13c5256b9b7aa3205d3fe9d20ddf964e1a6fcb4d563b0ed1e106be9ce9d8e3dd

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Size

150KB
MD5

e158c8d6310112291938e5c2c181e241
SHA1

01c66023ab6aec3cda5143642f3a15077238a8fb
SHA256

13c5256b9b7aa3205d3fe9d20ddf964e1a6fcb4d563b0ed1e106be9ce9d8e3dd
SHA512

2a0dc4b42368561a407f6a15b892551a68aff77197541e3fcec4ff5d4ffd4a8ff1744326dd6f0f5af2765d44bca581c3632406bed0e076e80108c7b413499d18
SSDEEP

1536:AOhiU4NNHgjrqnNqAPRfWmLgpMk9/hOam:R6kjen5JffgpMkx

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe"	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdi2c.inf_amd64_d7ae71f8eb52c084\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sppui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-72.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\excluded.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_altform-unplated_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryRight.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125_contrast-high.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\LargeTile.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-100_contrast-black.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\locallaunchdlg.html	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-100_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-200.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\iadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-150_contrast-black.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-24_altform-unplated.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-30_altform-fullcolor.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60_altform-lightunplated.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\avatar.jpg	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\accessibility_poster.jpg	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.scale-200.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-125.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-lightunplated.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\[email protected]	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32_altform-unplated.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-200.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-black.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-unplated.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_MedTile.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-32.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-16.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-200.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_40x40x32.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\logo.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-250.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\check-mark-1x.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-125.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\6px.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_10.0.19041.264_none_0dfcfeddf18f7111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.19041.746_none_8e8152149a757ca8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-pcshellcommonproxystub_31bf3856ad364e35_10.0.19041.1_none_6aaba4747cf0487a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-125.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_f12_chartselection_clear.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfplat_31bf3856ad364e35_10.0.19041.264_none_d48c398fb256a958\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-webauthui_31bf3856ad364e35_10.0.19041.746_none_d8152fe8f0400e89\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_76f1f963ba3c380e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-mediaplayer-mls_31bf3856ad364e35_10.0.19041.746_none_f2bb80e96980274b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-alg.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ad1cfda19e9f3c69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1_none_7862ca1f7379fdcf\SquareTile150x150.scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgePDF.targetsize-256.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_335412820cafc25b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ent-appxpackagingom_31bf3856ad364e35_10.0.19041.1202_none_8e6e738db02280c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_presentationcore.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_6d0ce19d0916196a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..anagement.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a59d8093a70e809c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_mmcex.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7db1fd4ad944fe97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_da-dk_d337d0871c3caf7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\INF\rdyboost\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data.resources\v4.0_10.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_33634d5efb5cf151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_10.0.19041.1_none_f5f1b08c361012de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..ne-dsacls.resources_31bf3856ad364e35_10.0.19041.1_it-it_c5f75f8850aa77b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmxmlhelputils_31bf3856ad364e35_10.0.19041.906_none_5aec760b7504e8d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\11.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..s-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc8063b8e8edefe1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ns-platform-library_31bf3856ad364e35_10.0.19041.207_none_64ba1278e164b577\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wdi-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5fed6e0dd61f0ac8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwan-lpa-api_31bf3856ad364e35_10.0.19041.264_none_c2c29c19f21ad300\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Pb378ec07#\3ef04b2ab7a69aa8d90d3a62538479e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..extension.resources_31bf3856ad364e35_10.0.19041.1151_en-us_59dc8487c2221556\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Generic.Theme-Light_Scale-250.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_76c6f18fc1f5c1eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_it-it_a9b268a0df5e3dca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-energy-winrt_31bf3856ad364e35_10.0.19041.264_none_eb95dff5234a724f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..efiles-ui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_40d64e7c2eeeb41e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wininethelperclass_31bf3856ad364e35_10.0.19041.746_none_0329353d97fc76a1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecoreuap-deviceaccess_31bf3856ad364e35_10.0.19041.264_none_d64e0686f90d801d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinutil.resources_b77a5c561934e089_4.0.15805.0_it-it_9603ef307a606f87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.546_none_f8b0afde1e951639\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_it-it_1d2ce1c44af91305\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerWarningToast.scale-125.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_sr-..-rs_569962e18a676010\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\v4.0_1.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_5a783d1b9edae2b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..show-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_9194bb94a75c401b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.19041.1_none_bb535abd48713dff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_10.0.19041.1_none_b229feb6ffca077f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f11a36154b7e30ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square71x71Logo.contrast-black_scale-100.png	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-vaultcmd.resources_31bf3856ad364e35_10.0.19041.1_it-it_0f2cdee523aad556\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-search.resources_31bf3856ad364e35_10.0.19041.1_en-us_299a46570d801f23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-chartview-control_31bf3856ad364e35_10.0.19041.1_none_851dd4c67108d919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_vhdmp.inf_31bf3856ad364e35_10.0.19041.84_none_8673697827b26b83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..mprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_a20853b6fcbc6379\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.906_en-us_3ea4ea3e2a4f2ed8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvmbusr.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_0ffe6f7f23cd1f2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe"	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo\ = "OFMRCZMFSQNPPAW"	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FrKnd25wtZe376f.exe,0"	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HeLLo	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\ = "CRYPTED!"	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\DefaultIcon	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\OFMRCZMFSQNPPAW\shell\open\command	e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e158c8d6310112291938e5c2c181e241_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
47c5aeea5e4f2242a5fe7319f3e79acd

SHA1
3b5edb8c27dfa31c404544d4b21f534650c3b757

SHA256
5ab837f32e587d61664bd6ab9b66f34fe02ec32b4603f1339209bffb5de0097b

SHA512
913ecd7ad321b175a460c4f3ddf69782915fc2b2f263e0589421fd51e3ed9b924532d993b4a8fd3d99c0fb1b5fe3041ca0654398053c08397edafbf3b6cf011c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
04ad373da7789e90eb8d92b2d45d34a7

SHA1
9d4a35f7160f121eff8fa849e1a33e9f86e49ca0

SHA256
174277d4e12f300423162fd93fc62ed8b1c72b19e972fcfb6d82763af9313c81

SHA512
ec20936531ce38cfdedb3d4a433916e9e881f8deaec18e42ac314b649c8527e2970c154bdc7906a81f719afc4b3ff4af495647f3ac542376b0a2a430a2a288ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
4226466b88351ccf23dec2e362f8bf42

SHA1
92482c0c4d476fa9cb1f96a185c59ff0116d4b55

SHA256
60485c17949ec80a6f8a292d69884cb8df0d506f6cb42cc085b30bde25563486

SHA512
13fcaf1db725d4af387c0fc566cb8fc33e35c4c60047466b272b6bf471dda09920388e835a9c314a4a0d63d99948560388bb2a8400694767caaac52b2e4e8705

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
b7bf02cb0cffa98ab83e0d5eb1aa2a1a

SHA1
440a250b25449cf35a252659e085a31c171e5c42

SHA256
0c816bbc5d4c9b8d604cecc53a93303695923824c13520fc915c66caf4604830

SHA512
1ef12c50d57521eaca52d5f4986b77000da4b0d58f46874313ec2f4fd95379ef55245e66e6c8412513912df5c00312c2ee88bec89bae3d3cf3a2d000008d822e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
4366ac3285d149842380312312856759

SHA1
884d233c8d8875695be125d3e5d7bc04c0fa8b7b

SHA256
eb9374cd7f957d0c9d11d573326f7e4b9ee1572493b10c0dd1cfdfee475d491c

SHA512
3d2b798fab7dc3c6c0c1d90f2df85380f104de52bfadaecb4cde2ba0c79f5ec393888e7d8dbd55071f5f8acc5d9d21cf8a60311d641b6ad6ab987efe99e008a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
8c7890bdbf7fe88ab4282ddc9ad356c8

SHA1
2dba2f8d3de2f520803e3840733086571649e591

SHA256
15eadb2affe00e437db8471499e5519b7c02782fde5cbb61753118840c44ab4a

SHA512
02d0a13084119009aec5548dd28add9bdee5bb977fbee3fca8d78465924e221e3a0f502db27cc6b2f9e9cf88183fe95f813cd962887e4d08dfcf36d76a125681

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
f5f817cae1f33bbd0c94c5b219a9db39

SHA1
9afa62fd5314583d11713f47ef6643f3a8c7e12d

SHA256
0d5965d4e7c8eaf19e56273165368f3fe73421853514df81a40c6fd9cdc23991

SHA512
cdb0cd256caf2ff33bc13380cd1a6ddcfa535744fa8fe5a21e3e8b8cfb3a19660fdae0fe540ce2e7b9e719b196d16d8c5616804d42c3e7d08f3e0012b29257f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
41086b153839c813c9be32bb1904cfbf

SHA1
17d8cc71bb132519189ffcaa3db5bb4f8357940d

SHA256
57c0666d9d1552ca882ca3ff874b25a205745eea4ecacf847ce2422d1717fbd0

SHA512
e91a1414294d61f2e65d8787fd058182826d4112ffb48a4c08d8b4bb4389d622908552d9ed424d07c61c73def5c34d614754a9ecdd5cf3183a2fc9d723c133ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
7c8493314947e3909507dc3595eda51b

