xorist | fa437ba32cfb9a0adeaaa29e05d45a4dad3125494ed2f6cdf184244203d70448

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Size

39KB
MD5

9abc7676409e2b51f85f790a682a0e72
SHA1

0bc0a2f357bdb10f3fe1ea9a62b3db70486741fe
SHA256

fa437ba32cfb9a0adeaaa29e05d45a4dad3125494ed2f6cdf184244203d70448
SHA512

86945d6a2774d959c696b6a4907395b5f0efde716e897a9cdc82bae89f2025cb857a2c00b55c3a07ad1721aa0e964e37277d3d2153b009db8942a7a4029e6d4b
SSDEEP

384:QebFNw4Pk1itKkpAjjalrrVuqYvjSXkDCgSkORSmaMB:Q0FmBkpKjaV9Y73DCi2

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1652-5158-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1652-11789-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2486) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe"	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\replace.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dxdiag.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DevicePairingWizard.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\TapiUnattend.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ddodiag.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Dism.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\NETSTAT.EXE	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\systeminfo.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\edpnotify.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\iscsicpl.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ndadmin.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\hh.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1652-5158-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1652-11789-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK\Assets\VALoading.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-64.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-24.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\MarkAsReadToastQuickAction.scale-80.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\MedTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-96_altform-unplated_contrast-white.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow_black.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-400.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\WideTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-150.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\LargeTile.scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-150.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_altform-unplated_contrast-black.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-400.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_contrast-black.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-unplated.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\SmallTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Package.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..chine-dui.resources_31bf3856ad364e35_10.0.19041.1_it-it_76317e6e4376b397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_10.0.19041.746_none_03030718c597d891\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_lv-lv_4233ec731487e2dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.scale-180.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_10.0.19041.1_de-de_20508df04add32a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\500-17.htm	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_c56da04b0430e4f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_nl-nl_777a52723c230d61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_fr-ca_fac701f61ce3c311\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_10.0.19041.746_none_b97c85cac92fbe13\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..worker-v2.resources_31bf3856ad364e35_10.0.19041.1_it-it_cb5fe19400daf1cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_10.0.19041.1_none_394b2b83a105f776\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1023_none_8642e441ed71095a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hgattest-wmi.resources_31bf3856ad364e35_10.0.19041.1_es-es_c60bea0e87a424f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..el-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dfebce59981ec8f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hnetcfgclient_31bf3856ad364e35_10.0.19041.1_none_474ca1a7ed9e683d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_10.0.19041.1_it-it_0a790599674166b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkprofile_31bf3856ad364e35_10.0.19041.906_none_56bfdfa2d4d49724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.19041.84_none_d062347205e52d46\PerceptionSimulationService.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-regctrl_31bf3856ad364e35_10.0.19041.1_none_d0a7810853f56cd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.19041.1_en-us_5da52394cac9dfd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.1_none_04930b2bd1f9871f\Square44x44Logo.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-networkbridgenetsh_31bf3856ad364e35_10.0.19041.1_none_8087b80438f3d43f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\TabletMode.scale-200.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\ssh.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ess-userdataservice_31bf3856ad364e35_10.0.19041.264_none_1c9ca8878e62981a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..lient-wmiv2provider_31bf3856ad364e35_10.0.19041.1_none_b6e04df4280ebfac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-w..iodatamodel-library_31bf3856ad364e35_10.0.19041.844_none_5308232e9343b869\f\WinBioDataModelOOBE.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\ImmersiveControlPanel\SystemSettings.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_es-es_c82ea5efca98fd7b\OOBE_HELP_Opt_in_Details.htm	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpf-presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_bb8aa452b18b9835\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_10.0.19041.1220_none_2b7492093c8a570c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\Containers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-e..edmodesvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_8dd4d69454684850\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ingflyout.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_bef45f9f1f7d7c25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.0.19041.1_none_7b8a5c016543670b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapprivateutil_31bf3856ad364e35_10.0.19041.746_none_d621c6503f6ba62a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.19041.1_none_f725ad3465e95fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_it-it_f8576122041e54e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_10.0.19041.746_none_7282cab1fb01acbe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_networking-mpssvc-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_0135d3526a87e019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_ufxsynopsys.inf_31bf3856ad364e35_10.0.19041.662_none_eb48813183604651\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\UpdateRestore.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.19041.1202_none_d081cba554088913\slui.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1151_none_6dc4fe08a0051e4d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.workflow.compiler.resources_31bf3856ad364e35_4.0.15805.0_it-it_9785c4d4a0f1bdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..m-initmachineconfig_31bf3856ad364e35_10.0.19041.868_none_b471f94f5b1036ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..re-server.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e43d7212a194b1e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngshandlers-cortana_31bf3856ad364e35_10.0.19041.746_none_89cd79c73eb2ca71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-vbc7ui_dll_b03f5f7f11d50a3a_4.0.15805.0_none_c05cee4e743b7fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\YourPhoneCallingToast.scale-150.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_10.0.19041.1_it-it_616c65496557d65c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f11f9259d9e234b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_10.0.19041.1_none_fe5a9f39f9460f04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-docprop.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bfce1fe5bc80bb98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TinyTile.contrast-black_scale-125.png	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-naturallanguage6-mls3_31bf3856ad364e35_10.0.19041.1_none_0b8dbe58f1dcf7c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.84_none_3e82ed1fe15c67db\rstrui.exe	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_termmou.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_15c2e58517c5678c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdp-api_31bf3856ad364e35_10.0.19041.153_none_ba03948cd2f4713f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.746_none_367d36471bb01f41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe,0"	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uFg679gNvv2cs7U.exe"	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HUOLVISLWCWCBZB"	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\ = "CRYPTED!"	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HUOLVISLWCWCBZB\DefaultIcon	9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9abc7676409e2b51f85f790a682a0e72_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
220d5190830b33623267a13b0009bab7

SHA1
2387c028b4d3dfc1e8e362220cf3aa5f5112f0e0

SHA256
574f270c2020355b9ba5dc2866ace2c1ac273349c24dcfd08a1faed8ddfea5c8

SHA512
d4786ca356c1b2d4f7965ae7270b985be6f13c4bd953ad33d0528eea3f0646ecf8f468f9c5d6a87fa9df2cff2b7f2009d579e82e0fbefaf7f62b3f3b6e34f848

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
84db19f0de2a643f832718bf2edddffd

SHA1
fd13b78cc8f6c965e13e6c0ee9af28c174e1494f

SHA256
4cd4f43d5e063f38d1f3e0ea11f8834654504d6cf152e7077fb5dd85ee3b3b4a

SHA512
eb9b34c94b1e175a30ac1203f2f6dead77df93f3cc565ce97cb09422dea6709954f7980ee57d97754e3e07d6eed2d0bc335f4b96a022a0b466e867a8e42213a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6a864a1f48a29d774f1cda3558ef804c

SHA1
8a000de2264fe0858df48576d51af1f4cd0a0904

SHA256
155bad557e4b7852170356b3ebc7f9367c11f136e478da84b1e63ca304b35c0b

SHA512
2d95e2f2edd69179a32052fc2d0a4adb1816ce73bab63a12b5fa406b6bdd5df899dcebe80bdfbb942ecbfb87630a26ec8d0df414c2ff998cb26d207f635c95a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
56cc08f1f56d7b5cf49f08265781745c

SHA1
9a03f095c7af38dca1953acce7618f0fa80c56a8

SHA256
a3f43d8a7d99ced4f9443cfa16e545286b53b7be15c533989eb6daff8fa92c88

SHA512
01ce9ae5ed473707febd053a59ec1f832cbcd6466d541fe729be87ded657d5108c96b55091a26c86dbcb79336a23ccd5076c02db456adbaddcdebac2c75c01e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
9cdee13d98e5c593dbdc1a4e517bb75e

SHA1
a52ee3637873b209f24dfb87b86d228d2eb1a030

SHA256
8d65cc9a407fa092af5aa7e5c1e10b3b9b9261828ccda1d3ab262fdba0ddf481

SHA512
98acd1a62b9b85e6c2f00d7c387942f8149d77b76ac6a301e4a88ade7c097394418de3b271dc9ca9c6a0ef4c87b079d44fe877bd0c7ac3d6ae2b4c3e6bee3195

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
9eac24e742d1cea02149a0ffffe3184d

SHA1
06c6c3491e3e6ec56aa8df066d854673429aa6bd

SHA256
54edf9f804a5454d2954e3cd7fcc81713aea737667aa5cd06e7a894c652215b6

SHA512
43372b82265c1400607dbe103346564c98a06033307d7469eb54cd7d0396280be1a69418b09abf5935f1adf9ef7f5feedb73945baf1273c3c12de614f792a8ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
78e36d704fc4d9973b9e53ebc9dc07e1

SHA1
edc9af1a5988951e053a06f6f4ee11b88a629b8b

SHA256
237da0d91f85d439730dd9c560362f5153a544d7eebb786116d480e8d45100cd

SHA512
691467034532a6c0ea847a301d24e11538f87b45cb889789571701361859f368c0b3941b800f271bb2a4d4c6e7fe8f10aec3f94848e75097963a9178640b83da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
0776e4f435e0e8d7eaedeab38f1e8841

