3338806dacbe1287e457099b212ce1f3e6bc55252957a73d157ed9c28cc4468258d7e2ef7204abb0b7c09fbd924ca8ffeb3579430d1114c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
b6d0ae44969a4223862bba821d00f3a5

SHA1
6dcf04097dc8ef31c0f4955c1f4d8cb9bea7f157

SHA256
1f52ebb36ecbce91bbf27cc92916f9978f5b93733be5400ab888e12a702ffb29

SHA512
983c91dd3e592c6c92937cf1659bbc79605104d442020f24d2a805d8a2d2bd3224719033569eab23905272a707fa5e7f49a047298d71f156e8126456e9287596

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
159426c169ce7a331034863ba26f897a

SHA1
571cf982ee0c9e95de737742d7c52057ebeb889e

SHA256
79afc08921639cf72ac8dbf5b35113c607244b2a3c35d0e7d68383e74a115588

SHA512
7018d97d358d3a57f001317e8893ddb205b775fdc9023509769146ce14f8a8d2af7d39befcc03265fa993b6b87b004933867ba3b767547421fd83cb00c74300e

Download Submit