SHA1
2581e2951a78e79cdeb9f99439f111fa74ae0582

SHA256
4ec66afa15afa2120f5c9557ef88e65877bfdb24bc1cff486cf2619e2b3b455d

SHA512
95c4e4470967e4f405585e15fcb317f3ba60414b479b18ad87fc883ba0a91e530b971624ec40285de86e8b389ad4470393f57ec0eeb5a53a1f6a6aa960b871e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
d7bb933ac0102d08a4e2d59bca7ec5af

SHA1
ddead71181be8cef46606bd0ad730e2d767e6128

SHA256
a58cd244cd826549fb58cb88824ead9cc8ef21c9ccd4d9750b0421d3746a135d

SHA512
8766774461ed0f0d2db0c31c2dd5e7619a8449c8e40ad1827bc61a3e82c452e2aceb9b1db8193e0725a4f77c0df2a9b196e55b362ab2ba7f644d392a3caaa87e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
4174f95b16470896c4c7b327d7096541

SHA1
59ea5ab93e8928f2d5d72960f1eaa73e6f8fa1fe

SHA256
933d35d95346150691cbd28696b92c6545d00f066c89c9b430b48c171376ebc3

SHA512
a08e8b9e884b3484f06638af259eafc706460fbc475cb8cff9641889841e9da350e5166263dadb2af0da9d4efeb9fe50f89fac27232ba23bb8fc44698a687374

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
d92cc2f92e19163538a0ae66c25a264a

SHA1
3d188125b72c36d8539598f19c3cc3bef53f48c8

SHA256
9f61daf89649d210b21a02ccf7faeac64c5e44e4c277b69f56282847e8568805

SHA512
35db0720b8bac7ce1e5c3c158549cb6f636796def3ee4f7a5056beda5eca98eed02b1233d49a9ce67b5fc6513bd5dfbbd3052a5dda5363ca61ac3543594993c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
d6bea3a644d869fdd64a51ecffa1d4cc

SHA1
c387945c6f58ab9b6df8bd962e389976aec6f7f1

SHA256
1cb6c4f556a982859969c251d6f558a2dd136121ea30371e0a97876893de25e3

SHA512
f88c1716580b1e790c62e68b947509748da2b6f79364bf8b11b5b7f5c01a07b4565773b3840163dd6ef91f005cd749bf42a1dc69741a7db291058db7cedbec28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
a53ee16db5ddf86b4870070e5c6d7b65

SHA1
de93db75aba3cd26e7e4648aa58c3cf8f43690c6

SHA256
2fe802eba91deba04388c987eb09c7191f736def728638ded501251a413df955

SHA512
8d32a0253a36287f59239bbb3f1109e0b2c486746d5c2766b41eb900a37bd9f83bf624bf671cdcc3884c7e144ab4436df0a244bd683242158a2c13bf7d7a14bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
0c5591079c5b1d38736e15429a39177d

SHA1
caf65e86164d0644a716079baaa3e423695031b1

SHA256
0da9176ff7e4880288a6c692f39fdcf56d3b5dd05e529904a7a8a66146ab6367

SHA512
a5e512f2abaac1bd565f8a7207bf86382aa430c5294625845566d2dc207e41c63b6d661a3f84081704e0a9509e06c5c4d527c3dea7b95ff50c2f8e705f63bcfb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
fba549a0bfd196e9a841b7c2d3363c67

SHA1
19f1948134119edf8420c8f03d9bc7b3bd9a3947

SHA256
526e38ca2ce89a30dcff3f83badff2172e36c79f936938c16723eb88221ea909

SHA512
ee27b3c5d9ff03ba956b30a27a099a044d9378bcdf1fa418472cb58ec9484bc89d189afb32981d8fc34d9e7e6c02100e4b05bd4d6a86aad140c1fa17ddfaa459

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
c1f7bfbbf9aa1de6bc3d5d0036e779cb

SHA1
c57b0fa7d39f2db557b4c8abdc8cc7ba0c22bf61

SHA256
fb293ec150e3d8247c869150f03bf9c6465e66c3f7d48afa4a2c5a3e431441e1

SHA512
ba090dfcbdbc55485c304d1ccabd0221cdc03049323498100ace3d119111a21471d8a24a1e83466ba8936062c74c10e37f64032e8deb12e302813b7d5f094ed8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
850d3ed64d6d002e4d46ee3c84faa380

SHA1
976a57fb0602348c5f07e8fa5b379a57bf7c98c8

SHA256
97135907b5f381da3acec68f8d2c56464cc506e3595a9358b745072adcf12b92

SHA512
2169296640eb6dcaf73837e704e6ff665af06d65f6d571ea1f1d792581ffdd40cca1e9b560afafa3d6668e6acd776e5f7f3d591ac829158fc7f57509db1b6c37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
0a315ebd8c8e9289d79069252f83d218

SHA1
b5daeab230fc4a88551fdea295056b9be056b651

SHA256
e85bc61a2c1b89f98488d569e3ebfa4e6347420293f2dc8c3fd708a882a42918

SHA512
67cb3e5e4de71d88347d83990cb48fafdaccd0e70e91bf3b88d57bdbb4ee9c1adf96c7957ef7a652e0b39911f13aa5633a1e82fe397fd1d5d21c88a11e27801a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
fe4e5b5e24a6188d9b18b05d9ba8ec81

SHA1
a9a552c3d877e3395b03780343e166baa1bad358

SHA256
969cdad3562ec8043f15c191036ab365166a7460eca287a0ed8e936264eea747

SHA512
e0b915f949b7bb2908a780ce556aaea593ad4f939a6dda30e3e3cb8767348af7d4dec7ff1d78fccfda8ab7e6ce842e1cef63d81f93247e465e75412d4c1ac154

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
d96c5e6082ca74aff8e38786b61b2101

SHA1
c7dcbc92af59ea39702a980e611d76b8c3276728

SHA256
e6c39eb4f1cb2564c3da4f1e374100a8ea7228416e08effd9fa013d9cb22a717

SHA512
78a1a8ccb491224bd04372164859063e6e05d24aca8da1adc8fc107f5929c59f8ed794f6ad117ee4f9bafd847f255c9d6c3027ee7a8fcd0f6a2f4e5665c266fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
01fb37402756f2e4296d1a18b661e062

SHA1
2c8b8b685228447607cd5b847a182bbcb6534f75

SHA256
c389a0b79dac63b87f85e3ddd76e7202a265c207156765730fdfcb3997c07850

SHA512
7f62a371487782cb519004e9ae26eabcb75fd915f9793ecfe6b632852f6183256f0a6bd96b6c06330666275eee670ea622de76ff510e837a076a73b3dd5c65cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
e40f86ba4b1a7a9affd62985636cced7

SHA1
2edf7b3cf225fc6d9182866ecdd5f54fcf7defea

SHA256
885ed0f19f975707b6b4dd1075264407ee6115c24964554aab875af104fd94e3

SHA512
bbcacef4b7f377010fe3b51b3562454936fcb19b6f2f1da0fa2ffc5a84b3c85a1a28f64dcdbfa44227a64ead016ea91f0a206e2fe6e6ff3c6cff6a190f1fdd84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
b1bcf1c522c21f4d94663648597aa0ff

SHA1
55ba23b17f95c00733e017856c8c0e0ad0db74ab

SHA256
d57ffdad1414876f9dd25a78ad9f9724852bd388596cd2b2406c752dc76c4df1

SHA512
fe0bac43c37681fc1c9bfb29cdf306114dff3de28b8bc0558b1844be14142f723359db2cf873f891f39622cb2fed3999f711d9195d5d4b8f13b2c0825613c792

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c3598791a0dd8aed523e0602de5ab881

SHA1
c35a7145a019fd86d745d0233e4e43044b051356

SHA256
f2f321ce97838209dd550fa41de0448ca1d11629ff5f58825c51a4cbe25199dc

SHA512
107039c76625c8c3c6cec7370915edaa9f80a5f2be1a2d94e021c93dbb196b19c6b8b3dc21887bacc40c9c7fe53f3588b2d3795643bdef2b92d35e899c877f68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
d4a84dbef662d3a7a0e592bf2d502824

SHA1
16949ef2ecd2f75df7d546a4279b6c8392824db1

SHA256
7f1e6ca18f8e35061f4cdd1f17d9b4cdea0879e3fe69e5d58bbcda395631c301

SHA512
a54a6eca8b43ee15070c8bd8cc8f25b918b2b8eb0399fc3b6bd44297b565477e3b72cc32a506091500ce3e6fa3ee17549182ac6639115b17eaa1e6670f9240c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e7f961c8b767498008b1d712bc9fa429