SHA1
2b3ce743a228926e9535067735d726e8d90164c4

SHA256
de741a721788f2d01bb8ffec679871ca047413c5dc5e8bbeb02dca47f72ad862

SHA512
cef5571485fda0e80e16525bb83d735e80715d5ebe5652b7975d6099df7fe0ac5cb75fa29e8d6dcc7cd68d49bb97b5355b8b4c63495d5baec9d32a598465dcfc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f01caf6c06f8ceed4670083dafea5249

SHA1
9313f15d3fd6eb00aee3b5681e2a1b9902255e8a

SHA256
9f699eaabdf5c1706e5c57ab0660b54d872691f37964fb46a15e883c8c5f97cc

SHA512
9769f7bf7a091d694d063b9c53b2c5e2cd7fc324bda7bde9f8ed5d78238ab47b502448b3bb17195c5efae7c1ed8a054368986f0a4aa4e5d582e7d5e111c54359

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
34d56a2ab85fd402eefd8aaa5fde18ab

SHA1
a3822047825974364031a4308a812387c0b261f8

SHA256
9d305775d173714ce318a2b0fbaad4296a0f08e043a5b6e30ee4a767bccc463c

SHA512
0f7fa480cf1b2bad7930d7ccbab822f1d95d57ca80bb2263ab49e1f231e2a88f408f7c56f88c7c897054d0187d83e70af6a541c9bba19a2ee81a88e0c0e5ba6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
201bb53051f80c7082928f5518c0574b

SHA1
fb2a663607a618ff8b7579cce4e219908d29ba1b

SHA256
84e650fdd720f288b86438cf755b070f9f3947819dce774742e8e7f34b074f27

SHA512
ed65cadb0fdf78a22a408d1d5ceb827c6280238ece6c7622be57bd61aa44a317784efc25ca6a28a45d96a66b86d8b25a2e54b1c7757122622927575d901677b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
d1a66c2fffa6e9f73dc3d31f45004cb7

SHA1
89a366aeccc2292e2a74df7a5f0cec9ac844b541

SHA256
c1d2eba867d1bf0c684eeef3e8ef76c6eadfb4ac6487d285d13d6985782ab6bf

SHA512
5e3cb5dc6af80d57539982ed6aa88074ec09720606f67dd16cfe9c99432d249214bf0cc8e4d727ff89994c598b96d0d025e04b79a8c1193922f99346438384f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
49f86952340adfc252f8e0ba03afdd0f

SHA1
d1844170ce024608b1a01062c45e6349f9ca42e1

SHA256
a2c01a56eb20dd18c7c205f2c1cf6a1378ad6df36278c86365b834e346e5aa87

SHA512
d9caec6b4484504af81363e79ea74fa2c54deecfa45545d743e6c3e1563b4dccf34d11f84a2959205b6eb56a99ecefba7338a5cb6bd9e09f34c36935336b819c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
8e6a73c89fe4baa11d5906d6935ce3ed

SHA1
672ca709b6e6909c466ec7bde156e86dc90f1db5

SHA256
d441ea8827c0775a18cdbfd2996a8afe330b24bacb5b25b49a100e420d186078

SHA512
14fb7e77ff9695540479fd5669bafddb3e20a9567c86f71db2891efb26b81d87e4060017e8bca56323343f57489d6ea26ffea15088536a2541dcc0f89b0487e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
803335f71cdafbb5e8ce82e1e8d127c0

SHA1
f740c38f453c71ce162c378a10fceff5cce556fc

SHA256
a5e2a52d2ca7f67dfd0c55b898ad0d5531e0e8ad14f6f5bc269c31f3647d321b

SHA512
a8a4288c1b36ec965faf45d035d5ecfed8cb1a04a011d162f0c354e2e0a1fc22431fe5ad5e6d512615eec21bcb0ebf5899faa9052fb20f50414e6087fe5028f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
3685922457436908088f4aa9097c4f89

SHA1
51360ed38b8b1d0981a076f4e378520dd45d9a4c

SHA256
005a86fca56fb8412f557caaf61d317f8c101088f79883790f31f032d6e9782e

SHA512
52a5882501c3de727d8f2e283c410e906f21c47fd56a54b0c0463d2705e501475cc898ded63d65763e23a1f51b3b1b064556c3c4514ca06f66806059fcf21bb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
2457da7889c58eef372e782edb088cf1

SHA1
611e2eb25c0a81c7447d2c22cd8090439c728e9b

SHA256
7abf7ca38a160a842803e270966b6119efdf9ab1ac55a797d9be13b0faef1cc9

SHA512
4b21cd8708c989298b760a69233bf6843b6cda56ed99d328e98cbd77681b34acf300b629e4c3ff94e232f088f9a59f5484465d19c156a42e19a8b32e09198a5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
a29d42bbe9c0df4e275e2002ffade3ed

SHA1
5ffe0e87d6524e6594212bcd3e98e78c5021afe9

SHA256
69ef3ad67e2a4058f5be08c54fc67fd688a68653bdb06ce38df8cb81d2f71f9e

SHA512
5604683e4078f30aead3f14df41093e109d437a7f85df5786a2f24bb990df7eea94a8882b890fd3d32cfc2f51e13261abad86119276a6322d447a5e19b1bd955

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
59f9a37babad462ee67bd234f7d40efc

SHA1
91bad26a755cdf34374c91a15faa40e3bc30be23

SHA256
b0f750a17d1c2c76abcf35462cbe7373c15e76e97bca217c45ef0ff38f420610

SHA512
118debf0d16e8bdce93a18941847c2ed995fa141f21f61cc4f9f9f35bc4a04dda30073f482c5b8c9b6bd408e6a3c765aceba6335b447fc3dc7ef762f20932be2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b4b1776ee9f5f6dfbdedfe6c91458f48

SHA1
b15ee3447a98cc2826391fe16f945824f08d5a3d

SHA256
4015573d49c74da0c270a8ce6bf7622aea738e336762c44c2c8b89e7372c5a5e

SHA512
0a2bc91f3826979eae0dea7eed27b8a59881f0be8e0fdbcf1a7308cc1efc0e4cd303c20df13d37ffeded9b8c779dcb868b8d92c33c0e8aba8f7aaa30314ecb3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
9c8063c0fe03e6094228128bf2446c9f

SHA1
3493feff8972addd37c229ab9124eec8e6669fe0

SHA256
5099d47e1cf395539f757bef1b4e82f9fe6797bd1c16e3dd4681b1ba40d06c2c

SHA512
132543d7e71e41ea3fe027653b6fc25c92401ded9b96cdc89de8aa83d5e84820623a0fc5df5fdccd18ce17ad29866ffb0b5595bd9a3f8bafa9bc841a4adfc892

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
6377b24622d7f5c5dae3dc4ee00f6a0e

SHA1
8ce85cc8130c5810f2301d88f5be4083de9981e2

SHA256
d522cc906ffe0a99e5eda4b5755119c87bc457ea2471df074ce1c9a89c6a20db

SHA512
b9a3fa4ccc51a775bde35bcf70eaf624bdfe6b0e8b5c15181ae7308f42edc760b73f11881a77b20ff568ca40004849f67a8a8bd6e7c9c71839349d719520cc91

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
69a348e76accb608c032eb2e08206e21

SHA1
7aedfec8bc6b0c8fe50c3b376f6ae45c89d48a10

SHA256
2b82b2c7cad46c7414ef356ab08ffcd4498430402dc28cafcff83b7cd649ebae

SHA512
fcb6ed71f51b7347a3b4205b242dd86f018c2d6dd587532baeacb6c054094b1b74a2d3bbbc643b1fa36429a4013ae39c0aae4c01794fb9c38062187f81afc83b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
ff5a2e9716aa43154c030f034aae3bd8

SHA1
83263c91a06f1132feea3ef2343b19a61752237f

SHA256
d2890af705c3e28885ff6af08ad91d608976f3e36ab7f2ba75fa8ab12a9c060e

SHA512
16eb8a7cbed31ca687f7c3abce59734cfd2a3266a0957511f69471f12a8666fa71d9c62ed317b957365744fbf6f850894dff770a6fc40688476086b16f4abdeb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
3f748aa84c7c60d5f1aa05e7ba3f1d70

SHA1
7bd9439fbcc3279b0635a7836beac0e5b3d292da

SHA256
312ad0291422bd71825090ca49286f64061f08eac500c8b4a253a7d1218cb3cb

SHA512
4b7abe38c9c7a216b3852169c46753369e9e1301845859448dfe7e38224eca99fb8c4585378e9d2983f38f82351467cf73220033d9f58b6509512f45eaf3a140

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
12028fbfcabd07002981db05594d5538

SHA1
3ad8b088f2f4ad111a5956612609fd47ea3058a3

SHA256
1977b15d9113685bcecddbd2b2fee73e6021c1823ea3fae8b7f9a52ec16aa607

SHA512
6a2fecfec1bbf3e7fb26cdc50bf062666be9c979467fc943814dfe3586419cfd4b055b364d1a7bc3a82527ea2065edb3879c2271865fa9e3736484850fb15cee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
5cf7bcfe158bb3115d3ef030811f2e54

SHA1
ba0a5d3dbc932d657f6f5a63b2b48066f2b7a85b

SHA256
1443415a7bc97440716e5b19c2a3ef548e662b9072e1648d18f2ba188b363558

SHA512
0d9bfeb411055554650cbd9634d5374843fc790b3814f762670d55e4077c6a0b02e7d34ff49bb665c5cb59b6820d4e11f2d46071b463f242452d8cabbd48e04a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
5cbfcb78f1d5c64763364f6728fc09b4

SHA1
e03f89a6357cea57ec9e13e009360125e0aad1a8

SHA256
98819c67a7d4314a1f2e40cbd64c998b8c6f18823feec596f15b5f0e7dff5331

SHA512
2ba8b8bcd11b0497d9c52757e5ecd254bdd33b5edae47fc8e150a0baa2b5b03ace714ad3e2b4277613619485bd63c0ca0e2a41ee695f95cda47e436c4e8e2e8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
caaa32683d26bd4c1998ce593e329d3d

SHA1
81a2ebd5e963fb8f1a77bb25f0e0a89604d370ce

SHA256
3888993525c690936e25b7f7546b8ea9c6226efbf3cd5d509dc19f6a6f728ef6

SHA512
67b139f164fdbd08e2b05a49036de23990a0733dbe7c8bf4efa1b7da373babb65dceb032545d3c2a9f57a74764717dd723703a5af35438cb918a5964f6719a40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
89d58def7310f82f0d7749646018b5c4

SHA1
63dd6bc71e61b054aa989c786f6db2143c738429

SHA256
ef30c724bda64e6a8eec30d9c400cc2291ed1602f623cedc1783c70583612d69

SHA512
8c779ef4ef52bbaa71e2d6f2746fc368692078984e562579af7046def857710c36b46759abbc9a86fcdbbc2e222e35890ad0889b0b2d220c6f0d887575fb1d16

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
69428b9cb1281e7dfff23fcd97029257

SHA1
157dfcf2a01ee21f5ac19022acf50beedbb2410c

SHA256
529b739272ed6f5d4b250db9d1fe47316bab720a39c59300317923c9ea1cb882

SHA512
9ddaf697fa8f2b9a04dfdf70f7aedcb01ec1a73ae607515c84297e2a5a5a26b546d14d828ef4bdbb11825b38afad335dc0872d7dd958f6bba9da08c794c05337

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a9583971a9d4f37899620c0d33860999

SHA1
2de155ecb9424a4d111878a9548f3c6ffba831e7

SHA256
534867b5a16e564082e8036433261e9964faed801390cdd8982ad9bf4139bc27

SHA512
e265a6a37df0492a71686cff761c044b41ca6e194a8ab75213a58e6b410e23693f8dc0a4bbc3753c5839710ccbecbea633ce264bdd2ca68547d03ed72dd94ef9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d0e399e0715a21c8f1710d22227197e4

SHA1
a2689ebd796bd670dca0b31c40ffb369a97705d9

SHA256
8136fd8979a7279b2c891ff746a1c5ba7c115bba1239f4ce0207fcd706c6d298

SHA512
183ab3398e87199dee4ce62c7dfad75941d09da42deff7fb6402b06dd5863261b4b16b3fb3843069772c4cd76d10b94f9a1129c7926ece4138da8f69af701037

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
056aca9f51e7ef91f82aa7f42728b65d

SHA1
768abfa029d0d90c8d8a16ed06cd5ec4fa7f7cf3

SHA256
aa63cba6721a80eb6c9618b03d1853c80a2f8d8835108664f6371fd6a40ac781

SHA512
ad2f89d391db632e66d833e250a253e8cdafe8aeb80325b2c95fbbd9bd5cca0e383b175aa1a12dfff2014b801e118111dc0a71f34e9047bcd220c85fe65672db

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8b1d0506b7c928e583ba985e1d605df0

SHA1
8a820d8a41e22eaebe031fd8d538ac020e99f692

SHA256
82424beb74c5795c3fcba5486050ce3a7cfa66c62c353d7dd2d85716076a0cca

SHA512
b589fe4925b20e0c1bba9f4c3d8cfb60d530a36f22832ba898eb1835a9c7329bfb9d060e74bf7548e9b3d47d0505a492a07d9f1ce6358c85ae8bec37ebc3c0c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
1b2078343907a4f9245ca6a7e6a16e05

SHA1
f260ea4167d4019a52b4e8112404579ba1cf3f6f

SHA256
b14eb47b947aec52ecb612a561eb1ab341db8003ed3afd792547ca0f597c934e

SHA512
14f99464b262ac54f8d783e48e31bb07684d75ce83e3d46ea1cbeaa9578f268195cfa44ded22fb70d806213b471b09ee0703a4f4cb6de213bc00a0035479da2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
baea085c8856980e140b96df5616f666

SHA1
bdf5db792d6ca9b4c107e9a03ee299eceea6da82

SHA256
374d1b5d91fffa8b211af3f9513afca157cb094e9e9e3422eb87843b00d77c88

SHA512
cbca101053f1168f1d751a0dfcc3550f3dc66bc360ea55e16e07116cf68bffad143acdf60226ebf345a21cdccc3c424a28a68993824c9ab2e2a39231ae93269d

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
292f60a187e51250f36589d8127cf921

SHA1
2a0c14ed76e9f09807b4b98c1e7550756916d983

SHA256
0752ffe97dc766115cfefc61e145c71a1ac6fe0137e30cac96be25c506cdfecf

SHA512
22d94c9118295d6b118ef57d154eca18a0ad979ea10e4bc5efa913f43b6779e8ac3bb0546c859d7b2328c72d79b108fb5f64a5fb3dda9d82211c8b1323ac8c3c

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
307B

MD5
93ba314b38cae5161f5069c29a79cdda

SHA1
898e76aea46705f3551d98fdf96ec4178e97694f

SHA256
35fdc0cafba7a29bdd5aa01d7cca04fac658686a5d78f2df6f2b9c0c432e38e2

SHA512
5400f1749292dba242e3f66683957dfac929aa9d668570a00a36cf92cebdeb21530be02ccac898440f8ecf6c5e7d068d17d1d7d978edd74147e254f2cc047efa

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
e11f42ac22e37e7d7257956375c3f091

SHA1
99e02091ed279a44a7a522ba38da3053116399a5

SHA256
56732b27d5ab3b96546374c56ebe21b72f5074788f2ee4fec3c2b3e6bea51a3f

SHA512
245e3f95969268eceae1ac42c5493e3403f43a83db96a6de205ecef7542463461e5077b9ba5752d407e2211da1d69336e69eb63eee3cb5a4ae7dc80679b7bf73

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
8b9e5aacfa13515c38398c3329c0e8fd

SHA1
59efd7b8fd200a1e27015018671454f81b43d563

SHA256
f93da25511b1002951ceabbb65285690ea1b02ca7c2e167cd96f74020306397b

SHA512
cc4dec704405a3051fda09df1740c8d2ee85162b25d4dbb6671ea501284043579818f9cee49c6d315b394d72cb19a5c00283607658e11d34fb9ec7c8b098031b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
2e55555195dd89cf36d75b851ee72818

SHA1
a5bafdafebd8639671dd068c104ab48bf474f354

SHA256
6d7e921098f501e91da6fabb1c4193114ba83c76f08a9435d1fc518473928a92

SHA512
fc5151a95f877d99c8cf3c4028af03e73a271f48defe32512f4c45d12a196eef1c6a506d9ec9ccf820ca8bebb482612aa4ccaae4a13401ee3e70f586224e9cce

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
039c95fa699fa1a8314f059cb655f12d

SHA1
a3d1a047ce732dfcf48612d88652441e6fa78331

SHA256
65a4d974f7197ed261e42f281c06403cb6eee421ef8ff6db2789ef83979bcc57

SHA512
29549f105f5cacedda50afe7194d32d66bff41afec6ad403d3bc97c23fcf06e56a1fd122e0c0d8d6910f2385b64186d2776bfaef1f9bac8cf77aa7aeba5157e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
8bfd5bd2aaa1a582d8104f4cea27314d

SHA1
c663b619189318b6b34433a55cd60602ab2b9389

SHA256
6c7444644d5d39bafbadf52e95cfbc8131577ba525c63afb74d12527b03414cb

SHA512
70a22d9a9521c28f216d829f0ba2ff8183df80d145791069bade6368860b36ffa69bab08d4d56ac49c09150bc7728f625431eae46bf85847cf43b9867b227b51

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a6cc27b2945dc573f5ffe4e3d657ce13