SHA1
f633c269714d895ac8cd1c1f083485f8a6829fc1

SHA256
539f4cf4403194c095c8dea239ebcd4ab5a7f40077fdaed6051f5c9d21851d88

SHA512
fb7705b06b54b4d257a95908fba8ed2861de245a24ba2dfaedb7c23994d4b66db6d76925d5e3add4a4419964aa1b8d238f39b9c6544ad32ca5597768421dcee7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
e570146b5ee185cb2e9d05944f3f388a

SHA1
52f7bd27ca8a2db8d0a54ee7d1533d0de1e3aacb

SHA256
845310a153f8f83978b3d509f6bd537530dab551901641bb3c10138dc0439aef

SHA512
809acbd4d9291129bdba425f0228a312d6d451e1bf292f266920448286555a1074cde6e8f3d6beb90634ef69eb2338dced53d498530372a5e90e60465a950500

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
30ce6a173dec437d8fa5d05441bd900e

SHA1
804df49390abb97b6a5a00d4757dff193f14cf38

SHA256
215a5bfc072bd3b207a89d57a5cd5b64b2575da0ad4e0772d08da5c36144c72f

SHA512
0791439f3b488f73381e191e714378fb81aa625337df11d9450e7977514d8774d9597d339831b2c80726772e4586cd84f5a0125c158f72eb252a4f7ab43ff7fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b43a3e995878801612347f8eb0dcf85f

SHA1
27eb69224b7a41cf6121e862fde7c90d81322921

SHA256
736c5ec882b8366b5579856f4249073944467d255ae6341f7317bb9fbb109891

SHA512
faddfdae2d972a5d9688cee9a8aa82b01a4e1b702ecc97012069e99345a61374e195f901977720c48b13b7d5e32fdfcb160b752b4acba4f945e906fb5055188c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
46c274aa3f7500fa9372ec725d5d5931

SHA1
9ec61d80768dcc56400d3731276e3f2f71da6804

SHA256
0b3628c2ab33b8ff36d994aec40b43f8fc0911b1e7f2ea7f12959fcea2a5d722

SHA512
77c09f9e25df62c85d247a9a5d507ef39bfff7c37d57fc1db8e3f4d0a0a5660311f3f3425bace44df48aeddfb40bd46171fd946c081e9ccdc42c43b36761c20c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
e92a716277ae797f6f494b6739f7280d

SHA1
fe0706984edbe5d0753cfe6d6b1a7178892039c2

SHA256
77685ee1638923fb3654fa63182ac051b7d5c7bfab03788c89164cb3d46da596

SHA512
c9972c1fb83cb256f902f3c7346862e615ada0e627238655bec9726a2100c7af3d709b1194a4ab64557ce973fd1eb4f066dfd1ee8e21456d3cbe7350dfcba14c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
71cbbdfa5d885d4827d3642f7c27f899

SHA1
2b2cea0dfbfc088742c01698330cea3e529a399d

SHA256
ba4cb9d408aef714722bcfd5d2ccfe1f58355bc81658f5ccb9dd9b8d18f6e502

SHA512
db9ca398687327a4a5f6fca45c8ed2ff52da93cc13bbc980033b803df80273fdaae2d7c488aafa9c09a6133c0c0e92ac11362c81ca9713dfe35d6e6e669aa610

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
dbe28b5264dd37f5cea742b9a53d4e8d

SHA1
20a7b642f0a853a3d08132055a823076ad1f8067

SHA256
e2f82d9ae1c5f9f749905103619b02f177eaaf2c3a89a87f5f7a30988a816680

SHA512
b3a90794fdafccd0e2fcad74808e299ac2b3f57653bdc29cedccb3a7d5075f25c9e4321ee3a196693618b59d0c31572346338bada1a67ecacae4432f044cef4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8b2a7d81cf824b4616727dbf850ef294

SHA1
d152e9a5a4cbfa45313151ee9e0ea895733feb92

SHA256
1fe3bbf90144b0eca9cbc4361686cecb6359d72b117cde83d4616f9042a05244

SHA512
f71aca7914396144df35bb11eddb971f8012fdc014449806a9f24eb937bfa7c4ec9677cde5218ffd6e23dfc5d120182b9ca7feab5a266bef34167e0678f95af2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
90be5b099b32e6e24428ddbac9140ba1

SHA1
5f8ec2c0506dd6256dc30b2ed7bdfcab8cb58954

SHA256
67d0b205878c312e26d1242856275b13f9e9418711174b9d56d666c66b3738d8

SHA512
d06682f0364680d9cc5ad3b478051c05c275dd3e1d508ae254a961b7ea6a534ae9d08e0defaa3a65d1c097785f137cff3a96860dcee935aaf6de1677829f084a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
38c6a4d2e2e193dbd4d4e9359a775fa6

SHA1
77c1c674703e2f3a9f92eaef6d991ca8f70fe9f5

SHA256
3116e70ee938be2582a7436625ccff32ee622af31a5b99c863715e2c0818f2e1

SHA512
0e96cc01168084a6275668f71e4b6f675206e3169a1dcc98f0d0610df222f4227a982690f4488a1f0936529d640db081e9cc6227a978ef30b8298a542a2aa277

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
1e1d902f1d648e54d19f8ff071d0a549

SHA1
f6ed7c9d2d51957cc5d119641693f3447f90bcce

SHA256
9201ff99e5c85e4130cbd2b9f6fff8f4c564ca6627045eb34ea772e4a71812cd

SHA512
5c753d6b8e714a8c59c95539c7b512f923699b9b95a50a1d6793a9dde29cd13feda86cb27298e011ea2ed49fdd2083c34f70fd7e3d0488d5c15d490a662b6f6f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
877B

MD5
0c613e5f0ec9297c30b52ba47e404037

SHA1
0e8c8eb51ccadaeb22a2f0293ce7ecc4cfc7944e

SHA256
238b7b0da737ce27bb29b33a6e2d36cdabc2fc9530164ceba5c05a5c5bbccadd

SHA512
b2f159ac2dea16b81dde540442f454f053c13b6a02640f780008616806cdb71732fc9fef333d9bc4643ef43334ab8469da576fb78fb18ba18f87e6dfccb7aac8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
d1adc0613648be971e9e3de20bc6ae31

SHA1
2e85f8642a49f43f47b529a802c254bfcf6d9c65

SHA256
3253cb5ffe2446c028a71adbc9ef727ed0637ce4406c1f4b79cd9b6944f4ad05

SHA512
49c71f05c24353fef1093f1005cd4dfc3a930ab0f6f983f43c5d46f7b6ce1e27dc4bbcbaec80ec00e25d059a2a5d4ecaa773e3b46cfdfc593ca69aafed5026f3

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
4b9a59f610d9af7bfb018632dbd17284

SHA1
a59d0aee45ee2a2b517f3745a0f46835f1b14c9d

SHA256
bde283d004f9d544821053a5353877ffa38b1e8157f3165d59659e4d445851d5

SHA512
f6382d9eeec88f046db59cca9bf03a56fb91d3ce10e593232e3c2b8b9b709cb16ccfd7cafd2970151094081ccf7c6ce4052c2da89e25b1b29a6672ab99a797f0

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
f3116daef477413d7af3da5d67a967c6

SHA1
a19570b1e617071c87c708989d0b1f68d50a2ee9

SHA256
ffd1a2190eb11f02dbccf1eacccba40db4d377a827e42d9c127b583b537567be

SHA512
63b839bfe9a1f4bd0861f716b38ff69b4fdbc35ed0c19e80d781380f413d716f6a149e8a3b882c67986bfbfea2ecaf89edd05730dcd22f8733358788cb25b742

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
d4a678610718b0a17e6fd98ab416551e

SHA1
e809e896212a3b5f465b1b63e799ccce761b27ad

SHA256
880e5f16136dca682787744ec2964f3c01581829150a73f5f21dd462d01ac8e5

SHA512
58e4229623ae92fbb2192d773abab3ef83fcdb9fa6187e1389b6615398476b5d748f5ff6a1f74a514909f4af16289a49cd074979fb205e5d19aa0d3986a78caa

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
ec990c880b50e2f0480b50eb23e8a06d

SHA1
ce1c0cbffa84120174eddec36f32d16942c0f1de

SHA256
d91804b93b3acf187f20c9e687c93f253fc68063a10f229162905cc7ca78e348

SHA512
12b023a33eeeeaa8b700c62b17fe484b14b5f300d7ab1c4b5641a10825ad0c7d5c893003f157dd25ae52073bdc308d1330dfa4f330d1ae1435d3744b3d40c38f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
5a3c2ce25ded7c74f34ee4ea5efd1d31

SHA1
7d2c27eb378884a4c5f52c3e9683597c42a0dcc2

SHA256
9649b7b9c6541086907f70bafae2344b7da89d451e4e91ede7398cd7afc8df98

SHA512
276a6c89e78d352497238c2d76f33a1009440b20637abaf152e10bdc47f6da138df5597f1f79ce8358b8dfa339dc838bacadd41412feac21ec8f0cf23e9dda43

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
fa2681eed9e93e7b33e6bbabea1b7dd8