SHA1
f3ac16cf03f7c246f4030691114a245e595713f2

SHA256
6fa2c4da9d0aa328280170342c9da3f9731af4a6e9af5f307595b726bd519e0e

SHA512
935aaa3def291dde9a74734a83ef1d93ebd30bdebcaf056eed6dfa09f7bd44f9c0d38c1cb7b7418fd8d78aebf1f70b4b80eaf660edaeac0e90996ff884b13ae9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b29668945a84afcfd8ff572b8c0337e1

SHA1
083e7facb2f0e7db8a6c31f23186298bf8578d57

SHA256
9f36177c63c8a4435ae0dcb3b886ab43a752c6b90007e229b16e0bc4274adc7e

SHA512
06b077d83045913b69488d6c8c479bd159045536ab8f47492e053ccb8b15d5e8c6197dadea0b1f41ba4e77741970d5e0165d4b62af4ff458b54cc084a665d9a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
3daa1f3afca2832a88803a06db79aae5

SHA1
84a9d3dedbe684677788f90dbaeabbb5ad7c269b

SHA256
44f6ff95546816f44b7d37b4dd1b7ed922cf0c35cf3d5c963f095c78600a528a

SHA512
c0f9851565d52415c23cdbf3b28d856d0663916a25b265f42fd20fb6d4be0f26f0dee2efa9dc8a57086e1294a5928afbc5401f0fdcbc00a7f445add5432efa17

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
75829af27aac4dd5ea16a7c8c51bb74d

SHA1
20adac6f09e271c2a1c400d0b9cdd42e85785d7f

SHA256
e8f98d2394a9137c1bb10dbf84ed01cc8dd06bb7a561ae86c083bfb233c73307

SHA512
1ab8f4786330a9dfaa01b726f5cf970fa135561e860991260a44a93195f62935f41392151e1f6fbf0b6926c72f8df41abe39e2092ad2333670dfb90782d140fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
0b0bb26eb23ead453d9ada93bf218365

SHA1
61147edabe4af6dc4009c67f2faad53bdfbe4cce

SHA256
8cb40601c8d238e43706219b7e0e5b20bb77eaf8515ec1b4a989fe1f33d58221

SHA512
5c7f25d55d7ff87f621197ca211c9d3d0d6c8dfd4f4e0548d4cd510579f26afad8128013ebab58eeb10eb90a297bec7de107dc8c885518c57b3f87c4f356817c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
de35ef61f99eeb5d6678fc51e023b40f

SHA1
d4a8f8dee0015ffc96cb123e905e0b59acd6f014

SHA256
ab3062970d7f9a6a720dbe05a3ecbe76afb837264a55b2b9f26516af7cb86bf7

SHA512
083e8f5049ba6a3ce1a3e8c5ec3f91bb12d922580a0f9c03debbdb263ec9e697fc8531b2eb47131fd6b4aefd9dd08602d28b0c447a04c73db44103120e68fc86

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
a7f037e43b47efbe282c5acd9e6170e7

SHA1
50b89f2d152905097100f4264f4366324ef5c8b6

SHA256
6643cc4e90940f21eab50c78bbed983e811bbcba02449ea34ffa3039e97a908b

SHA512
ac61ac6808b28274f605a9464bae31fdf68ae4a0ed4e4646f397d1e6113bc4de764f938de9aadac6247eb2a1384172911d8d3bdeca0b1ac57c1b20011af6b677

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
8556892058f35e487ac25d7c209364ac

SHA1
d6ce3b4738b0e62d9ed08ac1e8fb189404c04b95

SHA256
d7a688e1b5ded27e68b8932df609201600a17d552f3d2769adb28ed7e05f2b9d

SHA512
b0c3091c49b701d4945b5904e02d4e2f2072e0818c24c8927f447aa6d41e58fd125a6a6b040c5e630f379e798f20b7f43b68411701156cdb5c315a2abc00f1da

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
778879f7601fb39ccf46451c399e2ad9

SHA1
fb6ad178f09d8e0222057f3df583b61b8f2ee93e

SHA256
170c5beb91ef5e1483126c4cfe2efebc8761686137d752d295d720eac2f191bf

SHA512
dac4e50c8697ca3c96bc2a5858770ee6e1193182c92439122486b8f5cabd601fbd793b4d058ea4de2863d6d22c6398fc283e2bba343b62f52478e6d5a8641854

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
292b07f476fb803276d022ac800f1695

SHA1
7bcecc2ea04c6be9b85c7f8ff4321c5039d6efd4

SHA256
cbebee5a94ea88ac88f0b2a57b019eea55e33a281bf3b7b749df22204bb65309

SHA512
9e4f63476955db6ca66008e3b728a6167e917b9086296c3c1ec37d3c8b2f988173ddc69c45edf47a804fa53ef5184817df31ba229d7481a8f36100eae1de6147

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
850c6d94738dec68f2734691cbd7af1e

SHA1
2091570ff04b316ad75caab44ccf0498b0b6173c

SHA256
ae99b48b4b8610298b520c54b3c1dba0394d6c65ce75970014792d73e9362226

SHA512
5a58f68872e3a0876f3c16fe82a28ba75376f8373079b9efb45636792ac25b0ef2bc3279d1c9a732451b419633daf730583b86c9ebfa66644888cea2932a7276

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
2ab553f185a4db1663284b54dc69a2b1

SHA1
699e28569373775e32d8a605c7ff1b4da3cb1423

SHA256
4d0dee54bf13aed112b461d3918e6766eb30b800f8c1dd15789fc6fccfe3d0e1

SHA512
e256d93c7079d21d133854e8f4931cf406665a1bb0e40151a7ef841fd83f7a9c62d06abf14b24c70ff1f32a7ec597b5d15d38865ef871303bd051033af075b06

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
c0baef6aab8bfb39f000810975351751

SHA1
69c3794b63ede0cb3bac5fdd19f63fda1d6fffcf

SHA256
6b9bf7655d01a48b31b7b9691537aaa71536ed87f212a8e4e74e44206b6aee6b

SHA512
e248549f61f30293326300cacd0b89bc2f3b15e20ddae67adde51afc4f534ea6311ef57f399113bdb3a62a0bc9bba3a9df4fef49e20750ee6b6e451705f0f850

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
7696b1ea5d65d19432598f23de73c304

SHA1
0e311afd40f7eee599ca8e57b04ab1ef36141569

SHA256
afb4bd0fed7376cf7997f0fde65eaaaecf064c014088122a33057e2162ebe5dd

SHA512
602ae26e6917c2cdb088a5c67c679f5f1c4a5652885ab03835d51e8e6b1fe607486a589313be1da9064ac51accf509250c894ffb92afabbc773738287fdebc22

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
f00551bf43f631c53384878d6aa71cbe

SHA1
e09e29e0e97f9d0f3bd67d02d516d6d325a7d045

SHA256
38d19efffd3ac51e2b9e45f05e297e2c4aec1c70d8760cab2ed64f6233f35d1a

SHA512
f862026ed504161ddee36fc8a8d179444b5818db66e0fe24252117991a79bb1e6c6b7aca6ef5c32cd3fc86ec5fa293f2875935181647032c18bc6acdcbf0a3ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
dc0168d31ecdaac8bad8ec2238f46ae4

SHA1
a6399f9d02b925b6a997e75aa720a1941dc402a8

SHA256
b1e84ecd81d12a909e1c299434b90c5aa984981487239bce6bf9a5804ed388d0

SHA512
ac73a2e8b3ebc1ce7448668522e86041195babc3d4ecf100fd422f955e91b28c2a2ac75a0624c8d9e6b262d286cd292288eda125af2b3a5b77092182402af2c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
592778e936fb4c7b4b9f7ae05e5fc04e

SHA1
b265ba82c964622db5a4c364118b2903b9447622

SHA256
b98cd43216d9641117b0ee2904c0d14b9bc024785b45ad2432186247f8aa5fb8

SHA512
e00af59c66ee462c87cd758673ddc9d14017b64db06ab9510cd995bf4a2cddafa730dfffc49c9744de5813276e75c5f38896f26b0887963c6ec9c274b1a68af5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
5cd55d7ff2b350e6ea48d5a7b9f5432a

SHA1
68d670bb9b4a497c556302c148857deb2b8c82f9

SHA256
c859e4374267bb4a3177c90d7e6ecdeefbeb05565e47115483ff0e914410e110

SHA512
b9d49d7f7f50fe3145c4ed8d8c784bbcd49637c75c0080e065e63ca90ab8f3ecb4c473249de9eb3ddfbf66d1ab58b36e4a91a0b7d669d96abaff5318ca8bd6a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
cac0889859a1cd917bc96201ed204f1b

SHA1
d27f075a3da2a9bdc598a669b7a817d48adae0ef

SHA256
27f40aff3fb2887d67142c5b75a424c0b1c0f50513d5ec58535bad28302e3c9a

SHA512
f5153c672ed7bb65d6bf1b1a12a91d1b393faddf1089ac42c67282759ad5a06c6dd4fe18d5f9c386ca6ebb763d65d0668635fa5201813340dc93f3076a7d9d7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
75b8eee84e9515b757601f098f8be7e4

SHA1
be247b47c5804c87207e3284cc55a828d9769f56

SHA256
6ac9a81aeedd6e0c47d9e3083bd83cb58a2da2e28b30d963207eb82bac7ccb30

SHA512
a4faaa935967b2eb88e2a10eaf495a04e634de5c3b7da1a3badbb1b09f1766ee2684c1b02908ddc8a4385187fb86a88c623ed53eb7d6a8f713eccc548ce00061

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
89b8a9676d3c363db5295d1cfc24670e

SHA1
1b0536a0ba955e6828182f0faa5a6e4b71776b59

SHA256
7cd93980460dde3934440709ecfb29be5f63cc6ed2da0133b817fa3d4806efcf

SHA512
99cc3c5df7c1b39257d961529569bc167c73c5ee3f02509f43d99b7c297b9c7553494d676f527227f6afeb05f4ee32c341956829023e0d15d033c2fb996e81d6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f234f8a7f3e9b332b3076557d10e8385

SHA1
2cb2978f16e3cd0cb4e8d233c46c08e92f5e16c4

SHA256
cd06761bdaeac6f37614ecb10c76b03d78364eee7197cfffd272a1e3d2cf5a7b

SHA512
19292df19db22f7ffb6c4a60afeae9ea4c4799cf303d8dc01137fde4cfbbdb349936df99e666c066b82da87eb32f35c47045cc6297ad641bd1fc1a27b480a1c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
681185f330d2992fb470ade34396cc28

SHA1
2068c94c19ab58b8b4d54c2b01949ef56439f597

SHA256
20abefce3954c5a97158be258be0ef7816d6a3d78278b0c87b09a2fb4936355a

SHA512
3aec320be4deaf6fdea77ff3e57f0f86a404ff3cb9970b733bc96db128ffd91b32dbf0541ddd1696aae61fb2180c7a64c4690350168435e18b4b7e2db956678c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
086cf619b9cee4decccb9e31b9e609a0

SHA1
27bfa5fd1948d5f6c4d1d8755f97fb472deb8781

SHA256
0749962dc80a3d1fd899aa8f7e4c51fe7fc48c2db61f16801f4592a90d8fe9da

SHA512
21398788e93b9880d3d94403a4a2b6f71d82215f8f0e0bd0ade7d13effbba9507b271d9690cfcfdbb70331b58f13868373c2baeed653a68e4c05ee40dc26d098

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
5503320a9aee1af4bf24f55768419b28

SHA1
313ae10245fa5bd34401f75aac92e0c7af679b87

SHA256
bcae3af30b0d90b71d45d0ef82ccacefe6b04ffb4da934bddab78981c8869b6e

SHA512
e639662a430baf0063024ddc7842567b93ddaa89d1a467f7f2c5cc71fd09f42a4e2400a259341ba4c33f1790decca9c8180ed8cfe71c1d913d4bc4bcc0b9c8d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
d31738546629a721fa4bce19b34dd489

SHA1
eb38cfa94055b93fa74d3859336f614f398e1540

SHA256
96c9751d5984582e70e8fdc35f340e424b1c1273a16f05b97457f0097bb57764

SHA512
d95c0104ca8ba21d1432cfa64d3682a0dacd72da8eec98dbbe710f976ecd8b4f333efbb84b528809071342a4fea2e8e09daa4bd968bfa6423e200d74d7eaf4cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4f17898a8cf98490de4c42add1eb6261

SHA1
0872a93106efea4a6b4eb861814e0cd327e4aaa9

SHA256
753e96bb1361d568c8b571e1236ebdc39a42b8e8c6bb8b611fcbf1654357e562

SHA512
1f623d6cddbc490950a0827775fdebc729a95aedbd9d36fd32080eab943e06d4783663c2999ae48702abf478809d5c7cc4ac1655d8fd17bc8ee220a4d785af80

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
a3a79acbc0712840aa83e826ba9a7213

SHA1
37b652556ac7a05e23b8afaac450f447b3c83c65

SHA256
7b16c59fd6c5bbe5acb393dd4a98aa4bdfa5d0dcbe529d6b49ad1775680b0138

SHA512
bdbd4dba99f68b853a484120029c2e4fa25a3900fd700ec64360e90df275b2d27160f90bc44e5db3856d5c150b246cce53acb1326a056a9b1df3f541b2b2c578

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
eee91f1f9308712d73909a2bba6042d9

SHA1
813a4ae39a90fbf14ff806cd93c3c1bebdb7c218

SHA256
1f9b5329e7c8c32786bd04a553d7678722f8e06af8bd753ce7f53990883cf3f7

SHA512
f760bfdecd95c80a5b64ea880c51ef2e045cce9870ec8342b08796dc6a83b0a64b0cceb71582a418bac8ed89ca2b460713c8802644629b98c33a7235f978a20d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
a2671afb2c1193f3c2e4d62acd7b91d4

SHA1
ff1792a386cc4dc73e0277ee74a002bd5182d438

SHA256
34fe453d941d1db260a1c50732217fad80832571b2fb91a89915e85027588124

SHA512
b98ec878c6e34c2ca03aa89688da15f762ba04bd04f66bed2baff608467db03fb1b70cc10e9e96bb405f150c1ecf0232555742e6ca3ac2295d6be43b0a34ee6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
d93b73dadae3de919a8fcfe3c158ba10

SHA1
635fa817a3d8c25a5833ddf852b6b777847fe42a

SHA256
6805e0903c14513f72053948f6028157139f60f4e173064290d844233de101dc

SHA512
9ea35e2ffc0972c5115e473686022c86f81d0f2fa962728701b2413adde4ea23aa739f6f6015990f183fe6c2d487ddea04cbe058425857cc62efa6d202206047

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
363191a6a6e8d9b7eff383b92a5205eb

SHA1
a33d615836da8fad507670b4090799691265528d

SHA256
4f279d79ca5a7f130f2c8ce4fe190715d8c4aee2ac20a857a3a1bce58c83c5ba

SHA512
06cb2d94e72acee4da1966cbc4a0954ded2c49ac337c58d23ad6e49155c0ac107ebc8f494b433801bbf4369f83accc2739a298fe298f22670c6c9b7e7699929c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
48d6312b09ab48a57004fc2edd073705

SHA1
132af6948e8040ddc6b8dc5ee65155348a3f96a8

SHA256
b49daa45eb2b1da0f94347492b3e9a3573e5c9c48ee2804a06bd13ee3e2ab03a

SHA512
0729880a2ed2de434cbb3569be79e6d573a8342e4a871b901737d1253c7c4ad676b356983863b8d8c7db78afe20a6f0b98bc04b2165fc865db536ad7d8614789

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
f2883621ef8e7f8222409bc0d7ae2660

SHA1
27ffbff090abd1d694e6a345f23c8ffdc3dc58f0

SHA256
6223db21d2e9cc94937b4faec8cb346745f9d20f25a45138ed486350bd55a08c

SHA512
73383fc29535b5a096b5c5b5ffa75768de462bfb7bd344370e128d826081cd6c74595e7a4419d84d75ee2e206cf0c7a28919b90473d2c765064a1a72ac5d7c34

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
a2ffc4e30eb046f890880915f80ebb76

SHA1
dd9873026663eee0146b8d44f25111f13ebdd5ce

SHA256
ffb3fef99186c983c6c7b5a3d30e5d8e18e7ccd273c5017ce2643384d7688467

SHA512
af9e582f086aa9b3c949bf7daa498f1f03cc30c1d4dd1d8bfb0f9677c255cba2dea06f978ede6c1b8f9c18bc0695ac24f28dd7fe800a58b2ccf45128419642f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
800a4e6032fb8e83cfcbafb11039e101

SHA1
073c760a7446a67e378a05b0f5824ac1c69b7cb6

SHA256
9dc4c027d52fe8edf7beb15de240d9b43d6a69cc8d902f822b8440f905b36882

SHA512
00be7497351bcda16fce08b6d88a85f7a751b64b8658841038cab702decc6f39b206aa9ac3c49b76dfd462ce3a66993e62fd0240160198c46042c041bcaa787e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
6e4f496f8b93d9e5b74fd558947c3999

SHA1
9e06ee36c408fc635117fb71b77d82655d8d9875

SHA256
ecd7fcc0a927e9264d9e4c15cf16185e987cca45f9709a411bc9619c165275d6

SHA512
7205f2ba8b10db38ae9541f8551cbcf45977face8d412729dd2a9b46972d1bbc53e740c7e8c7b25e6d7e41d5ad2ee518d0fc25a44237718b22fa22c72cd1983b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
8fdf3400d13d3225bf8779195507a99c

SHA1
f29e62de52900a1e9578bbaca3f1b721935e3eac

SHA256
7b69f3d4f10e59a0408fd39843c59248e1b5b692d5aa53bf6278ce76bc8f63ac

SHA512
555f6c699beebd4495d60f6e3f67a71a06c632b03643a876a5c60cb4ba9ac44c882ddc43607d4bf562308ad2a0719d6a7175078f1e0f7eb436d27d945eada7bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
4c3b7b53c2e1e9277429e17eba3fa31e