SHA1
f564a1d27086ca59874bd2f81e04667582188285

SHA256
74fbcf07714336129da50afdf78c9d32570ea12a93a18dca1c383dae25f80eb3

SHA512
59e77a37fcf5d51e6d9bcc6333cb4bcb8585dcb1d8ba3611bdea873447d4431cb55ca532ab5b810070496ecc2f7aa3598ce7a1037ddb4e899671f98a3aa308db

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.HeLLo

Filesize
2KB

MD5
2952de339d40bce7b4ce6b40854a7304

SHA1
04ad29bbf65ad23c1b3b0b48999185b0064f15fb

SHA256
057ae63439728f0fdf56a4dc9afc92a28afd0352c4c755250758db43f1da184a

SHA512
d053e0d5191566936d10f1b92341110606aa70fc09d9374125a902ed68abe69302e740522a9afe047cba10c49370bd5f02d8de2787d1cd5859d78ea1cbfd35c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
08ee5a0192b38627983f3bb1c0487238

SHA1
8c6ef31140fe6cb5c0d0c9119ed66703457af70c

SHA256
3ea20b3c87d85a961f1d02f8783808cf484ddc8a5b8ea8f10e0f0fcdbdba41fe

SHA512
959a267a9168e5fa3c83357b3103de61c9284e0edec8e55793992e0e026b4db25943dceee1cd53ebeef1afa767c82bddc75cb5a18375ed33575c2b638e3e671d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
1fb89ea6aacbbe7a4f7e3f89895ecde3

SHA1
5a6fc5994f1a622d9d648bc802dba46c55e598e7

SHA256
3bc5c50fd325efd6a3bebfa88802be9d4ac69479e9a88884685a3f200e82e834

SHA512
9e19b55f21d9510008dc373f2b9d02053e4216e5aee50a92a2c6c9c72beaf352df12a583bc36a3a48098d858c331637c3445692b24f3430fa35fef8b84aeaa92

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
69a16bd3507a183c827325f903b49db4

SHA1
947f3d9210e7bab2002bea045f4986f87befdad2

SHA256
1cfdd2372dba94385b1c1e071ec14ad04c2cebc2f6320c969070cd5004513cf2

SHA512
7292d7ab5b38ff19e7e299bab01a0153738b4edac840ff1210305c131667d4205b900807d36431b322408c27e791aec1b3f544e6757625132474e3129b2da39a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
c3995e28215ea696a6a4d4467eea65b3

SHA1
3d82913e53ddbd2af84e7fc06f0fbfb487757e5a

SHA256
90db2b9846c396d4f013e87da63e1b67bdc55b26cf2069b2e000ffbfcc240ebb

SHA512
95130d17f064a437bee1669c52ef7bc3ca22dc1823832360f3a91d9c6a4f3cca847ac541c5ba853e8235964e2bc0297879d3fff70c2e535175335e1aaa59edc3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
30f334cce22e4f844a9110bafe7455a3

SHA1
f694982643149dcaee02f46db11b5235fa45e088

SHA256
44d9185f81a24d09486406e513a03aab6ca2aaded825dc104549571823b1b4e4

SHA512
536e95607cd38314ac066ecde13f598daf2f344e65f682e13bf986f0133887185c3f6ac6d421fe114d06998353228f4479b5f13bb30a33ba03f6a43e6e52bc71

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
42b5ba9c2a3fa635f374787a04ea6eef

SHA1
9c6dfaffd02a5f5be5587136b7b9d184310d0d8f

SHA256
50b05eb8b406ec612ecc17c54bba56d13441f2d943e6aae245053c354848d8b2

SHA512
c52830fb710cb72e033eaf30d235c7317729de959524ea9a2093738aaa66bc3f5f7e5ab898b1670c6c28e2f0619291cc4c51e53a04bb234d49477bbe0d05d47b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
50632b9b5f9a02b089cb96347d4f6460

SHA1
209cfe55fd48d6d699a99962741e3ed2bdcc0770

SHA256
d14791ff3e820a5c6212b36aca3bdae99c87b211d01099852ccc65cfb87f730b

SHA512
beee47b2de8d5366c6baac6c39c000a54581a1dc7be29408f8e353b4f8ccc2cf3c7b7643eead42197b2bee93bd409090188e0a875cd4d063628a3e34997e12f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
18ba7822f5cf927f7d054668a1551728

SHA1
e1c042c547aa87aec8a9e7e6b7b2b15213fa4f64

SHA256
07e7d4e425b7a63c5cd8c1d6adf522ed73919e5f2c51c7416f3c4f500b77951e

SHA512
9b565ce2fc5f709a5c209421670309f5afcce1d6cd8e8e2f1bfed461ddadb20c30d96af99e0ddb14bed7b62c2af42e9e8206acd20c63e706ca9705dac9c8ea6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
6bb828e777a78944ae852819044890a6

SHA1
f1f1a762522728515452677fa6d01fedcff87a30

SHA256
079d9d9641d6d9c2915e5cdc95bba8251183e9b9f9b0c3195bbf629ebd77a262

SHA512
6e14a485cfb4e8c15dabff286afe4704eaff89250b614ac7fe5c2682eae6399cef06ddfd5e26d56947cc7be43b20f0df73f2bcc41ea0ee60c3e544d349918653

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
c4100e78c909b0512e04f2768b63d80f

SHA1
d69db98356556dbc7c7fa282193e8d75ebafa808

SHA256
ec96dbd5c2df982cebd95fd5cb1cb101596335d37a3b32f9d5e3f089ebab5aec

SHA512
9b31e37a909368a84e94822738d8bc1cce4b2fb7fb4c62c718068d5c2e90e8079dbc393b0ee718680807906f78af6176b2eb603f00e44b30460600adebf72cd1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
b2e7bfd717e83d1d668ee8e45ceff707

SHA1
e80f4d1f7d1463d06c3b6bd1f979ece671f0f050

SHA256
2cbb9296dc553b0fea682bd19a4fc83666c3fee52841cac06c44431acca3c28e

SHA512
60941f606b5827d11333fcfa923b9e342e9a70e4fb75d1743ba182a804a7d07c28d5d1104d269f4ccdc57957796b4b5eb05d44a5e0b1a0137597745da470e5d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b6be383629c4d09d5e21909a03b7f889

SHA1
eec4719ff952932fb7c4953fbd0ae0aeeaa219af

SHA256
b60f44d9031f03218360d1f565057d6ad75e3b24d6df48eb8ed6f0d95d0735d0

SHA512
cb66fa55e5d878205257544e1cfa2580e08fc5212c6a6a111a6c166af3751adbf03891e346c2e2e41c78c8edc8d6db12822b05b3c3fd32fb9ea671d5ce0129f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
4fb0253eba5d3deb0f551ecf699c5a4a

SHA1
fcf5033d713394a929dda219521ecf401e125fa6

SHA256
bdda248a486092b7207535cd23c4e6a82fcff75021317ddd3eb5b2a40308f100

SHA512
ae527bdccd719a3a15a0564d9f729c6f784a9b3e7bfd6fbb994b9ed1c144485b90d0b67de1181b0fbaac32e7a5b1a9aad0d09860132d4ee181213fc7bda83584

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
99135d01f44fd8d4c54a78a3c686d703

SHA1
5995a762a3b57180a4b4f07e21a870830554689c

SHA256
d7e7b67733ab28f81ed86226531b9909ea3c8798b18f6302a64a339c3db8eb5e

SHA512
e6626ad7f53b82e8a0168034dc0d62c9293ca276beeea77088051672ba47504828b8047d8048c56cc728c564111281be4311840386bb7db13f0f8c5a92e351a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
05c29f0da773597a968ef927bd15b768

SHA1
9066e890dca058b41a35949a2cf9cac60e681073

SHA256
a5d8642be821fc3a0dd66c85513ad91bee67663986a23633296a85ecbccc273c

SHA512
9df2e93288bdda2d0ccd13199a2c7cc3d67f820b797ff2d92d92dcfa6eb94c7fd34194c378b7adf0dde0844421f536ac1df19e6fe090d7beb513ad57698e3042

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
839d4b071ebfca8d0a457952d22ff990

SHA1
eda1ca0afb24ffebbf5482d75f52eab86832e4db

SHA256
446e4d99501c12527d395fa6e2e87466ae34450f9c80e5992a578d0e351ee0b1

SHA512
70ce3ce65cfaabb7041167d5ba053d119d72df884c22d0a4534c6dbe18019f1b57ef530828299318e4040a3a6d823c88e7170678dc59fdc1a3907e14bd0345cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
82f9cf9a60d73671dbcb36364d772794

SHA1
2b74c5d97afe48c10a054a3653564f916c548626

SHA256
88013f6f15adbaa0485c39bb537042fdec43973cc5ff61f66391c828c2e5d169

SHA512
e5a0f3ae105dc81d4ca0bb4b179ad38cb5b51d2c5708d708393faf1b7b501bae75cd327a69aa498386386872793f2f256269b24fbdecbbaaf92d6aa49600109e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b33075f9206562bd6cbe07f6f1482a3a