SHA1
33349aeb242e71af33afdbe29f29d580ddb1bb02

SHA256
21a5fa660b5971fbc74e1f00765ddf50194e4d5648806ec0a9d9c27b0d70c007

SHA512
d10cf5c60902ae7c20064850f52b129c89b1f316b41571694d38fab527e1559d4d86cee775a71218050d3c605f1e061b62dbc4aa5e43ba30809c50266ea5b749

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
319e3a66d1d7716951674292aaea5469

SHA1
fb1416a17f905574a5015fcbb35ec2f81ed5eda5

SHA256
bdb3cb26c94adbdab23e2c5bf92d436140144317bbe18986b5c512685bfb68ac

SHA512
b0cb1ec3cb9091751ba754d0fcf4b771b08d661a529c81c8d75c0c39a6d3e261e1502a36d834e976ce46dac52a1393d43190e7ce300e295ebfbc411e806662b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt

Filesize
77KB

MD5
f5618d4e1c71008fff63471021e855a3

SHA1
382adac8da3fe0315c27c35c90569530acda93fc

SHA256
407d559173a987307306feb66b0fe9e9f330a632834b8c30dd3ac5b77c169433

SHA512
bad8c00f051467619a28dd4c029ca5efc1293c30f8f16bf92b0a5240dc741f5df82f9d2838d0e5e0eda32a623d14a53e30911142bc2e6d3113630582d5adb3da

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

Filesize
47KB

MD5
f64207b71a0cf85e8e083f0cea290b27

SHA1
db39ff0d13f6fee024cdb600af761d16234fc4a2

SHA256
c55b9fbb9251f16b5bbb2f940998f19edf5ba4d46f11e645c4e122b17980dd7f

SHA512
e4ba6185ad11ff461715a89a4a1ffd01841a0f952534e8620bc89093846e455c2107a7315c045cb68a56a9329d357c25a43cba2b1192986a961e760cb21b19f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

Filesize
63KB

MD5
774d7e09826be7a0128b2e7d95db2ea3

SHA1
614753ba1bb113cc7f573a444a676f17f74c339c

SHA256
fbf0b33fa0130c8feca8224508514e25f5efe9f367a4c64d30f42eb1489a8336

SHA512
f6c7d040c0213e3d88850c84805bfff9ecb6bda3725221d2d6871157c1d60b6c55b3c58d19934ac03e490d61137a5c12040760584eb1e044492bab607885acbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

Filesize
74KB

MD5
59b39e92496ffe2002d8fc619210dabf

SHA1
d441b191c4eae36f557931ea695c5fe310e2540c

SHA256
ef74cd80d86704f5c1527a0ba37bdcb3586bf66455931dafddef910f18daf36c

SHA512
ed8510095bc980ade2407e894e11d4a1783f567c96775709e4ee3293ba3cef2d46ad86e3fbbcca1d23664777b26e183aa501a78058b94ac8d4fd5ea708a8c9e7

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
e4a5454d93282341a9537d2c9c604ee7

SHA1
08347b249887de1e00c95986c1c70d82e0e3b380

SHA256
7cdf1070dd9c1581d516bbc84edd49580514eb0569688cda89cbce2a54cfb51c

SHA512
c4dd13b3b90e5bdc7673ee0926d20ecff834a4b578b3b0daa182ba6684766476d0f616691de021461679074f02c7230d80090c2e14cfef7e0a42d839c5550509

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
196bac369cbb81ce12cf25e051544de3

SHA1
25a10293a577a2f93c4eb2ae63b436da7df30bbd

SHA256
acefc5ef65f9728e10ba0f00512a3f65453c34106408a2359ef9a32e304e94bb

SHA512
7c9cffd13c767cfa2aace9dc74dbba2326c106b6fadeda3ed97e3fc8314b2fee493a625efc4169c5b7853cbbab80b7e7dd7894b255c1a4cbb1054b6b45bbb0a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
d1412497f7ee454cee4958d6aeca5642

SHA1
56a281295734e9b259bf0230e03c39b2e6ac5606

SHA256
c6241ca3e6d5eda0c3b4ff61d6bb97f1f255c74ea2aba0bdd5d645be1132e213

SHA512
8e7822cc8820b340e442664373d41f7007e209992bb9ad2333e6f604d48568cadcb1ec2bf25cdb47890fc4d15b2d62c00e391e639a187fc4b72e57ae7f97e010

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
31742353cbf6874416302f77e058d2a1

SHA1
24fbc0b098c75d56d875cf9d83dc31d6cc8fa066

SHA256
83c708ef014d7e0b6ed587b10858d1d74eb47d38a9ba63c87bf951a0c713616c

SHA512
15ec26ba0fb7420bd45732721ed457cdadecabc60575f69af32a5016f1c9d9162c87357f81e5f5303658e1ef0778a5e5c7c467e2efbd77d0ae235fedcd67a8b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bc60d114ab69b8788b87dbbafc5f6ebf

SHA1
4b567a2ea842cc00af56e4b1f429b0fff35d2c07

SHA256
7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738

SHA512
2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
a21fd6f5f0b0acd3e5bd12fa07036c57

SHA1
c721b8e23fb2ff860973bef70de307b2daf28099

SHA256
841418802dba5f6037de7c915eac705b87fbff18d4bcc3b56ee37e2195aab163

SHA512
b9a6c9dc7f96f1362e8bae494187362eea8f494bfcec5fec6f3816a2fbb8a1c82746c28d8450763ac4cf4b7049718019ae1b03dd305454936d2b291d1bcdb1cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7d64869553c6dff5fc3e5697e3c55592

SHA1
4dc5c12ce4916f44593a6fb2fbae6b6d16a6dc3d

SHA256
06e9dca32f95e4f0b13fa304518e00819a76b7254a902e99bd2b807ab7036261

SHA512
f33c230d0a62ae8455fe9eb9778a43d163b59029570d299a9bfd6e7d32900b040a8e8e892764a78647d232e9b73cb158e184410d1d6cf58a03ab52420509e179

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6ee389e087ba1806ac8d6fabfb1a2d96

SHA1
3ef992dc272c626865e4952be1fa2f9dbce8dc2e

SHA256
0b9202dbfe3d6eb3b40e356edf970101d30c54e9988631abeacfe8a192ce9754

SHA512
35fcb275765d6add2c8999f3e47af6b58ada53b5b02a7712cb2b625f2bfe6481bc741f99c9a88f19dfeb6b5961486aa8fc9b6916da46c63b69479944d5802b0e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
39065ca38b6900e3f6f4c88e430d3174

SHA1
f123fb98e0e05ecbf37241b98dfca9aada8779d8

SHA256
35e32daef9f104fcd3620740976a4aa4ae72c1b921e7de7b9c84638965e108ca

SHA512
a4809a7c4dfbc83fd2d176e72d881f96e9a7bc9a19161772bd95b6d75105e5f3bf1d5a645b77e54416480c06c8be396225d37f6c07ae7c3332b8cfa3f1113c21

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
7ef7ca9454b42e12c9b68d9aa1f31d2e

SHA1
23f911160442139334bc2ba8aa1638a041a3a73d

SHA256
e2351c02e0283096dc1f38593ee06f5d58f0a16bbebb7dd85b2d726eff4c5d6d

SHA512
d30245a1f25485f498b194816112b78cc3c41f4ef291461c5d256b2648d352ba78994fd4662590d169ebcfa7f170d8a3f8b11e5641d10100fc47ed92eac703ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
8c896b61a9faac3f24e781c58f3617e0

SHA1
b2b97665548d52eb78751a15ce15a9f0a396d32e

SHA256
9035a24d04368cedce17012f58a75f2eab05cb95930436940dbec740810fa11f

SHA512
d0a43038d01bfb8cc789286678f40de89ef124220cbb673c032f1b36853749eca45034d7b857623c436b1075d1512a3bc8a61589602167d27b133b05958f6790

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
86f59314a5d7fbd3be25682feedbb44d

SHA1
efd24665af7bd2b27922dfe0fe534aade111b592

SHA256
0a56282cae5803caa193ad124a1273e2478e690839042ecf75fafa318c371e25

SHA512
a898f62ccb87de6e321e1ca6a6343df5f8a14334ae8527fff9b143f0c28fdf31770704a7539304a246b861dc4c2af84db9738bbdae0bb0c85155de26e967152d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
b82373a8e89b67839ace9f1b45d687e6

SHA1
e1645515db68defaa5369836346cacf9d05cf2ac

SHA256
539583a6cbf85225bb5836797aa1968328193dd9456f8784e213a7e9d6fabb57

SHA512
173d015df6dc477476e9d18d7bac0839465a6998d68e2f6dbc0ad3475b461a453edfef37451ac27b345e5351634aaba87845fe0011c7d3962f20717a2d62caae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dadc0cadfb60c888fd202cc3abffc002

SHA1
cac48d34c14aac4cea071f8dbfd31ab0e3d2db33

SHA256
2b8cec1cfc007532ba6c9f78cb25d81c3979f41da7c49206f2ca12513f1785b7

SHA512
822f04294f5394a82f5ae0fdb3155ce633391c7043fb3965701b06372700521100de82c79b974a3e9b034c43caac509c804bcbe5f9472dc7ec7ba86edd4fa622