SHA1
e9609dd7296e24896db58fdf61cfc6584bd21e10

SHA256
97380dc3c40a3821eeccea654470a91e71831730745647e864bc5e874a6ea1f8

SHA512
8df0d36ac7f2316a9f639fb61596ab9a2ca8b781baf4b42ad47ad10a6c9f9add36585aedb8e6e530aa070474f35250a3700cd28b7b990e46e5e4fd8c547362e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
1c51058737112509bc742bd16747e94a

SHA1
15b75d7ecd3bbca96933d4f97f7df8f99ba5d6e5

SHA256
7500912e7267fb138da26dced6f629a57cd5af2e228657e101bfc59c08300ca2

SHA512
7273da864af447cbd58075eeea6673a2bf9d12f6e20abdc496ed257278df39ad774bfa3e687aaf30cbf715dfd8d8b5e4f1be763dcf2650e613bd9e527c524c33

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
70b0997571e07c52e582d633d69952e5

SHA1
8e072e8f4a3dcc42a042157858c895acad00693f

SHA256
9048bef1a1597f082e8294c42e95ff331b1f2541f8bae28246cd09193729e763

SHA512
151c1be63389f5f3290eadbe6d33bd161aed41254def17eb530edff472068d56bf48100719d039876243490c22e1fc667b25c1881c7b263bb538e21efb1f08d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
727c524fc1aa1c16a6e119152be7299d

SHA1
67773d3097be4dac5d583ac299ec9ac54651cd75

SHA256
047b93eebd0d5f3693e2bb01238ad0c28e5b8f68b34a64d11c445564126b4314

SHA512
baee4aa397c3bd3d4fc36532b38e563f7fce3b4524872476d6a5bed32b0a3a1db02f48fdcb5bb32e0a5ebb66238bc7292f16156ffe08db746aa6a03fb207d2f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
584cb3d8af1623a154a8fa03186f4e8e

SHA1
5600e4d5fb07389c37eff7e5e5276b8b228f8df6

SHA256
748c49ca8ff0b73d1b4149933b7660203311298841bc165f8de0f1f0fd7f2cc7

SHA512
ac121368847830f1f451a14e4b6d4156aa2d5e7a372a060d47b4365dcc16e1701caf403834498630ea81b3bab0a7954b6be0d32233a56e37670a263cc4d5c598

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
4432dd0ffc6f11e97532dec1e1b3909a

SHA1
b83b94ba7f73d05a79c95d0a5f2c1b83179c2723

SHA256
72d233b44a83ee9b7ac38ecf069c59e65d8fac13bdd5ae0e0906450f0170c0f6

SHA512
6a057bed2926b591b6fa6c7cc1d17014329de05af83b618c1d707996d4a38ec1a7edf792d1ea5b8d0c8127b0371a94b2adc6793bce8f78c0a49613491a128e9d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
9208dcc07617b8647bb4db392e682a12

SHA1
ff8f5a2dcfbf4ae177fd878772a1063f006015ed

SHA256
ce6f11467c840599b8ffce4f6a176742445ff85097f105e1f9b1ff37d589155a

SHA512
ef940fd9b97c4b5ddf782081030102e24ae56e5c9d134c1253509b5483aec9e501fcb374da72a014e6f88e4a5e101e51729cd5bd435e2251edebfb3292a4c09f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
87b4fc29ac6cf8ddd16d62b1d970a351

SHA1
451775cd8c4e1cb5a59239f2ca86b37c6650449f

SHA256
49c161c8123207480abfeee48c4d284c99e2ebb6241541d86b6664089267d7ea

SHA512
7951faa5a7e02412a1da659c79baf76498cde5a530343ac8826df8eda17e71987c6789d431da9238a6943f266f657af8d3aa34f069c4ae7a743ba6df729d89e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
5f324b90a5ce66065ed4eb27127b3222

SHA1
3702033500600654dbf870c3ee6a358e2b6f48cf

SHA256
591d34c7ca3dd922d38b3512aade753487f46bb84858c4e4f9e846eae16a45c7

SHA512
b05d8d183b3a3fea7457e2bbf29d341dea4b00588f765721b147e7d3e932ec251f20046135183f7fd11f140f770365f8a9009547e5f7e8d60fab108449827074

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
479e60378593216e725a90041f7e990a

SHA1
9a5def583fd17fd3b4241ee44552288427bc83ec

SHA256
76966a5e7a299735cbd994b5b5f1d9ebdec1d220e7dae4be40f415ba1263ae86

SHA512
4be899d59869ea8dc96f2230bfa61a925400e4e858d2458496b7ceac766090fdd2fb8aaa9d7c6bee19835b7d40fb77135c3b11c4fb89594b9a8347bc4f0dd7bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e3a42dee8fb2b1c06aab8b1d78fb91b7

SHA1
83b774b3625c485c267bec91b806e1cdaa6f1714

SHA256
28dd528941fa5d639e08233d4045b9b33c22bdafc7c0a615bea433c553c602de

SHA512
a1ad3aa2d5a0213acb73c808ef70eed444be9d34d32dcf91992e8d650231df1373c5a002d407e170aa158f89e89bc774126b2ec3244f428b02434bf00d85bc2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
a64b7b55cee6c19897934da739c6e5f6

SHA1
b4795d5886ac5e8a4f9501735e05fd37ba2d2e51

SHA256
3fd079c567f90e1bfcf3cb69b26c0e8b5fab80bdec8edb6a5c9555011bcdb275

SHA512
aa82e7f8fee3454e1411627a21a0020b1f78cf73c9bd0f5d1d8cc4df1eae2c9947ed48c02aeb306a7f6f87ca506cea0d62730b9c1e7da875b94fcdbf4a4710ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
d640dc3026ad6b0428481c25a5fd06e6

SHA1
3103408e3254a1f372f5318192ddf141e628a010

SHA256
40b12e937f318fe58d12f6093e3150a84fa74608a941a6c132c0bffc9b88b6c4

SHA512
d46f39da49937620bd0257c068c56c6a3a9106e63d3a439e81b987b9a743a8ae5edc69d3be6b4e68f37c7bcf2f762cc1c9bd4751458ee0fd270e245fc6d379f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
2371777bfc255ed3f992fefef7a7e459

SHA1
5de59239484cc25ca0b243af19a76078d9da5b6e

SHA256
4cc03c9fe08d2cca900735843840f5abe8952aebc1857b03875d0898cbc4d3ed

SHA512
d06552d2da8a5c3bfcf4f0cce6ddd45ecfa9d5dd273ea5c4bab42ae62d3f7d4c47b5f7f11d2e671b3cc8e82b053614049c53a56329924f570a6050e033fd98e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
abda27959058ae652bbd5b64eeb2f61b

SHA1
2eed5eede483738ec125de50dbdd8cabd7150c35

SHA256
e1b3bafe33f1431ce04b00bfad35faa8e25a2ee55c667094923b3ca600e1e15d

SHA512
bba8999c3b3b906b4234c59117273e28c228e0421cb9873a098e9191c0009cca8399fa2377094d4dd9f0b7fadf6376a231efcbe316f80be7050f491e1f444f9d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2b6baff36aea2667cc81fe2b09ff29e2

SHA1
96cc14926e69e922b1a1253bd743706d2f16e750

SHA256
99591bb7f393785d84f563a6f22bec4d35291719d6725c379b1e9ba5043b32ce

SHA512
aff6fdb399dd3f805eb90e78260e30a0cab92a92736c80162be1ac5a4d98d7b460a6ecdbc8d62962e9fe70081696c633ce8633dcf39489da7c40024cc24a76f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
87926d2c2a5ae7b33ff97e6588d98443

SHA1
dfbaa9945699f1a6841ed91396745665dc8979ed

SHA256
91ece960847d8b69c0cb372c6220d4460b3b32a2370062c62f7b4619590b1644

SHA512
3511e657b464d24768ae97302e559b3ddece09fc4d7e7804c619dbd9839952d4cc43621a752000ae3f4c4d4b9db0a5ce4ecfacffc478ca101e382a1ebae08140

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
5ea5908f0c2c41ec2ee92cbf52b032d5

SHA1
b8bc2bee7d80a812ce16e0e808892e29b181ce11

SHA256
c626237f9f074afcf254067af7955b1dd91280535f66d849ad5c2993248fff43

SHA512
eed418bacdfd1ccb2b5f98c18a278d8c4e1e99f73f4877e58e9da7d36d4cec4a27c53f5e7366579c71d78834763ad0ef1c39dc5de8b251b6cf55c91b261e8ddf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
61e2b2ee18e0839a95993565dc44d0a5

SHA1
40945919d044615d0671c987eebba19538124943

SHA256
8f6431dd49cd2987caa8fcf6ac8aff0b4ef423cee5280f01328c5bb24fefb86a

SHA512
ee3be854f7c00e19283918a79a03c7019a5cffc7a68a201803aa450205d52d1cb47b063fcf3b046e3d43444c3543ce5a837f1fc6e9fb0945152879e6a34cec88

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

Filesize
77KB

MD5
ca2155078d69804a3646b5806a91c781

SHA1
c2d99677d196d08e11e5e1ee7d2201426fafb0b7

SHA256
6c5a1920804f4f743a02253550ab4e29b5b273554a3720dd26c56b626a0f440c

SHA512
03fdba7254e6d7118d2025e3c5d956e7cb3d0b8521dee1e20e74b32310598940f87d7f80f5759acdc1bfffb9a8e00c3606911a8dacace76899f406a39fe61780

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

Filesize
47KB

MD5
1735f9a8b0679ca9d0b5883084a69d64

SHA1
5300de77abc2e6011ad9b6f9b3d3547d5c9b03c2

SHA256
3c5dfe64017c1af99137885d572956c1f3aba20c529c185638634d7bfc6aa40c

SHA512
4d7e083ad00bc73481d8a28001c1ad367f7d737132c0bb8340449e2c0cdc8df68101a879ebc70acfa1e765dccd3367b1fc866970e650851b87dcdeb87846a960

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

Filesize
63KB

MD5
7fad8609455031258f27bd810b8bb23f

SHA1
e234a798b30d35c4bb0d9502f833c6739d931e20

SHA256
9e7ed5ba7b16b34e683c33b788d6b250e4786246a4dc239d3dd71567647f6b99

SHA512
64f76b9d2d72098d5b78e51e0f7db7359effcb866aa6377cb649d5feece64a7ba8502bf0bea3b704846f42198735f3da863e382c8cb4c2fc489dbb35afeaf63f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664894870546.txt.HeLLo

Filesize
74KB

MD5
33950a84f056e2797f4841dd2376b895

SHA1
b86ae3dc920ab3771f3867f9a32f31e479939407

SHA256
de126779595199a016eeacee04c7dce7aacb5fa8dde82157655305fe8735aa24

SHA512
f599ee4d5018b47d15717211623f6dc1f52f03c61893e82f7a683e1bf7f32d8521f47269fb50ebdb960ddcabe7f94e162aacc7a7c825736b59709eb065c7756a

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
87d725fe1a7e28a24f8228e55688b96b

SHA1
e1cf01568336cbaebe17b646ebe75a2e04937d21

SHA256
acaaa07e04f29644582ef9d9c16a4cac9097f82902763957e3866b75a0257b6e

SHA512
d225ceab072bd2fcd75c18dff6ad31dfad427db542ff9379da9e2527cceeae9f6bb04d1639821633a8b455de53287360e60254f6454d080587038d50a937fa2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
52e9192fcdbb10961cc22368bba35ddf

SHA1
3fd4d69fb32ebf2aab0491a264fb0e89eec89717

SHA256
c5de11cf382ba7c51b54bd201e682ff81027bf84ae7548eba1d0abf8778d011b

SHA512
ef43b100b24177f4e2f5b3a672facf213f12c3adfbf16a2cafb6a86608a93b95bc16f62ef4f02a99be6fb7a92562d5a93f7cac0ae916bf1afdad4ebd2ed8e124

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
01a1add815fe1e3233113f24318e1069

SHA1
ed91c515a8475ceb2d94200ef788d1f54fb29268

SHA256
53125ef2c632cf117ee6cc516bd54ffbbcea4d7c494da80383df54288ba778f9

SHA512
4133182897bf360b56e4c32dc3449d8071b0c04711a7bc317188db3cda6682b9ddf887a0a309344cae1eb8195dd271b0d54727a098c24316f06654e3104b28c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3e65da9dd7740527ee1980380703871d

SHA1
0c5bd06f4a410b216a99e1c44aeb61434df50d6a

SHA256
23ed93d8284a5e765d8c0ba73a790b6a8c68eae2231e2accc74c87cf765e60c5

SHA512
9f6259e44f20bc8d66a3e250c5dce2526cf3d6918a359984e5a36f09f87d5f9eac9d59c5420095706dde2ce60ecf530f8d4967feb5ae140b2bc3300dd988e1c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
aaca4be2440d248bff88c1dee8212e4e

SHA1
9f883333923252364f5bb1286ce8602f33b95807

SHA256
478fd058fd96a2bd44c68e73a5b697e854396c766ab5ba556112d9cc73d0134c

SHA512
1055237c2206ab9efb910d10d6e5f2c2f5aeb8079268d0d0687173de63c3320ab6390e681b39228ac6a9fa225686c411bf5fe641042b589a196f650077915d03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
77e33ada8c7a76f0c627e1d4cd2e1340

SHA1
fe5d9a428630ce93f95e36658d0df00724046f23

SHA256
c8d41d188080f3e6299f5329a2b9ec2befd1e9c796deb7dad1cadb189d284c1f

SHA512
7d7b2a1007ad9ad2b627f0fbbfe70c879b164ab765118532857cebf30c42a89f48175feba5d1b5c2ef9d04c622aa94c2496d7916c569b3d577d336bbc1e2f54a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c3666442dcd9435b85c55bbee424e685

SHA1
b5d6460a6b8f5ee62467b7da38a702ec64a49ed9

SHA256
957619ce72832b45bba7fd7f9d7801099b61494c9760c7dd1bfc6c3c06c40cef

SHA512
9a01f534ed4616045f6acd5f1746dc2f0d9bd2204a0a94f969948c1b5029d962b660244e641ea0d0aa3d11f1a1d387e285ba4c7d1520ccce0c5759df1654a2c4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
9ad2610cbcda12f8a4be899c460bd480

SHA1
765713e032c809b771264fe0fc69d2dce312ece0

SHA256
f1e7f18cabd118e86c91e1602f0ed9e44bd7aa79895b201b861c189d9ee8de22

SHA512
28b5bf10215f9785012f44a27b6967594598bd0b339aff6e7b77c045de8929147318fb020cba70a424195736dca0f3dfaef23db7b2dc337e03ab18616772d6e9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
bd5479ca56236816abae5b2f2103fd69

SHA1
ab2b0cdb45068d48aea9cb825a10e27f2b52f236

SHA256
f6d97cbbde510c9ced3857a7e5758d047f537caab8fb87223f3d4ae15aafec14

SHA512
08a4ebfd4c7e0ff27798379683542bf7a478d004beda2038f6eda8f508dd025d92d27e7507e803ad5f4ac3844516c1e027870423afea239d5b657656fcaafcbe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
2b471350e0c8e1ebca3919fd8709de76

SHA1
686bab43bbc770b7b5c672e24f145f4840a71800

SHA256
fe625d5a377774ec508d73f922baa170b790d896967e22571fc71a499f0f1f93

SHA512
995ea712840f970461adb86667abe0eec2d41c0fb5a8e4940d9e1acf5d34c79ba43785574fd4de6e97611828fd22d8819e0a787cffcd8524bb8ba096b06464b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
67f21661f3c003c8042030a5796c6a72

SHA1
3ca1d9d2932b5bff0141b392f40916a84e9af5fe

SHA256
d814c407ff5eabe3e86f5114c15f33af792f3a7d02efc1b0d98ff5371428f2b6

SHA512
0d6f3d920ae8850fe0b35f143223ef015384662b3b02fdf1776d4034877c7b022d18fd787df8bc41dff81e74a6c1018bf46373db7419302ca546f0e997dd0764

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f28044342d2a7a7e7b2ce0d268d3c1c4

SHA1
87c2cb681fe78b499921a4f8125785d2b74160e3

SHA256
37d36034b7de5ad69fe4f138ebfbe6a6ae7fb0c88c1d5a5e080e3a9516f79933

SHA512
9278ace4e727270d32d733346f5f8ad6559ac15bcce4aca5133de79707ba4c597c7f9b0be0b586afa2361933fdff2410f9350c8e9be1b62d5045c31d0f0107b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
ca8c3905ce4da7acb7d29ae7ce299203

SHA1
1acc896d80af853f05d90df651df2bd0c02b324e

SHA256
27654fe8cdc9e99af8b9d7e5d596edb00f94d3c03175616a71dad9fc1d5228a7

SHA512
653c5317030eb4ea603c87ac316d87f4aa351f86ad63bb976277a1b13aafd9ccc05b98869132f7a82442475f09443b9c2204bbb0c219e1cee18a9cbbddab97dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
d506ed924369b1e94a9338e1691d7fbb

SHA1
a9b31479d9af13ff541dea951c7e5095e9cf6446

SHA256
c9e0899ed67cfa3aee05a5b6b4a9e14ad7b250236a67bbd32a5d416c15107401

SHA512
1f3e664b77d11a2002283b6768c448afcb4fc4fd090e3c1460a9dda95ce774e02d8cff20584bdcd7b72985f772b9f40b8a8b995ef170c512dbaf810620693847

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
e0f81d9d68bc91ef9e53eb5286ee8d9f

SHA1
d528335b19d51a63e841055f1bf07aa837b5f4ae

SHA256
a90660c54cdd2b61863d07cc9889e53715e5da9550b5792d34fb85b7828d4831

SHA512
a6c0dd6241ba122074821b51444cacc902ed13d86d4060424783ef74da187a7807bdb8d22ceab02ef29768b38b83b0fdd2b8a7009ff6c6b08d6d13b2390566c2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
5c304ab65f76b26a2047acd1fb66ad3f