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
ce7aea1c9ceefdd8530587a6a4228d5c

SHA1
3f94259020e6201964fa1285ed65a8b8c2b1386f

SHA256
4511cf895a0a729022b02812c4d67898bda6b8f63fa6ab172fee84cabd4e4bfb

SHA512
a8aba436111b4130bf985f4a7214aa433b8901f53ddd04e84bd6a4b26ec03d1abff34da870e328f5cb909b1e4ff560a96ff307d7f3e3a0a37585e67fd4219972

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
d9c6a0fe284c0f6cb20bb54ab662846e

SHA1
31eb5a2b5fd133ce3b7b0ad671f43a38ee4a6b0f

SHA256
cce2cc9c3bf8f4c99123eff0c3f92bf625e074c7cf3fdde30b0c7312cd06fc7e

SHA512
9faf8e6c9cace7b7b85b48b086eeb080c1d2646beedb7eb1e54657f5a746d676558d3e22cbd14766dab44a480d1b72fb19ea178279b08c73b17c65d64cf147f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ee77c8329b0e549b81a4782b11904991

SHA1
0bb43522647e56864016d25496bf544298f62869

SHA256
5571473624c411d6e6a013f2dd5c76bff786ad93733f7243b8abfe11df86181d

SHA512
2960e42a80b248b4b425d19dbbf126eb001d2342f87617851cf7061b274c75bf147ac26a6bcd083f457a2dd6bf45d502d639066c2dbb3222fc88961c34d73660

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
9e8d61941a68702ef1596fd2452ff659

SHA1
3585ed3a353f03e755c1122fae4d6ca61cfa9740

SHA256
7e7bc366ddaaf79066ebef124d036b913e5578ceb2e69a632e0f665b808ab742

SHA512
e858d9f02fcff622ba7dcc81c5aa989951738fc3b6427261235b7c9433c5afa1ab2ff6745eb8aafd9c97d4b3d004fa690f5085aa445870e7b670707b73907665

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
a26b6bbd63419e4dd7b54ffccda7f854

SHA1
d0b03980c510b76fe92fc0c797188abbec39d51c

SHA256
df8501229438f352017328e3bef57a86e8ebdf6ecbfe7655082f4592a1a8b838

SHA512
429bacf0de4c0efec82f86428a1786e7a87751eb16e183902a15a03d1f8ba15c268a3259731c51bdb8429a98bc8f498805ec2ee14a8d4019b6cedcd200e1759a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
0e4642ff0b8ed5ba145ad3a15cfadb4f

SHA1
aa5e1e1586589c5d299c9ecb7b608e2fe00f5d50

SHA256
062e55963c7ffe542bf76bd52138f4823c286490253c56da2c5b33079bb86001

SHA512
9b245f8f6231cfabd8ff6784a4e5e7e40537eb7fa8888b4446797b8d0f244c86f4c386e710f206ab05d1c5c5f97c9388f6b47d97d491000bb20800f40c085a10

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
493917d6dcd5a65c2b71b15e30e3b256

SHA1
0f79151420041e718763eb870cfc2a97af316a17

SHA256
42fcc2bf3941472a0eb203c184156c6a514b90dfaaccefab22d652eaf35d3ded

SHA512
cca736561061c6b795c0cc1075ea0b63c53a9a9c2f536f9e37e4ac51d8cdc83b3b7d3203233fd5089aa7bebfef67a05d04da93917eaa3c52b04ca9d68d3777db

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
ff4255fc7a5c3dd7362ef83cb9550d07

SHA1
758c03a0fe20cfb8a1511def3e0d72f403fc122a

SHA256
f52b575044053ecf0a9d3c63c745b6e2be745a2f6823d64a40c862330e827af7

SHA512
1c730c8c265cc860b2406b75c805f82025b7951846d2950304c6b5ce9e94448b40081968e73af926bab8f1c8da2f686971d9ab01fbca53797192b90ac896592e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
1c30920cdb3dfe9063b8f1cc314a9ad8

SHA1
e7895029b88441e0cbf8b633ee9ec8dba02f85ae

SHA256
bd13aa9398220965093b308406d1f494a15cce447a7b699c67d73471b5f3439c

SHA512
0999238bcf864cd547e55909652e18ae8ff3323e199819136bb29e37dd6d69162df4c9b55472f39ad820805f1bd9d56836107ddc3d00c406cb4b02ddde6ec980

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
cbdd4e8a271693f9dbeeb676e754b81b

SHA1
75f8a7c4362ec1348933e454afba2065eed0c2a0

SHA256
f1a1babe4f40dc2ff8b5005ab4514c8b61c8706e941b423c0cb5a25fc60e0c32

SHA512
4f74145828cde50a631c9ce83b072f54955aa92ca3144e1f8ef63c247a34635f59ffa44c0404014db184a7cbe47fdb2cb52d819ef8f1961825c9d2b69817f6ae

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
82f91d234d194e6f0f6ef37dfcb59776

SHA1
268934672f9b6438023a783b9303912389f59da2

SHA256
712350a09acf7f57422c8d92b13cf6bd27a02c200c2abec2a822e6d8551d509c

SHA512
8bf143b5b7d3014bbf308aba75c870c31bb80b16c3fa3b3ec017491ae33a26dde300e2227aeb393eedd259271c5a768ee8404944812a66d0352b9e7d2eef9156

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
ae262758c5e06489ad8e9a35c6cb1f10

SHA1
62a2110952f45f474bbcaf5198b3eb00d56b030e

SHA256
6c235c31df3a1e1d59bb98d9251c899cd5b6eade82bdaed8d1567cd7b72c8dce

SHA512
87a86bd4ed850e21fa9a54a3fe33e2bb23d621340a58dacbda9a4697d13a9c94e23bd3cb3cbdb08fec309dc2361bbc825e668148a8ae3204928552531e049a3b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
2ae158d72b387a060ff02cce01a0408e

SHA1
e1604b49b9069cab823386905422d90eafb934c2

SHA256
c2039b18b4a3c71ac2e2efaf250319ca6db981fc1e39a8a4a324f63de42a240d

SHA512
ab501c9d24850344710a7a06351e2f1b99bc729085b0c00782e3820c5c7f5b350358fe9011a988c1d6ceb49c9ea41f17621909322bce21e3f8c8fec8ec5d80a9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
af9466a0a6b7103afe0ce4b07cd41fe8

SHA1
2e7e945ef6dd2fc8bda2d0f9332335fa078af93a

SHA256
20bc2cd7d4e20b8ece63b02a113e32e624dc1f381f06811e4ac7c41689485b92

SHA512
47aff195ec1706fbe5c7e9437231c39ad6c831545edda4b3204952711e7d0397df4a8f85317a581c6702ca3793fbc6ca2d61c15237e672e67e4019611402e577

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
940157a8737b4d19f7b90b23a93602f5

SHA1
237a859100be105c37bc6f2ac410308fe5b070ee

SHA256
b85c24c851ee592662bf665f65f38dab72e4e5c80181f7b1f0f06d492065c5f0

SHA512
47b596c8ac5a37b95d1cc12f7dc977809ba388cde95074e9f03bfc90cadea451b785c1c6094454b21469d96e24f39191e6eb1e8306c2ab66e6beca9879bcd581

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
a480c6e8a33e46439c6b13d5d669655c

SHA1
d8518819cf1ca284d94a9da6832cb9381703defc

SHA256
2c8ea1b3e2ca8b8a1ff9653db9b4f6dd3a73a7290ae6d0829f4b986f2f3ad86c

SHA512
d812e19ebfce96fb81b47ebe2cf98d97d026dfefb3b148fdf550ae6ea3d5bfbca97f7195e509d4823a76b4eefa111b054a562ac5ed30f4c568df5c98bebc14b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
1beae6bf2381a1fc736c8eeb34f33ac2

SHA1
6c7bf203e59218166a5e7ed77713319d4d7c4656

SHA256
ad03f3aa0bfcab871bf31527a0de8b92299d333d3f374318c5ebc87f260909ef

SHA512
2d53da8f3b238eb12c9933b1d8f061136e160daca802e73e49a5511acb2d893adeb5a62c945ea5a8e204151abdd56a9119d5880eba76069c47349f179a0d2a39

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
d249b6190d0021d8cff7bf061a0c2166

SHA1
9dde4de03643c6541607e8d1514ac9744cb0682a

SHA256
5f95a2a629d1eed3dcf90eeae5103195cc16856b60c239403768ce2963d90ec0

SHA512
534c68145df154781276d3130a2ae25a3fe6a62b2f03bc9dcce44f8665352155f6f4fa6f31af0249c5fd99fdd3759ec9aef54783b7cd9757d289b29ae22a3d20

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
261c1b94a81b4e49a6bcd397e3f9c341

SHA1
8c947f995dc6f06d52a95de883395fc28a4683ac

SHA256
9e4c72202d5234548dd218be6b4dff2c89e08fddf5253f32e7b2ab393dc1c656

SHA512
d887f1416bf4eea39c1257ad6488e6faacc5452cf344c7005a00b0773fa4d1761896b3829728c3e70fea82ebe77a95482fb62f6abfeae34b5e5de6fa4669315c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
c3303d194e0734db3ca063418bfd8561

SHA1
f69a2013d2e4c1fc09ccc01d1a885c3bc2796a53

SHA256
d34bd9d19bf7b5d7ff3e1bd96762ee06511fc4b580a0dd6afc3507644fff15f2

SHA512
73365e39fb8a8f322e31e1962519f331e7d8b77139054c5d9f5eb8747cc21baaad72078ef03c7acc7d7cee461e5855841ed1e29c5bcbe1de00443369778ff0b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.EnCiPhErEd

Filesize
352B

MD5
28584692d7c6c720fe66bd3daa70f5db

SHA1
aaa061fd923f865b7aef9e06f50715dbf5f2e528

SHA256
24b7337d97b2843b402bbf1fe2ab3238cc38464fdf34d3e2fff2b25d0b33a944

SHA512
fb0bef0af28a608da1a03d0af2f449ac2f37839405a1272609dc40c25b359f3de52d2364dbe2846413871455f04fdf8f2b7a53a9f8a2a154e9fe9bd14d648b8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c1f1bbe51bff9fdce8113402bf9150ee

SHA1
47fac09c57a3db49bba240a605bbb147882209dc

SHA256
33a8b2b4b5b9478f53d91c37351c42425c0cf7a3b2be58af2b4bc30e89410556

SHA512
40ee9d198f156fad785662dda373dc9d3a530697dbc4821b242b876f98278ec0084b2049d6e45c8dee7203a08d6f4a3f5ee32f5259957594f5725ec8c0f8ac86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
24bafc9c162aeaf51002959279561b14

SHA1
ea2a66e301e4859d453191af5b780f7d315419cf

SHA256
4e405e1ff39e453decf5c2aff90eb0adced555439fe98cf41d1c6cfe5f7f701f

SHA512
65b772ce36daf5df02dcee4b93a2a5f0d04a0ba9939d00ab6a8b30ab4a5fcd3b19e997f8885be09bfa0f3b6ade5ca8da241cd71e3c560e9c3f76f3f5377e4b1c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d41a4064e22bb03e466073840bd35b7b

SHA1
40b9cec9d46a57090c2972a432fe16db3fc3a181

SHA256
5a7b304278eb1bda437339855ed903d295a602f99f0085d801a5adb734ecc21c

SHA512
0b56f57ae2e70d8264836f65bed2f17e98c9f93354942096a2e55c60716bb1168d929b79cf94a2773e93d48284b34b9725c852d5ddc64bab2f39ede104653c56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
6bd443c888f9b73c0dd429986f336d94

SHA1
51fc0a6ac001fbb24221c0db9dd97615ba8ee626

SHA256
e217ffe4657ac9f027867afcaed01a301a7733c830a5e02f3009b8811a3d4fc2

SHA512
5f51054cb91a20f9ff68b57d0e2189834786a0784897cd71b2bc7f46f0420855d36825766ca78e3eb072e1cea679cad52563b5fa2e74714ed919aab7be8697cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
8a5be4f9fbfd59e29712128ffc2c5730

SHA1
2441e8a0ba907eb93e3b7bf4608fce5e7acfc711

SHA256
f179fbd0a4daa544c5a575aa63ae617d8d2ed79fa5a305e9ea89b7b689b1770e

SHA512
c1a49a4f52cad21cc75fb5adb6a9c46c330cbd252ab458b98febda45c4b8a246c145c76df9e1276e745b061e70fd77981c8c74e947a4101176aae97c4486dc16

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
9e027f2f733c164b871cbf49a4d8c7d0

SHA1
59f7685f731250af50336013e76371f44cd99898

SHA256
84313c65a696a0a49faa255264ed2887180d73315c6f56cdb36abd761fd8fdc0

SHA512
1653a22490dbff0c95c3e2ab1095a8f365b2fb3ac912938db413e4710c1139db511282666da363a1363a3a4b4364f3c7687647d746e754c319024215a12f8fe3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
70dea154bb6e45c0d5f19732bb6ed049

SHA1
0e10a98b29a92446b6d321dcdce7619675129931

SHA256
48d01f3d276afe592b560fbb3fc380fbbea4d9f3d2627ef7970fd14bd28ed67f

SHA512
be49928343cac7536384552acd08cb5a1b2a29ee9b5cdcd621586e1e834218f30c2ddc574cedec74dbf9b3ba8d4bec82017ce8e16f648ab6040885098d8a0dcf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
cc56eaef4f1e71c8150967878f7586f9

SHA1
b8695babc38b93ffa2e7bfa367ca88811bcca152

SHA256
5934f7aecb29c56722211e1222cf159a8707938dfdca31ecff7386f77303b5dd

SHA512
08845eb2a041eaf656019fb027f7ed05d51eed713d0638aca0dc6d3793e7ec763b9309b0ab28d2c65b0ded54e66d96eb1855c52c4f76fb911ad64c7fac31213c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
a476261e91611ec14ed13c08d7d1a1ee

SHA1
622f64cfb6356d87730c140c8e41a7feb7c0d0d3

SHA256
723826e1decbaced85168361f5d00a7d0c01e0faf173a510c6f8892dcdf1d56e

SHA512
61e8cc79dd8b151de7ce86f0d0729e489bff624b01129cd9664d9833083b78a47cbdf29ef0d6be7a586a1f39aae80457db89c2317e1d48794a46032dbb2c5564

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
8373dec14ce5976e11015dc44a6c95d7

SHA1
aa5449c17eef8b6670c9d57cec14ac320cf8e33b

SHA256
d99e3bea9db796d2a05f65d4272443fbb951c33258f37628fc110aa8800a85a3

SHA512
cd29e384197b9f036779a42301101138736e62fc0ec1d4732d082925385c58312ea483528e60fc0273e178a8ca6f63a6e032f866302443988b64dbf75b6c5be6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
7f9dd45087d4a7a542be9473ddb0692c

SHA1
3d6d20c44e99b52cb28619b40ba91c4beebb0db3

SHA256
de7e8efe5fb57d23f65d72aefa057894dc4897c92527c159fa79309974fcb1fb

SHA512
b3a7c9cb28a0f953e39d656fe0829eb426495ffc7ee9ec268082ca7e11e9a3c77d81b176455a713ad83759e177bab2dede9825cf4c8911835c82feb6a59c919f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
72e445399f289f535dd9da7fa8021bf9

SHA1
da14f29ba5a0e8e2dc3969c744944283e6e569d8

SHA256
9e6c4b906545844174ccc9d94ed6fa94ff604dd2e0c65d8693e6f5a4f78a3ec6

SHA512
4458a3ab4aedcdffa59e5187b993045dab07401554630a140bd748631f91ec689e688726075cd8dc3c82df4d74c7e29e59ce63be7ce1884ab50d93d250704c80

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
1ef0c54f63e26521743be85149e9e5b1

SHA1
ecf3c7a74c1858c6e1ce131ea4cd759d608ea9ef

SHA256
2734f9aab9d8197ede9c752cae541520df50e7730b7cbf7bd19ccfb8ec859862

SHA512
e88fbafe386a34817fdc22edf097616c1886b345e8db440d1643839f33ac1a546f921fc8470ea5cf62116e4281d6b4d7876bd5427a4ae2ca711da0f30fc9a3e3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
eb3173bb86c4728f9ccb51292858b892

SHA1
01dec6c10265c6cd37179e20d12f9326ce01d804

SHA256
12fb304b40da9e7ce41df02132f8355ddca58dbaa65e3fc10f20478b63ce2c74

SHA512
8809289daf914a269bb357ef7a4229b961b7e1973bd6c056c136413ccfbdb96be33765fd7042b7567cdf404dda2e7a67540f82c2740be394f40cfaa064eec0f9

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
1aeb603ad1ea4b7a1f873dcd504c8fe0

SHA1
42194c0c487a179c853cb7e7c5e908ad960bd0ad

SHA256
3ab615cf8de604bf3d45ba3df01b8221b64c9b4d0e147bbd59a04317b8c9b24d

SHA512
17499ef96db19201ad25ad538d81ba32492df8aea51d337216248b1281589d5b256cf1b66b716cca6f8e0fb5e4c27f6cbf36de87bbf431c376bc54b249dcbc05

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
f0ba486b20083ff1c1f57cfb932d92b0

SHA1
600d4ea6ad921ee9c24588e998b06be57642b142

SHA256
488cc1c44c4a41e850b11f4667e1263e7faf66ea6d76f12b6e38d0ea5d32a40f

SHA512
b5e9fcb98683f51e8f13c6fc2145f00cf6c4137e64630d5200c6c787d984e1fdbb352d35af87d7db83ae7d9b34a7eae74f5ceb13d6d19257d840b4b340bbf7ac

Download Submit
memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-5158-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-11789-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download