SHA1
a211c1c759304a0245f3b428131d2c8689f5eb13

SHA256
3f83ed8f94f4953e22eca8314e8c14870b051d14b049ee67206c91e707d31f25

SHA512
347fec9b30d43d3e27dd2d5dbf2ae84f601b9cf00bec6c7f8e9cf9019d5712a2c1b5dd6daca6903f045720e3b0b4b856c4d0a3d51a665980d3bd686f5b0fd644

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e680e4d57e8da900a75b726bfef0accf

SHA1
9a4322d171c8b5d28b7c09aadc82b1449b20ea83

SHA256
99e84d16c1cd3592903531d5fd6a9b4827b104b616b7230c98868b1ea500b691

SHA512
f808746b33bfbab57231ca1c8ff28b63e67267d3a365c9f9f4b6fd91c96bc6be2e14d815ca1610ab05b00e9a3be5983b7ec4a09ff876d72adbf0d17b2045dd37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e95a0f10186719effe59b9dff2be4295

SHA1
694a5a365160e20246d40e3eeca72dedf73d6079

SHA256
bc08466baf791d5f04561349ba198d31ba947933cc3b8e31afdc72caf0cf896c

SHA512
523e0a34f1aefd41f0aa4c436ab5571f8d151289bc4e2e8e6a90ef7031e1518eb8206e2becc02dfa7a91592a0032ab7ed5ffc3404ea3f4aab62f035bc6852239

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
86412c6d1311a843c4b49dddbdfd3543

SHA1
700bd3dbacb2eee033ed440a0c3abc163988b653

SHA256
7a26e3396a19db00ff614bbbc53b978ee47ee665ae541bf5a2c87a6120d1af1d

SHA512
5788033983a8d4c4636969dc65d2a4c689751469ef23faf1bbfd4983ab4847dc081122db0839ff36e4d4e1dcaea5c315c527f2a2711b50c3dedc6d34dd221a40

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
b2f6cfb94ad94851e6e6f4462b55e1ca

SHA1
bd83348bd6121fcd430ee8eae92fb0b8d0d93a76

SHA256
c1b00b67ff601e0b376c3c16ab1aa86177538578dcf07dfa52c8b38ac4f57d8e

SHA512
e03301c5bad26f1b9bc94b320ed24ceef777cd8cd248563d3f06765c7bbe2e7202f903f75201f61ed664819459de3eab7e872b765a1e2c80ead5d8646624bfdb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
e03fc24df80ba67a3faafbf01118c3a0

SHA1
15e2b5a9d8b57a0a673d13d03006bccfd1904af6

SHA256
8f575eaff3fe609f47ebf553dca6aa59d5c4e33bf688e4259357fd01be10f328

SHA512
c3cf154c066706df66a5401e7984ccaef849153ce5c9d0f707eafb3dafa71f97f16162ac2cae4998968a26da487f1d2f5701dee48aebeed66c0915887cb0e613

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
7d47fd340ee25870ef2f3d7405656251

SHA1
ac5386f164eb6609d6282e1687de7e15c641415e

SHA256
2db7c055e8d3a40f3bf468960166a7c0a9fdea9a3acd3282cb4739c10281dc08

SHA512
a5c7554d639fc81a3b46e22e3d80c8d4a05849b478dbac15e4189a4a92f64711031d45ed1128160872c0af0d194cdd9234c582ea24d2c70b31270e893cf07a8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
20f6faa160b8fb0cd0de1465ca12611b

SHA1
8cdd8caa5425fb12585d56b57fa2e6cfb2015a63

SHA256
86b3348ac5fc8d2d646d67ed3936e4e6ee51681c56cdaf67420e8f0642a044d0

SHA512
b5dea2e5ea89f06c8565ca0023070eb9535c5c1dfde6f664bc7a0bb89cd7208f5bcf98f456dcf848df08cef88ba8e58eda5f15a6e8dbb03330d6bfbb45338fd0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
be1100c250f2df4b94ab8c74a9399dad

SHA1
a102535ea1408b68a5d0ec354fb3e672ca321fde

SHA256
3056f2c8fba151ce8d80b70f49639429096c71670d469c721c0a1246cb175da0

SHA512
5d0eacf314e93049206b7e9633c5182014819cc9ca5545fdc1e9998d04594fd1b461e906dc0e89935129f1deeb0a46996fbc459aaea73e966c411f00256dc817

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
f15b5ae8185c7b93f0a0191e6a18d843

SHA1
eaa82138343870da1210f401a4e8f4a5a2e97adb

SHA256
d0ed910fa02355839afc8974dc41299f4bc842d74e1703d84c18320f73ab2814

SHA512
64872669ca0584abbda09267c1bf262b28a5740f76690a7b3294cff59760fb9d652765ad79b22b63d87fb178f7d3a62a430052a5228f011dfe12bee4028a5f24

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
09bc329a22d26e3f856e57fed868962e

SHA1
f829ea1252c8d8b2d04bc8d62dc347b0ede03e4c

SHA256
8ae3f42de94ae86ff1b97573044c7dbc4de12efaca9ed1e207b253fc234676dc

SHA512
0f7221c9e3d560b0ed14a42189676127da89d81dcb356274542e21ae95e37076e07f14963abc0a9b9368f25af958593cbe4eef6e5aab28f89090632f53694ada

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
2706bf34f7abbc72942afdbd6406f549

SHA1
ac04e71b0669c56f6eb683457fa81110c254c80b

SHA256
70c5f73474d069b179c55a547d5fbcc9bfbbfabd166d711d2fa6d3763b2e716c

SHA512
f53feb0c20169c9c6889a15f6d121f42b0adc6c74a3d5a898b28dd7e32cacfd84fa412706e2fdd9a5042f368bb4a561bd892268549c43c6c8b4f938e333ab800

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
6ff35e67a1a936908fbff9838b4968ff

SHA1
1bc0ea93ab6d99902112ea4f2efb5d1ae5dc20ee

SHA256
0c13080ab28a36457fa591c8b1da97fa391d0f13c1087336a1754e1cfbdd2a1c

SHA512
f9d503f803209706b0a04d6f314bf3a207d8c212a9b63c2ecc726c6f7249d683dc20c400738141335ff035c4d11413b07930c81e6d256a15c893ba876043d703

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
ffaa923bcb29121b81e9d98b999003f3

SHA1
52de75386c579702929f2f797899e172e854d1c0

SHA256
81b089e0763106a9005359a5906486025b87187accdc5235677f787c4025154d

SHA512
4948a2250a2cb26ccc06fc8f80c45e109b68a8c4d5c2a487ada23370531cfcf861266e17baa99b3e7549b030389e8619b4ce4a2550b41976e2c64e7b78d1da2d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
9d83a36d6fd76f62fa44b918031d59c4

SHA1
7bc8dc33891264f2cb43371908ab55542ddfe661

SHA256
da18a9708a4767c3bedecf7bdedcd69eae9d774d5611d26edbd1a2cc2a01236e

SHA512
fadc7cb08e4d142bdc9daaf2a6ea3900866a0e0d577a7487a9599d990c162b18b9669cbac5d1d6c3e8d6fa3d60eac9c422ff7a7d50c15f7614b8b5f696489498

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
752f8fdee95f0e283326b95055ab838e

SHA1
9a3297db93a23d55bb84ef0c48a8bd32b2b19235

SHA256
68ea5cd1c47cb141374fbe52b32fb29e1afcd30f100129d782c3569cf3be3ee2

SHA512
df895367833d173489f5fd3592a5661fe9ef987ac413c33fa60a8723479ea06da887656bb6b04f15f4f60a6c6599c6a811d987bc759e2d0efb76a99a1ea284f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
bbe55887d060157d75951b253af9e1cf

SHA1
3828414fdceecbcbbf82e18437b5447f522e07bc

SHA256
0e7cbedd39b876ad25ed44f971bd4956dfa1ae2fd8fdbecba027b9edaf23b026

SHA512
29539d08884a6d5ee46f35c6b09e471289b33e054ca8194d4b01161309b9ee315a7424cc42c756e48882046dbc3e927a0a490b4c19b850ac79e74165b4d8b7dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
74cbdb7bd3f44688d61e9fecaa1984b9

SHA1
46b771cbe800cff51929d1c530e3e802c4a0af23

SHA256
a8fa537b5ae5e17c635d2a119dcab6f24a803e8812f06cd5f629010a8acb2709

SHA512
9bd5e948ff0d7872e2e40d439d252aed6d147fdb2a711fa642597bd3a66be002259a2f084e8e26358ae528f6efd06ec97290ddee1370d088896df0533f1e6fd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
093a0022974049bdc382ee46d4f778a7

SHA1
aa3a811b48085fd14ff5997e18b5d046ac828a53

SHA256
37c88f632939b4f4166cf17fffbcc8f3c7414447023282b55011493ae013c240

SHA512
68ce67433b0ae54fb7e29ed79a9af13bfa652900e728b115f8940342f9cd8119e9e65b4238a0d13b0f71d94207b722cffe0994d0a294ed2108ecc2f73458e15f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
14fef40ef175edbb0468bd679073e7ce

SHA1
b4cad04eb4f99167a0e0578699276986d479b3ec

SHA256
defdf3a7db2b370a4a4214ab6dc29256508737a5808dc343400a45147128d208

SHA512
303b4de07152234e21e5c75d4e175215d80e63f2e042a1ca77b98c02ff1bae6068821bc9903fede18b05c40af366ea00a67b69b8bc63c70f70a3b3b5dbfe6446

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
de44c74cd7d0f259853abab2d1866db5

SHA1
062303fb82b08118f9afc16926410ed862d88c6d

SHA256
61b89bfeac6dcf89f62f45ed079c1658083af02ef213e1077391302bf3541212

SHA512
bed7172a97e7560ddc7273feb100ad99e0042ecc93a1af94ef8bc599c452231f1d0d6662051bd980b1ad6c37de6f53b8ed9835bd9101b4d8fdf45ca6153f6e5a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
40665a8f9a2b96212bbed6242250aa46

SHA1
0f1bcfc93d23494a40ebf6646ecac34a7d02d373

SHA256
5750a1ada68fbcb2c7d659016dcd8997987b8f414befd2b0cb3526d92cc0fbd7

SHA512
01979b5afffa748942b0646089413e93b067c5580b1da3beeb4c62cc0f664529b3d9c1dc857fdf6106f7fb503d34b38d78f1c8c44f4c1024095e1c23f5f04d60

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
adcfda866b26bd65b1e940038bb91bbe

SHA1
a414ec5b962236c957ab46ebe06f4d0494a598ad

SHA256
2502b3e6914375f630a39253b37b0aa59780fddd34654adf376e48c6b4c6b073

SHA512
c7d8704b4f43ed690225335ebdb32aee949cd81156b4a741489568e5fb96529f2864acfee08fce06af39bb34d92910947defcdab8e276d105a81defd0a8ba375

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8ef1fbb2ae8c9131081cb4c27f7dad2b

SHA1
afc697f02c65629763ca5a8984981c597d12067c

SHA256
fa0c6e1eec6e125269e7fa3bd9b1f6561445455005672f5aff307375da9048a2

SHA512
5049f8b2652e85fb40b16f3c36c79d2f11c5dff8196a7ba0c2959633a67f6fed6497fd052e1e762f0bfb365b8cf9ad93ce946f5f22d959915f8190f4a59623fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2ad9151542db7f387829279bbc7ace04

SHA1
9956430efbd166326767123cf5e45264038fce84

SHA256
d5e5d0f3c145bcbec15cb360c882872668f1d34bce535f5acc628abc2f37d6cc

SHA512
6c3ba68f58126b92683746a5f966710f6db83951fc48d3c75587394e332b89d729c46a8d943c689e1bc36cf455bc83ff7506bf84ebea6ea4c3e719e061ef34c0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
aede67bb3f9eaf446d443f28c6459081

SHA1
52006c3ed9fc0751d2fe9bf42dfac43ab3c1047c

SHA256
4c8cc6e3918ba63a90f4d374180e0e9b7c04c83b38b814eccd5a210ebca76f32

SHA512
9ece0e68b7968765c10508bc705cc2f655291471c828edb4f2a8f95fcadc6409b04c5240898d7d504f772d86c491e486e9622f31df33e38cf1880c9363a98c27

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
cde876d3f124a221fed470f60fa47539

SHA1
54821b6001c948a4f16fddb06e0a92e737fe6b48

SHA256
cacc60fdb15083e87d13df752591f53b0ce6b3b453073c4b35446605e4356e39

SHA512
cb81b1118e09ee1280653e9aff276f448245fb300411797c2e8bf743a983c7bd689930dc343e25ef32885fbbbddcd947514233941de6afdc5d60a5363cc12cde

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
b47f31265e261b1a07da46ac76ac7d22

SHA1
c8605e62878daa177145b6872f35f1eafc2e8133

SHA256
f2260e8dab8c06603ffaf96f29dd680b4ab2be0391f9b3a2c90bc88aab081cd7

SHA512
55326c18fcbb8fe94c4b6360b27aa8e3d3c184e9e19cd6a15447f3c332a7f8eca2b1a7c004004149031fe15c44e46368447ceccea02b0aa7b0100d449996f2f2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
7decd5ff03282ab9acc9c66ead61b968

SHA1
85b3bdaf5d13ac57b362c93be0af2848dd93d9c3

SHA256
6952feeaf23dfd9f1784c8c675063db596ea3d9ae35d6efafbaaee265c86584e

SHA512
55a0f052ca1b9323562bd396f7f48e6a19fff5429ad5d660944701721a966e36c80e17309a56de1290c7b2d3dcd47334109060ce8d23dbc72ca6f2f44b59ef96

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
f409b1093b725877abb76c3ec1931e81

SHA1
58e10df488afe25c8fea09b3fc3aebda3cb34fef

SHA256
6b8f94c4e78546c62f436b646ebbb1da3cb2103cdcd61a58805342f197c308ed

SHA512
8cc1f0cd8fc674abb61f3b4946af96507f54e72b7dfcbb78db50490c90d962604da9aef1f7b5206eaf28aa7cf8738a0975ce818aa27e701c76c846e6f6f89f7c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
57b2696420341e66ff82b49d6ec4eb1b

SHA1
a266d4a27a38fc31551ec4b8e5ea2c985e9e4d12

SHA256
23c0526595c8206aecd8707114cd74ec3d190d32848ef9a38d73550fdfe2026d

SHA512
cb8475c694bc2c66e0b7d41e01f27a293cfaae85a0f4dee1f8a7d772c094b2c76481e52a20905055c3630cf9555387b6ae1ab6b6b243035b3670fba2bac25922

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
5fae50a02a42c2dd269ff2eace1a25ef

SHA1
fb73869c53c81b662d09f4601af01fae9fa970db

SHA256
cadac43a45a5d1a355f218a06aa970d84d22752f597942d15fc6e9e029fb2b7f

SHA512
fb37dd0d6552a0604a1f7a37205c9708e076515b8b323e71a15c7aa2fe7aa9e9b6cd941e3202495e9c72811a956103c822d426da5743307b6a67b253c0bb37fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
eda3cab9ced4a9b4fc04ab1b475376b8

SHA1
66b1023880c86dfb5d6b98f031c112f571fd7f88

SHA256
33e3f8cf3bec08a579e56d6fa47da0d96ece9bd25955f017d649e584f99c3b10

SHA512
8cb82f6d450462f97e2bd623ff910098bf3d385aca09eae184800f037ba618550592cad2c0cd51e28cea5edf2129a2177fbd46c42b4e9532b6cd9acde8dd6b4d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
abdf8a1281122e48586d5c13f21abb1d

SHA1
a9ed881eb2324058c9a6a91842332d6fe440e3af

SHA256
4e8f94796fa0dde72ed62e97ca3b60fe37e94802b9a8c6cee68b5d0bad0eb3f7

SHA512
ddde1a255308a7561dd524d08dffa3db7306f0b280fd4b363e7c73fe84618097cb6d45fadce94830f5cdb0a5e55f30f262e05019ffe84a7bff4025a4bd9d24fa

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
df8224345f2d6782bf3c7995571ca235

SHA1
483b7bf265d0b06f538aa35e26dcd535de51db26

SHA256
fa0c9bf62877451d292812093dabf9af5bfbbbed8bd4e3c486e2b56eaff9670e

SHA512
76b092476ca6b944b7ef221915970d782ab2b4cd59fbc2158e71d6c825876978d286a7f64998b6ee4f7b0369ccaef42ee051715879ac4995b5f42b680f06ef9c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
81c381d7cbd1b1df3815855101df6327

SHA1
181883672998794334e7a4156401c55f408966be

SHA256
868d66d69ecffe1b4e35a7eebc1a231aa60ed597ed174376590d0fcbf9c81678

SHA512
5fc7e8df0270f62b870c1d8761d381fad0c2de9510edc5fd51a4039a9bde93b7ae4ffcd039ea2b19bdf9c7a2e390ccefec7b7715356fa4d623f5fd21613dabdb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3279e308178e2b88252d2d1776b2048f

SHA1
766ab8e682550a6f2076c55b14afafc6808389c5

SHA256
7b05f91c3c78a3c1f869d584025ffa2cef8fb248be7ade9517458b109dcc188f

SHA512
9cb3ad6066ad0a56d10a6080a6fa51158bed69be1df675b600a07cd541517449d1abbec6b9d8f66c0143567a728b7ee9dde85d80eac5f9f5b34cffcfe957a800

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
e929cc87c982e784219a221a44a70b7e

SHA1
bd0c042e3d20fde8d89025da7a62165f4ff6dbf5

SHA256
508dd2ea979a935fb27da889dcc765f6350312052ce8c328e95d1f8dced4129d

SHA512
d44feed0977321365f9d64ad4bb9e0758b71a74725dbb33d558eb4a7b56a7fc55785ec950766286e16859721afa0076c5b49f3fc9e89bd3bf81f059191e45132

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads