xorist | db361bca86d4798443ecc226f9c6366ea0bbf50125fb0b80d3d5463ba5ab75a8

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Size

7KB
MD5

1e793474bff4e7b93b8fd009278845c3
SHA1

71a32857228842dc9edbc28b254fe1fd78666a04
SHA256

db361bca86d4798443ecc226f9c6366ea0bbf50125fb0b80d3d5463ba5ab75a8
SHA512

e6018182d01365eb4114a0e791cfc9d80f5b0d1343354589448f997db1db2c51c455215a31b88f1f9a8aafc5bc290441632e33732de5e80bb86dfa5c9e527131
SSDEEP

96:l/iZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExzsXirSA5JZgcIv9C7n:lizdrr1FG1WDCgmjPZYypbgV96+MUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4904-5561-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-5602-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-10035-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-10874-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-11211-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-11212-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4904-11217-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe"	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_cdrom.inf_amd64_f08f2fe1cde58aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_e3c6d8265de5138c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4904-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-5561-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-5602-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-10035-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-10874-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-11211-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-11212-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4904-11217-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-white.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-200.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-125.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-200.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-125.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-black.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_myGames.targetsize-48.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-48_altform-unplated.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-150.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-200.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-1x.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIF	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-20_altform-unplated.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100_contrast-white.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_87e6dca9129bc4b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wslhost_31bf3856ad364e35_10.0.19041.117_none_9be21f0ef860b570\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-tasks.resources_31bf3856ad364e35_10.0.19041.1_es-es_24764865b981c233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_regasm.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_f2ea992c585f60c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-networking-..component.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_98f88aafa5d20e90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-uevwow_31bf3856ad364e35_10.0.19041.1288_none_c652bcaf4ff156c6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\SystemSettings\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-80.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ket-win32.resources_31bf3856ad364e35_10.0.19041.1_de-de_d94eeac525eed496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.build.utilities.v4.0.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_9309c56c5bb534fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_winusb.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e43ab534d23d84d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-150_contrast-black.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..orerframe.resources_31bf3856ad364e35_10.0.19041.1_en-us_0969be0692002ae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_6e688577a32f8855\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.contrast-white_scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..el-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_b11b8622dad8c992\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-label.resources_31bf3856ad364e35_10.0.19041.1_de-de_f3c7f2fb54abac37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeeula-main.html	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vp9fs_31bf3856ad364e35_10.0.19041.1202_none_7331c53ec95f186d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mdmregistration2_31bf3856ad364e35_10.0.19041.1266_none_9686c16e93221088\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..vicediscovery-dnssd_31bf3856ad364e35_10.0.19041.746_none_0c5f36e68a5527e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tion-mgmt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c26f2b2c4036a894\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_rdvgwddmdx11.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_389b184d6d600b2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.appv.appvclientcomconsumer_31bf3856ad364e35_10.0.19041.746_none_4a2dc3cbc7724178\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidcfu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1b37a826190aa269\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.19041.1_none_b966db02f9ad5206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvmic_kvpexchange.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9339df0b4cdb44d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-100_contrast-white.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..alservices-allroles_31bf3856ad364e35_10.0.19041.1_none_19997cf2c3254796\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-httpproxyhelper_31bf3856ad364e35_10.0.19041.1_none_c2b8a8d826eca989\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup.resources_31bf3856ad364e35_10.0.19041.1_en-us_92d5e8b2f2f67484\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.runtime.dura..nstancing.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_a78ef2cff17c659e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-management-..e-workplacesettings_31bf3856ad364e35_10.0.19041.746_none_7e689cb64b925d91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_it-it_a1e0902bd2b3e74f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_ipmidrv.inf_31bf3856ad364e35_10.0.19041.1052_none_bef8a6b7672fbe73\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_es-es_7c1214edeff23f1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..centercpl.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8700cf93b722d3f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_refreshServer.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..nt-extupdatesupport_31bf3856ad364e35_10.0.19041.1288_none_a2ab1a53a8015ca0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iconcodecservice_31bf3856ad364e35_10.0.19041.1_none_e77e5ba35dd28918\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bb0d3822d84626d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_gpio2_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8303b67d40b34515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6d58070f4284e576\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_10.0.19041.1_none_e0dec3877978d84a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mbtr8897w81x64.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_349690eff7986a90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnrphelperclass_31bf3856ad364e35_10.0.19041.746_none_cec77743c8946ec9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tion-relaytransport_31bf3856ad364e35_10.0.19041.746_none_1ad1c2967b0d8382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-lockscreendata_31bf3856ad364e35_10.0.19041.746_none_17d3b6c9a66ace77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.scale-400.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Alarm10.wav	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_de-de_0c20cfc1cc507fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_da-dk_c2b1ad4ca766b8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.546_none_b72b37b884665d49\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.153_none_e95531bdadf3df5c\DMR_120.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.19041.1_es-es_3942792961e8dc22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..i-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebb5321ce49cd954\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rtworkq_31bf3856ad364e35_10.0.19041.1288_none_6d0ac611129c912e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b1caf9dd45639661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\MouseSystemToastIcon.png	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdpsvc_31bf3856ad364e35_10.0.19041.84_none_165910285339e585\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe,0"	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3Mj8k14CbmFIV28.exe"	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YWOFEWMRQAYZQVA"	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\ = "CRYPTED!"	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\DefaultIcon	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWOFEWMRQAYZQVA\shell\open\command	1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1e793474bff4e7b93b8fd009278845c3_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
c2d5dad36478bdefe406ff1d71ad8cf4

SHA1
14288eb4244148adceb883efbbe26ed552eaa434

SHA256
f8cdd3a5a07900c4b2db939064e2d1e308ade5f7ee7812c56b7bdd9625e4a5e9

SHA512
d361136173f8560bed473cc10116f32336471211d10ec316a7c06e160129eea957d982841750570fc8466b762a3744e58c6ba7812a1170add343ef2ff524b670

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
2bffe5f5492fc1237a13c34ebe2d3ac2

SHA1
33f4a25b6034b5c53cf6bbdccad649fe2c8755f1

SHA256
04e711d7feeb0795af83702fa04017f6783b8d1f1b61ec97a97262eb8daab97c

SHA512
8e0e972a57460c607770718e65cb047dd56425206de84832f8678f1184742fadcb6ceeaeeede2e2843cb44c84651b4e7333eb905409148d5822e602d3b0a8c83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6dae070bf3c12038328ec0d0b4ef8f66

SHA1
74cc8cab7b16a72eb445120d7235eba2348d5d22

SHA256
090f5df55c65f92d062f614f36843a27c31d47e19660f1534cc891469d1ce1d0

SHA512
4f4ba2a2b434bd4910d94a84e6abc976ea6b6fa6d1b2d21beadf50f763ebdb5775c8926187ffa0ed2125db7fd6f249a160df5d35525129b055172ea1cb9d9406

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
feacff524b06ff82156a4e92e2eb75b1

SHA1
f0f3cc59f3fec65c9f89923e067133a4ffdaa37d

SHA256
acd1ba0db2689e7a212565dcd45add9ee9d26b70a2b18ea5f0d38810a8c22be3

SHA512
94b3089e4a722039ec88d7d225feaa7ecb533388da5b7a67205b543451ba5e40613924f44d15d6ebcd510cd4787113ab0ed0c25dbe36967249b3f9bd43c8aa18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1104e936a5a24231e93b26907d80d6d8

SHA1
9bce67a3b4c26fe3f1083f1dfcf9196c0267c807

SHA256
5a3b007f8b03df36beeebcb4ac51a72b28075c2e2979af961b057955e4dcfe9a

SHA512
27a36a15bebaa2608d71d3d850a4967075409b295fc4f1d90638da30398d00f62c4694aa6ef85fdf6de395f7fceea68cbe46a35d1859f1d4f547c4dfa047b541

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
34cb580fb83c0e2f60d2cc7449032304

SHA1
57b9414df6785664446a4ceef2d4be4816fcfd39

SHA256
1167bfb18fee5ad4836b980b5b83ec4983b4599058b10d8790af74039f1be280

SHA512
f5c558dbec90f20362f777bfed3b824aacf9c0e90d9e0ffda93ddda951bb2d4808c74c50e99617e9961328403b9ae08b95437f34f1cd106ba82a9418c263adf8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
d27da213a7572a5eded6cd73c994e057

SHA1
2d3794e24eff9752bd9a52eac557c1d0dcf0e1bb

SHA256
220fde1dd6ed6c4fa7db3aaadde2bf57c8727d82d7c9601596a6789c30c21f0f

SHA512
f4089aa3039bc6185e8d7ddc2a17fd62b68d0b890e7a96a15d5e804a7c9586682a0123ca83fed49c82a34eae8c1671537a160faaf59366bd2a599dbdda75155a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
7cc0f43df2f2923392b4ae3a903953be

SHA1
12b1e2c8b7e7a12a335e40146338e32500f4d8e5

SHA256
32c3b7801d806304bf4f8b4737eba0180a9dc80319a8e326dc4ba9ba0ca0e01b

SHA512
9a9b2269de954ff978d448ab9a3b4173960cf9f879a85f966afd82a785c628ef307d2e4dc201b6fa91db0dfa6942f70ce433de313d27eb87af272d35a4aaf36b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
37fb38e51fa42592bce53882d98e0675

SHA1
dcb515d4877a90d2a625a35adb124ea008924543

SHA256
e034615a8f204358a8f3d044939eba5d5cc4b9bb3bff4f1df02eacfc161aa79a

SHA512
7fc8135f097179628669edfee80e4b7ec357070181d3af1b7344491068db72a17c6ce12a5e13ea36b447cd55a2f31c50c148a587250e6e6d57cc8e6cd1ff6e8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
de42307aa3874f03112f5573b66ee5ee

SHA1
10e6924add7dac6eb81a01c1c37f701b8858f13d

SHA256
d0e84743ab00fe88aaf6f8c6259a84f6d58cbca59bf15251c77420ab01e1ddaa

SHA512
8c11891550e8ecba1329d638db2ffbd89c0991cac4dd141f907ade6f8daf4c828042c267efbff033ae9933ac5d3eb0ff06b428d2ff178686a6191c38280ab889

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
8384cdc5c9602149da13287cd5c032ba

SHA1
35b341cb54906f4dea379ca63726b90c6c85d081

SHA256
1f648fcc3b93f88989c22c3a6e667e552a56d347b941d446be4382e1a5401220

SHA512
f42834d4ff952f257ba5835c88bc4f3a339c5526347a8eb352323363c7be16b0cb91214d69df93b35a196469fd768a72f42348ca073502e50b14d5e5313c8968

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b813124fa1cb25f035b38da015d956aa

SHA1
ba339972a6a1a4d48569fc5ff7417e547f7271db

SHA256
0d5c5fc62a9110be0e8725bcd7f0a0d39070d1cb550dc667b2c43ed95416a4de

SHA512
b6fb349b938d7c5fd68d38c98fc5bc19b0dccfd53610e5e4f5921f52444d367a80b69a8274494d09813be4d3085df9aaa4d5852d101e5a2c60ce7c462da5d05b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
193b15f3c35940224486ae925c5f5b77

SHA1
e2b73b2d2908544cfb1c70d73f5472d43fe812b4

SHA256
c22183e718cc8ea8d16f407c1d56786c6c57425afd956bb5c249104e925f230b

SHA512
d00b141cb10117c3a9bde0691124b5806b21147469e06953350a13e9ae529660acf097d02f7aa0e357b164cbe31c9dc478e212366aac745f71e672f6ea2f9f56

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
000ec1d06bfafe4c652b41f09815323b

SHA1
f41ac468477e9601dfc98aeeffabe88285a4712e

SHA256
18d439edc9b0b7350fdbe4e8fbceb41a15c7dc84a72b327e0f8454a73d2e982f

SHA512
8a3ba719fe74a408c9afed9997c9b0a49278953264a3c63456741c153131ce5434e1d5ed69daee9c01f34edea667b5749da0bf528829d4d85095482b81feefa7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
545c76749b9981fb4261cf0545572cbf

SHA1
c2ba8d42cbade936075f39f98718826e4fb61dd2

SHA256
ace6ec0c18d50c8620156600f2aab0b17955c9ee00ebe5559dbd55893c39afc1

SHA512
ca5a77fbc9703a7d307841569f7e350742566b868f19bb5e600168957d6669db8b1815b5126585aaa0401a1ff5caf84be7a89e2b0730245511cf9eace940be21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
75e9cd19cd44fd8c2eef985530788842

SHA1
8f83fed063615406c49678ed05d1cafdfde0d86c

SHA256
22da22ae6645768782a00ed708f0377850c97a80da04d6683b24b77e02eaa5e3

SHA512
2c1f87ebf4a560d44bfe8cd2c3dcb7d72729be53266365c30af4646e97a4d779905ff9240c5673bbee9182658bdf6c243c2801f7bc79922530b0161cbd02cb6d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
62404ee15ca2c1c7f5a07fd5dd3220fd

SHA1
91530e03d1e92b38181bef6b5b094833e80fb508

SHA256
3a7bc617bbc03c7a7fbd631ffe0cd04e22caddc2f19d8495762ddd14a5862b80

SHA512
26d024c4393b5d774328c61efd48895b3216dfc8a259db881f8de645a4225c94ed01f7508670e34b841aa1c0c2f40aac6fda1cd58f912f98165aa40fa2c24009

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
8a5829ca9a4ea65445f2e7abbc08b177

SHA1
3a6d052cd446daf29fd9b3f73751c395f1a69715

SHA256
1b55965d027134bd87070a174405451eb287c0f7ef5866bf9c87d4fa8a1b038b

SHA512
532a501362ecfe94e47181a85cbd7983cdf099c6ec3c338a2341a0ae11a55b85107dcc3eb32a92d5ddd84bfb9bd62b126ebda74925f1b4b67be1f34f1ce471b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
abd4e6e569318863a4c4ca50b53005a7

SHA1
88702f4452d5ead992a6570e7dd828ed3cd36a4c

SHA256
9d77762a44ada96054ae726c91cc72f487f5d4b287b134ac38acba85caf839ea

SHA512
d4212010f98d1d8f77c4760add79d960dcddf8f555f9977733b0fbeaf3b7310c4b07fe69c5e8afe6a0a2aceb5c9f827e73394c52084235634a5503f3ffeab8a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
43d129871dc5e33ca16aa8b4e699123a

SHA1
fd03944f405070ba54045c8a5d0c266983d5c324

SHA256
07ed0ea3d0fdb0bbab625c1bebac8c9e9c647fbfc6144eb7b41f2ece61b32dd8

SHA512
089ed371345a61fe2486b3cc9ac4243aacad713b31323a5a5131eacf73c68960749d71395099dd616b782c37355b56c5ef9b4da11b4225e4f908e73d34260ba4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a4e3df6efe78deb0d852e461983ed8ac

SHA1
47048c31b3fb71c14eb651976796fb0ed8d05a11

SHA256
c3039f702cdd871d0da2929bcf1fdbf4c2a1ed3bc525817e02d1f937d715da28

SHA512
1a5b2729855e01cb5b410fffc61842fc3597063dad337b5801ff6c593726701bea45f385ed190e9ec5b77d83d8db1b27ac5da9d9e70086ab56ca495e538d766e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
3b51aa3ec60f40e4dc2c39422b28f4c9

SHA1
341374683f83df827ad915aa1dcc0e62ac32df78

SHA256
8becbed7764fe66247a1d0b7bb261985a54d5596a4ccef8ce2ecdad3121a3af4

SHA512
b3fecc75bf319de6aecaa603f7d6f52439e62df3329ebee0d6624878bcaf7db5b0ffbf07308ba8d2d71720cc911ef9dda3a5e17954fd23a9613f7cf103753c8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
c32678efd62da201c668c7fc2bed45d8

SHA1
88d85970b784afbb6ee6abb564538543817e2292

SHA256
d1ba6eb94bc8bbf83b27df0f4282b113bc6bda276fb8b283cd99e0643e5b6d5d

SHA512
ac9f75cefa790d14c53e154d154e8e8cfbe2073b5004965072c6bf16cc641c464823233ce8a57ae0c68a7031e911ec1d7b212ed4096bbee83d4b30d035147f51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
41a14675d19c1af4827ba484b963acff

SHA1
083132fb8fb774c0e6efc25f1cfd7037c013f226

SHA256
19fd94ce43f10b21d397e877512ef1d4545351fd7a847f38ae01d69c8d23e639

SHA512
f0f45c58ccd8e94975b0fca6db9bd97a9da31c990e36af5fe9ca07694ba2f79121dd81060710f7fc70eb82eae92d327bfdc8b89d914cd52c7a49ad4eb97567ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2fcf647be2299b0277d60ab5e81bf1fd

SHA1
b1df5cf877493f2532607789dae4af9b950a5e7e

SHA256
34ee5c1f07d60335a3301890da381baa8adca00b931e07fb43150aa35b872e9f

SHA512
78db061cff88a02fe904d7eef309745a208d776eac5c393ee0dcccf75079e5c8434292f3ee40754aace9b57839221842e1d99f3d56c4f5aac83de3af896d537c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e0b416f90b4b0284cb5e570d0f40f312

SHA1
0a06bb19f8730a31ff933a59720e113fd7393104

SHA256
8020cd7520c37357d3d21a59e5cda2a3ad1bb32931c56ff7b4ddef2aa91ef849

SHA512
23218e7ea476804d1f0f0b4366aac505484aa2a8be4aa1cbbd95a65891ef6ba7c907a23400202d333b88f79c5f7fb7b1f832562e967001357241c4877e959b3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
8b53585c1526026403c12ab54b25c7d9

SHA1
8598bfa28b4c10aafb94bd3944b787a723abfea9

SHA256
7240016aac05f345044fba5830a8c84837e90b39c39f105e0159de66eac8c1d8

SHA512
5bee421157358ae5dfa7e5794135c5d9a1abe823f69c209e9344afb7551921e5567e0649d22f4ba610583c5b04149963a53488314591036a5929c4e137c8da13

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
800dfd3d58005061bb59a148c6e4f55d

SHA1
630a892bc98cb038ad8fb277b3ae962761002af3

SHA256
4353bf849f6e427fffb4cd74f4fba4254f71e805f0cc6db41d24801502f0a034

SHA512
02dbaed91e03c24b5d2d452adc23326ee723b76865fb17236d2787fff0013843861ea045b2b92492fb90110bb4f4b9bd7458d16730a4b917eee2c08272a30d3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
096de800e1b14ca4b9c279b706f4d1b0

SHA1
acce52ede8c8927c954503bcacdf738a465ac05a

SHA256
b0c4b483fc88417fbd0fb25b1596e47cd447ecabeb85b6c40ae4bc281d93a42c

SHA512
e8775f7685a19e7d60c84ff3bf939b476bf7a1e3f54da426d717b9db94eb672475292d2bc38732487936edf5fc125f0ddb0c5b58dc40cf1b2f65d5bc7a459a79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
ad3e76345fdf22d4200ada0cace27bb0

SHA1
8cb9007e4e6a824841ee6bf7bf646796b0324506

SHA256
5a8d953c830bc0bacc6c50e5cce07d261505b36c1c96d642c083a69825b073c4

SHA512
b05a8644547618d79fa426a16680df3cead48cb57d04040940ffb7407ebbf82084c812d24adb23d9e9759eee774dd0ccde165b180b238a8d40503d246fcf0173

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
3c4b9812cfedeeb2b3db890caa8de5a0

SHA1
24f14f4537ebffeeadf22d01f4bdf78ad6ead05d

SHA256
c45f1fcabb78b6e93dc4347f50e93815e373f7586ea90d5ba85b390d0c552ab2

SHA512
b808e86c3bc383767ac3378b4c3735403e6664ae1c70443dfc8be8ff412d8f4277f972eed922f3051ad6c83054211e3ff9b27ddf00cdeaaecb4446cf85af1908

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
9ce8083522cf54847e3dc00e054e250c

SHA1
ed6ed042eef6a7e9e1988035287e2d5bcf6a556d

SHA256
6c1f76dc23183c56fecb12bba2ea655878b56706d643cf7c78308b16737ccad0

SHA512
1acf2c42d286acda63d51ac1905395081bdfdafc515f293cf42dfc3be01cb7233182ccb2978358f335c087e4a8bb623cb8351b9b71ac1a24faa2fee26316c616

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
6bbf24086c7c6efd92e186a49da505a3

SHA1
786ef3e396bad743b0de316f1a78cf7c0226f5bc

SHA256
5985370c1bb7c2b99e79218f01890b7a5fef583df502e7cd0b851b0a98f941d4

SHA512
b7193a0c25242c7e7672f389792dace03787b301e1dbd06d303c887d9ce501e5ccb7e842fb5b941439454b092f70cfcee429c340fbf99f70185926d65d0f7df8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
6913612bdbbe4fc1535ee557392c0bf1

SHA1
c9004c2fe1a25e74afbe4301775f75def5c09199

SHA256
f1fadbae542c67502889581e35a8a1b9d676d31f4dde21c5ebe0f974b5116f96

SHA512
1ef64c2b18da9bebfba82504aabe6a80280ce4edc015fae2ef427fff4b8ecba10e98b41715123942f974aa839093f8d3f91f7a27b022e34e588c9a05b75bf9dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
28dff84d8c4aa269572236eb87a14f43

SHA1
5887c4ae131c6eec9f40bffb6b341d2c3a6846d5

SHA256
4cfa0287b89073a686a8faee31786ae46511d9cafbbe7e8caf8c2a3d8a7f6ff7

SHA512
5c79579c1903deb0c3fa9eba8304af576a6884df1f56155532ef65d6e650ce20fa8379acc4d4277bb7298fae24bd2db0344fba98cb5f9d3fd015f57f256f26dd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
ecbf478d2c69147b070d386fe07b185a

SHA1
afc77983ef0a8020901e854279c667f0e816f3fa

SHA256
be91a510b9205a3113612940b3eb799e3be0e210baae235847f74a0a73f9bd66

SHA512
69d3abb81af2b84637e0753d80f29a6147251f63577b582d898e63ad6dd61908365da13442637e6995ac3ff4ef48ffc0b80f34989ad3d9798c80907fe9835cc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
51d41abac88716738fa66e2e48cf8414

SHA1
185f83183b1b14b18363d6f7b5f5fdf11d86c7a5

SHA256
b253e554aaf6318ec2ec56694ecdbde701b83d83d2aa83b892b0e53298b2a7eb

SHA512
ebac40ac1156b3ae9be153592dfb0cfabca5c9790887abd77b65e1a1fd72e2aaabfd9aa605d743a9a3f08f74823bb986eb4a3841965c887588fad7ad5adf698c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
8246d9badbf957d4dbf66cd34e769772

SHA1
120af3d311c3ff08d52bc7fbe6f309a44119d93c

SHA256
b13e3954117dc0c4d5bf816acafbb193782c8c98a5a3d2828fb652aa5f2e3abd

SHA512
ce5bd312db6a75f86138bcb81d04ab1f70a8dce9213c3836425652a94cdb7232739f2731b255f39b30636019da90c84d81cbd21e2161112c29017f0bcb9ca91e

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
343B

MD5
1ae7de2b41041af2ffedc29f60e6e1c1

SHA1
63969a651dc2d2aec18aaff8c86acbbc3fb86b6b

SHA256
534c8054977ffcd823939e2c00ae7f72a5b153fb564bb089ce4b20cf3af49d14

SHA512
f3f47d138ce2ff2e0b6533f613a078beb1295459c20270ea8f31f8c4efb4ac063ee6a09852ccb4a03d450aa5c7aa89780cccad480f46521be70eceaa5b5cbcf8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
59c648fe2cbfedd1140dedc3118ce680

SHA1
b86c936102a9a2440961406ced685948841c3b35

SHA256
fe59774e4ce28fc9bbd765319f2bcc577377b8812c28580a2556ea33cca13a8d

SHA512
3e7fdbdde4cc89c18cc4ada839ba6f3c406cb8d6b284c43e3bb7add24709b4b4ccafdea709eeeb181ae754904879d5dd6b458733a1f0fcf5081befc8af5f8379

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
e0f5ee53120ee8acc255b477169b9b94

SHA1
c47679ad78f539153c78c1451b302a24ad737d87

SHA256
2af128a3bd43acb8b1211ae743f79359f19874d7365c00309d0b9ee51f4c24a7

SHA512
8f7d1769a3e4601806ad93acdb7f010f3fcdc1767a49cc0d0ad421f7693835a1c70c3f8f563b8113bfe3fc25c356d7447371ae56baf46da09c4a5b5cc8676a65

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
c70cc924c44c2bf78c00d5caf30bd261

SHA1
0bab77c7fee6dfa795b722c5c442173c3f169819

SHA256
6dd07c0f3f09c3565b1a22cd9987e5549cedf958b523d9dd337785f94c783396

SHA512
19fb1ccbd5471e0e405fec0994b8f012d15b92c180b3344cbe562c22367c4422f08310cf59ee4e4a10c9ca1326d60085d94815d77811bce71e5bd698af1ab1a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
5cbc976f3c776bd07782eab900061eb5

SHA1
558c178fdcca40268a43d4df29461b8924c736e2

SHA256
900e433d436e201735cffd9a2e4816a1aec00fd55a91c8ab0102dd70ae46ac2a

SHA512
c719827fb9583bb49a463aecd204b3078d3be2a5e4886b1ff50b1d68ea50e6011cb29df705f3c7014a54a0938524164a36f214abb6833a7653cf2318f5631f41

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
4d63af1d9341b8f7027ee9dfa0d2825c

SHA1
c13de8f1d32c714670536fbae422d362e5cbfa9a

SHA256
a70882db5350e5662832eca0130937f2ba4e95e1a56c638dab605e6ff16cc30b

SHA512
c1d159cdccab1658c0ec099b2e459118ef820a7f31bb51f67b95779699f8086712e9708ecc38825b6d8f0f3f93e91dc54fd10b21ffbdda7f930918880200d112

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2540332888ba31fb7c128d1855f55e6c

SHA1
ae7046a7fb90bac3621bcb5a4d88364f94dc414e

SHA256
119f37b90b35f07ed9f635b92b16f1e9e3545c1af3fc29c8000db61dc756a414

SHA512
cfa45da61a09f75d1d86f745e4b4f20ce4f312144e53f902add729bafd0c042014694782934034a699260092515f607ea88e9aa8637ea7b9a64ecf5fc13e43ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
20d823f9321b5093e5a04d30f85fe37b

SHA1
8d560cf504cd5b6e421f0944cce3e66113dedf48

SHA256
ea1d00a35ac45df18f03706ed68b48d826d36c0b26a84457c3b0e13ce4ca2c7a

SHA512
aa894ff5ae2fc25a794939459dd68584068cd2ed3a5481d2425b1d88c89759d6ce967ce9e6e8ed7803fe955a21910bfcab5f5822f9a3521e6b1bfd492800b4b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7900261d9d32e40f91d00dcba4d755f7

SHA1
ee54378cabb785c3ccd3f45f849de5aa1d23ee14

SHA256
2f7390e32f007a650b402334e93b3f0f6b22a02fd7be02a1dd052cea30826dbe

SHA512
4cc77fdd891020d7e2834ba74cf02fd8bfe33391aac22ae59c55817b50592b538c09247e61d8a9ea37a4d8429c0a31ce048d32ccef096917f45609d98d47a2e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f4829ab6dbb6f01cc078cdb63553e0ca

SHA1
7c2dcc04874a5970319534076ea35780c8d6732a

SHA256
4a682428e3dace505fc5136f46792fb3f630626b9818045e237398509ea45ba2

SHA512
c54335a9b76d13ef53a693475ad4187860420082d0fbf530aa0561d9a7ed041a12edda449b7ee029ef101cd3c27a10edeaa4f3a758ede2615bff467fc414e75c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
69b73d77bf6ba82299346dc929bd8543

SHA1
9db5772943425bd4ed0c45c784ba1a79bc2f2e3f

SHA256
cde6b008bf00966fd996b4403e64077604bade86c80d2c2de6496798fb532688

SHA512
e59d3e03fafd35e533d22ae2bccea9c40cb442a7fe1b8c1212004de8daca2254b68f79d45f03b24aca3d4edd0c697949fcbd5c08068aaedfa2f9aea160d59199

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
165dd7b9bf2605cb6a6033675528bcaa

SHA1
58d9d9bba83e6facc6a14ce18270683c2b4e2099

SHA256
bc78773dd94f45eae3521f28e90f2b5e4048049bf364532389d478f5eea90701

SHA512
d9c8e9786d2012088264c324cbbf36c566005a6ffc285584e494f778468b669b6a941e7f31e86575503bec86675ff618bb5aaa6a918e95dbc5a16f17d1536df5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
ad4eb5d79ab61c4f6900db9d459dec81

SHA1
30ddab2cd62a65699ba98a6b8de484123606a766

SHA256
e399ccf8465d4336a18dd6c55da2fa6c87003c9aa96b18833a37f7a4ab24edaf

SHA512
4d5412ab48900f9662e1fcd4a662d867b5445c96979f38d7dd99b9b25aecfc3fb3e7cdb68da2db935f927210acf7d3ef48a6577d7edfc2ccbb02fdba2ca1bde9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
1e669a07ed5127c8da405d8d08148241

SHA1
460cd5f4a2d995515da7539d3f25ed494fada0bb

SHA256
59a4720976bea23acced146b38450912636494226cc8eafa3cba05c44a507a7d

SHA512
4c359cc6242818dd06dbf27f55c1b230ec2c058b2ca2829e581fba72c0561a954c9e5c43805c16ccec98cbc5b1957818bd79d1fb4569f0d49861b9da0a741fce

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
62bdbc2ef0378e4efe8f7b74a7d58926

SHA1
79b5b1cde2f68c25b329203719155ddf09226af7

SHA256
22945da0ec283253423bf4aa35b110d003e5f2419310ce9a9671e66ae87ad067

SHA512
83c065785244290dc1f454cc84a0608b6c21192ea5de847d45601f6726c6bd0400bc4a14fa9cd7f4f35f6e676303b734ca373f4bfe0cda83a3104c3e71a0c68d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
a26edd86b6f83c6354caf44cf14f33ae

SHA1
34e7863498ff0fabda55dc7f5c5cb67f7d245451

SHA256
d6f47ea40f53c2a338e6c92b64c1c611bc79dcd97766bcaa4f54e718817abbaa

SHA512
b5e5b77554aa4d1a43f32381d68afc73bf0a4130a1c301442f0c8173270ce661ba1ee8e5003e5eb7aaabb3a7968db3471f0e81b82b743ec6c7d397bf01156bd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
826bb17c5cade945cc34945778654888

SHA1
9e805eeb0502528075ce85887b764c0d292d8033

SHA256
0d11f8dfb1a4fc3e60ca936cc2429e257975a8ced035ee3465645ce5960d9fbc

SHA512
62776eff138cc5507ebd3bd0d1741c8b543cc844c716913d187c16f61de8327846ba69b518d2242a035051efc3e557412895a1cd133aca09eff3f497ff133546

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
62924c72a197e5e80c988592893e132a

SHA1
0158b148f2a0f7722cb2fe1a56e7c42b0bd1ab66

SHA256
b6868952ac5b269d6b1f04ab8eb7b4ed35771e0f2f446239e4df78b38b99ecae

SHA512
1681dee5c3b9175161e73ba14e91a326e11f4b63cc8708c01a51f87c293c42e50bc008af8ecf69ac468b299459c8d69992d8c366be6062d3d800c0736bf8873f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
988b4c25b093548981a4448340506646

SHA1
41da2976f8d579e0c3899f3e10a4fb6ee5049a37

SHA256
6f20d520ec0a428beed148eaff990dc28446927cbaf162cac582d120a0cfbbfd

SHA512
e09a0237b96d82d363fccec0c429b72f5c04e7a6e2b9a04235479c25332eadf12173af22c95eed1242e00faeffab5c181ae7a1e3e42836f90e7c339a808baa2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3abf47e88c63441a49eb05c10db75c69

SHA1
a5309b63361f61aa478a6370d7a9a862443a11f3

SHA256
cb367705d8c142c33ffb2ddd23f70b7df329047ec21f4f03bb4329c48af12dbb

SHA512
33f65640a42d578e80d83dce7ab5c9e3fbe3307557973f994d3a8b1ceee9540fd61ed54ee7a41f2690b43f7987329ceb835a512aaecd413a02393f3bb0894d04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
bf1eef087179cf52b917733adad79c50

SHA1
24f4b6d790bea1f6ed57826fe2798f12f443be49

SHA256
cf23a3b05d037fede3fe9a14488d2c3dababc86e1ca869ed1b1ab1740dc2bf31

SHA512
5b3e796dbe63d1249f351507e8142a4c2c0c35d1b41fe9faab97df7459f3920913137cfa906318693e7e87e563d42a92ef409afbe8546ccd52f9b5020efaae69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
190d4cb623396b53089a8091789f0263

SHA1
8726fbd84febf7e7572cafc3748b3555aa70de99

SHA256
cd6e1c37ef1a10d743321c633d93647752db056f3b2f9b09ce66ef8e5253e1ca

SHA512
a254f744119efc912245362dd4db02deb4e5248c650b6d63f6097d90fb464734ee2f00f5dda157df794d359152a5283545c3f7273b89952236ec3c8b0dfe9e51

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
09e10a5b86e810e53e43cfd23e51f266

SHA1
c78c46fe9c62d8364efac1adef1fdf4852b8364d

SHA256
9c555d2cdece445cb81e8428b92923226fe4355ee06a52f9725b507c55d7b07a

SHA512
6490b6cbf00ab7aa69bb65aa048f726093e0b60c54c6cae6fc3d8b0a8cd0e8c018b50d535404435c5eb0ced9695aae315881d80fcf01066f2b7370efcaa498c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
7d2e45579199edacf5fb5f6015132744

SHA1
08ee6393b4ab3ba85b9a8b6372fb22127bc9489e

SHA256
abd7ee7c2a97d94435a906ce84246694fac1da20b085f5700c12081f88075d46

SHA512
35c2d7b6e10b3e35b22b3c777df81f32c1d66315538654a03f03c16706daeaf8f3261c4e2d01dc2774fef8db652f4ca1b4f25c47d7d82f33ee5bac6b10264d93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
f814fdc3d32f86fe4891020da27d0f67

SHA1
5c03eb27f1c18872a002d0c13eeb08f709a88f53

SHA256
ef4c34e13a28c4ac17af99d70e6d196a091352f731350dfa673a60464d6ba215

SHA512
26e5d5e1a489c9ff611a43036a82b9131748dcdbf0124c86fed5bdef5fa975349192c589bf3422fe441a371ca8635db4ac6fce1eca937d63ed82b2069ccf76e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
940c330162490789beb579fc7e933daf

SHA1
6b6d56331725edc4c2d736b18c557095ee64c192

SHA256
b1b77e7bcdb7892b0fcff6d2f1114de696c178a1fda7cdc0a17e6c0b623ad8f3

SHA512
c33b75a9129d3307a938116c1ad391323e988dd9b355f8af05b3a484aae95896f397fe48d33ef5d711bafa19a07dfe156ad02a1f56715792fb4f42f0a44a1f44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
538c65e1499145038f0960c6bba8eaa6

SHA1
27f3bf68d6c88b3b0a70cfabd4651af9396f55c2

SHA256
8945d18f173b0c89b58a7113bd9547dfd4860203599943a6e735f8e35b705f1d

SHA512
7ba40f31551406744949f3831484f599ea84cf863bb6a68ca4a8fe894111941bad3b116d7f005c92b3ea7380a4373ef12dffb030fb76b9ca30551ce08e4a11f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
4edf2b87f8f7754b69b8cf7ee8d92f02

SHA1
1a35f46316cbf5dfd8b3a44ed003b784b93af621

SHA256
39943863af1f4c42dde6c56ab5c39393df45b66705c9c8e458ab0bfa16f52feb

SHA512
43681233a0ea8131e40b2d4c99c0b3312afa23561dbaee971bc85989665e5194266f633f22887d4b4895f40cbfa23f0a405b92cccb86daac271aba846d7bf47e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
cee331d6be0e7df0bba253c013d1a1a7

SHA1
509fa6a8f0a50711a27c6df71b359a122d947571

SHA256
18f5b4ff443cd0738eca24c447ff0867278ed9919984e716fe7b1d5ad6d8dd07

SHA512
17c08d33d84d461d31db167f36585487d9ebb58380007fbfcf9c9d072ffca22459f9aeed50fe9c88068a885fb704454db28253bfccde0d40f7c49eb43ecb3af3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
79e3c7d351f03aac12cfb2dc977d60a0

SHA1
774bf639372f746dad2abf2732c81d79f85d7587

SHA256
2f5264a90066b66903eb477ac6ce4027e96c2603183571241e60076cc88c44bc

SHA512
1fcf43916a62ba3df74590c72f09fabba1d20081d63d6abddc55fb9ccad5a1034f871fd0275e89b920f924b43e4b95703423eb1f4735cf5020da4a7722d78810

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c513a7f282457583db11b0efd0519d92

SHA1
3863796e033a1781ec713bf21c40060bdf3c85b4

SHA256
d7b447a843710ffd3ce1cdc89575212a1df223317fe12c4ca228da1dde2f6eaf

SHA512
2aa8160e1d8385d9ab17e4863d3e3251f26cdd854a77342dbb5fc5b09847735613b47f3118ee843efd36ea25ce93cc097167c3ce12b79a630ab9449cb1e3c0a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
ccbb01e3867d75fecddb80089907b083

SHA1
89d733572bccfc79fe14f17c15db020a78f62aa2

SHA256
a77ff122e27c3975b587bb988941e2078e0c0af852d112312d32e685c0e24053

SHA512
aff2a994d35c939f5872fcf76cc3c3718ac66b3ddc0913520585912f27af6e3f2d900e3fe1c96ade1267e10a72eace914abfc1e8a40bb475bf7f8243809bb349

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
ea17d6cb0deecf39745478a133950aec

SHA1
409ecbb34629f4d89afe0f6770b79b70adad3030

SHA256
bf0bc81f74af33509f3047eeea567b983f94e3b64c0b5200e4b0894aac774749

SHA512
d293f58429edf7752ae5665f844c3bc0fb000f82a531db3c4c9fc2a77bf03a69d311d331d38eb5f304cd8548e89f4677cff376510b430589ffbe57ece4dca0c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e185fc2934d643a26cc4c2ad8a37f5eb

SHA1
77bb55f0538180c0dbdf79b518426b27ff02ac8d

SHA256
e1273e070aa00857e22be7ea0e3fa1bf1232130c7aa6306ed890a1f9eb3387b5

SHA512
07c5695f085394a3ca98e46805d94661f53d7370f84c19489e6b0de2b155fc7e94b32b8da55cbb3cc6c63effd76d478e563436c50820a571350195f01345253f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
feb07bdfa2ae14ab387b5e0be4765763

SHA1
ddca8f4bca993dbaca7d8b614612da13ca36cbae

SHA256
1ee6276b0b65de5fff408dd359d19d38d6a5c78ecaa851a7d74827c18b206f51

SHA512
ca06d5b657dac27898b04d15e6ec6576d6ab0b7ca821bc688a3a2514c1465b91913855e83e94fb4cc2e23b95977c9b75e9cf131d302aca2e6a3eb4ce9d650b7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
c7bb90ca2096640bcb806c78341b978a

SHA1
e9a44749eeea99c6d61d40120c5cc12ae625be00

SHA256
fb00e364561f9a756f609f0522f9739bddd1dd1eeb24b613a439ede06deec3e8

SHA512
38dc624bb9cef54231e76f10a99cc15538fcbd2453766c43fd108998b416dbe47a7458fa8f82f29cc36494854435e901a6f4f1142f5deab8e9767468fcd8b466

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a2ffb5210f7965b7e0c3197720f50a1b

SHA1
1fdd6202dd9e0d0b93edf0aad9402b66f9904291

SHA256
8e644033ead668bd5e273e05c4438d75fbb0c9da5041500047a4bc75104d183d

SHA512
0e3b130a4736ad8110b79c897790aed6b167cc1c741d2253dbd3859a69d61b05ce9342091f3de29174fa1cf18bd6323eadc2c0f0b0812a41077ab4e8375f83d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
35db3c676553c7ba0be1b3f9eb459147

SHA1
bdd509a732a8f5dc0ad2b1f2f23a70b37b3c3603

SHA256
f88ba45dccdfa976c225193d101d65f5e2f0bae0b8d6f3ab7c386d83d4d807d2

SHA512
1869992879b2457da41daed5d54b5b9a6eb98f323ed57c73d33071c1bb438fe347e05a7fee0ed76436d174545b7f4774f2ed4716e920c3945066fe3fbe08318b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
96de38ede98a3bfa66aaae04d8154775

SHA1
0c08d4a64b7bb208bb4ceb8efe5696f34726075b

SHA256
1796d791fa3899d5a788cd8bde10a100bf80f5afa4599a1f881be9f433bfe84e

SHA512
ef3ca3ef600fabd79c684cad5744adecee169959cceae187cb2a3b91403b8c7be8a6e245eb0fb2aa946d26a577bcc36820cb884f79c5d9333cfc4b46e439b15f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
2aa9e1b42f4dd48e06aefb0c215e4841

SHA1
f4d5f832c33dd873b2dffbc3db6d707615b9d765

SHA256
ca485e2618c9e0a680c220e44d96b432d0e0c7a6f9d474df0f77f2b0c35bbd0d

SHA512
8f7cfc4b5322106c103094a3766a59e971b401b46bf6cdc400c1161e1b9f724337139d90f87c22f30e42b1b217a4f56265f89e509da686df1a6c05bbf5cfff96

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
118fa388ba5733ddd3b68c8f53373e62

SHA1
fa1e41f64beb2bde22bbba6e0092cf12afcfbe5d

SHA256
7e02af8d7f29ba87e0ddf1acd3b10e6ea31e283c0c4345d063fc276e0c05e8c5

SHA512
5f9c5a97d51d2acebbccbc79dfbf598c62bd9a8291066a99ecd06a279f7f77ff85b305430c017bbbc134eb103d5e887040509fef7d60c351c22c5d66878951c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
4bb28c5263439ab3352303303dbb6b64

SHA1
cd83a3f2d6af8cae1a4c7494079fe9fa2c9035a2

SHA256
02bb599cbe4f169c049df5524d402086a80733645b28d16951d726bf30e6d4f0

SHA512
4e0b6bcf9c4b7e46fd230d6be9fc48f55c617c3b76e928c997c595fd92959c034e84a0a5096130a096eb0b0b93bf63d48430c77e26bb445a3b35ba42d7fff66f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
c85e902074eea8cd895bb44e16990d6b

SHA1
f8261e9f427aca0ce8a6822270d4e51d050d6282

SHA256
ee4c889f045da2e4ae7d82175e76558d191b9bf193a494fe93c87315b25fba90

SHA512
46c7c4d971458e7f1520cbc05e62530dc1ee75131e40f8ca698c51e13b3650737d702414888eb3aff09b4067e21c451c3e74e925353be848cc1e43dca07fa504

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
f7143d067b26538ac2ffca45aa2043b8

SHA1
4dc5d026ddef15cc55f265cfd0420f09d74ab3fd

SHA256
230221a7941e45253b9cdebe53f52ad83096785beb6d8624b55d0340533efae8

SHA512
8f9022154a9139f01fee2caaa969f4a08970f8cf361f9198fd3aae02c8bebed03cbd0fe204df92b91c2f65cf444ec38d3ae179816e20a172a8ee87b343410fc0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
48bcc93672d7c2de8eaa5b094b20a14d

SHA1
d9611b0667017165af5ec90a33a610676fa34cf0

SHA256
c6b1b7ca15593d5114e8fc89b5b1bb2b5b471adc8f101285c793a768fcf44409

SHA512
094166a76ae259bcc2ca50d455b291246eb866abfa7ed99462a55df69b7b1aa38c4ab63d4702514850f6689062c9e451b1cb72461bb52acdfd7b7289433fd24e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

Filesize
77KB

MD5
ee4ee35b455b5b5f2a7c4b62cd70e6a9

SHA1
47dabe9824fd60d4c0cdfa17ac5275f039b24ed9

SHA256
1f7bcdc9faa19b22dd18980890a98d391d4a912adccea5cec5eb585981a0b491

SHA512
1f434c5a0d73e32f2fd603698714f2361ebddb7821eb888ebbc3a6ec7a3df476bc8cb5c477c38db3c7e961ea54033a16b2edec6e981597ea6ed25296b1444a28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
b9f97132624ae09dc33a5f49d6c4eb8d

SHA1
4a6eaff212e747cb4d838524d8aecb913be76d8f

SHA256
fe63876258fe216ffd180c2b389e27777bb916f2e5fadf52ac6fce83c02d56ab

SHA512
1e737cf869a66473c0683c47eea88f0275e39c2e9033d3e79f009db0a20d4616a7c046a53685dc5e156f06816324d1b6d1c27e49454729bb9533a130004db3f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
5e9f0e9950cd86e0ef32828990952c7c

SHA1
219c107e6053db9bbc1335c2b8a5f104d7826936

SHA256
4f8c7c94e6b87ad5c3ae2def04dcd1d36df64a84b994da24493207df00ea2610

SHA512
5b154f6a439424098779cf95fbeca6ccb98b106ec983da69a2dc7195347a4f24049adc0f78ab0d7dabc6cd876df11cb3b642299eea45879a51e834761fd6eefb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
a5c08897fd741c52821e7137135bd586

SHA1
3115c263d395e58e78a9d192326547e30e15fca1

SHA256
854e49fd19edac298e9025dd3f4ea001836b3f28020315450891d34ea81a7cb7

SHA512
aee171e65f0362b39b8db597da64a67cc681608a8d415188577f043b81eea95a676c73ea4fad539fa44015dbeac962a21be12a2e636bccc1e79e2a979be0d6c0

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
79c6e8ffaf35094d44f6b5d15c5daefe

SHA1
55da80d9212323de3e5d96f0d73fefc18def076e

SHA256
432345a111d6807ca96a455996b6098ae46be97ae50d5302cb320d42a79fc288

SHA512
3849b13845f4a50c86284c5dcc5ea45e5dbba3253fee9c077bce702b85d1cc5c89d0e7a313d2b5c4619d9e7df2108fd44f745b14470a73320588aacb54f1a097

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6d31a8aabef010f073cc9e9b7205a648

SHA1
3575a61af9ddbecddb33e6b45db56153ffd7cec6

SHA256
8c78075d43bfef4cbc3b48ff2ab07530dc3d9d02f3808bd2e0873d2cd42f7aa8

SHA512
0a9a946018ecee2d6e899dcc154d3d1954ce03bd67ec2578be11d9611360a3dd974105c499c6c4943050920a59879a3d7e84b3ca9201048b477d0b750f645315

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
56a5fab3d46a78289a87a0e484a6a712

SHA1
d6a91a5774d2c4089c3f65606f3ef7264f34c20e

SHA256
cb2bb12f8fd8c6c82be9373830d4eee759eaecedd4e2401dbf08e8c0d09f46d6

SHA512
685dfaeb89308a356277702c417425717ebc85e0f8e541057c3a6e8cfe8197242231b3c18ffa36af0ce7e0a2349f0f0541ed740c8c86a7a9a144b12ff77c8bbd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
8f47dddde8ebe2da9c7d2a7bce902f76

SHA1
eea8bd3b60dc722ff9adf0d1bd7307c96ebf4765

SHA256
a18f72305f585d2a23629cff3550eaf27821d7183042cc173c8603b7dde4924a

SHA512
3da62aa71ed2d66113dd22eba2d040abba72cba034362b64e0a655dec34733300ea247df1840274f0ec12a0b8277c90a39b7f9793d11b384c88dd8a1881bb1a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
8deea690b28e4c7380cd7b6ff8f44595

SHA1
d0f8c8e6189a652431cdbddb8aec5c824f7f9417

SHA256
d105c5a1363cf7073ce0c340e1fcd85393f8ca15b7c8b705fedf314520bd622a

SHA512
604898b0a5f2923e6a6fbf49108b9189df6e4626bc56c4b216da42d8a5a28993f7bb386a018b8e9e764ab6f2655874d10f240a17fcb7b51e1f57c2769d993492

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
196ffada3fae6d3d3e8ae3ca71676a66

SHA1
89397c36bf2750a2438a67ee6148e8b9f89823b2

SHA256
74f6c7b11ac296eecc0c73b1c9cfe787c29e84416ac0f6cfed444f124f932733

SHA512
fae9c41dfe8dc0af6490b918932e0831ce94c2f685d9101a8daea5bcb9cc9a32a79f8800d179d1927abd143b88e49400cfe7c4d472dcd1ac30243bcbc8083d0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
723f70bf30a6544bf046d95e91a9a962

SHA1
09d57f7ebada847101e9f795eb21866d75a38ba9

SHA256
1430768b15b61ce265716b546ac38cbb959b3f810a24834a8c13fedb6281e4da

SHA512
d476119bce6d116b8f5e7b14b39a1d7a19cfa54f864d1c6c6e2647d9d788c66df7671228cea5b22192db66b822e306c33cf4f9c1a769c5e6ce83828ed258a256

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
a8ca9ca034a0c93eab5548f5578f5079

SHA1
ef292514e2cc4b25d39a764fe7ed76ddd1b31188

SHA256
b4ac2ca5922d53606f37859c983adc22e5eaa2d65c0d1e6bdbb3a27e296a3b94

SHA512
62e0a994dfd22950c03c1d42ce2a71e9d5637ff4bb481a24b21566ded26f8de228db2058484e2a14175f844a5e7ea809278ad98b2252ec1bdcf35994d4aecf97

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
aff307211cf1007149a63918dade65fd

SHA1
c8775783cdbfcb92f87a3dc704308c7286c90f1d

SHA256
76be7d93dd7801409f100b1eeb3228bbd8430d0a8b27a588d50b3612f3957758

SHA512
bb7abfb92cce32ba3e030238ac333a23216b9775a84a85f2c13c4fa22a8ceeafee3e2002ff077979c7338c7290a444b6d37c8eb40fc823b2419d2c8c9c45d9ed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
a604126017f5177d1812238c345aa4c8

SHA1
ae423efeed643d83cc3f2cabdb9a19cc8c7267d0

SHA256
b1cbb2c5be743ec57f2dff0d52457703bd971ce7d8bc7952b4e5c0fed3af64d7

SHA512
1fcef4da041f543dac17aaa532d7e567349164b45ee5776d4001b04e243fcad9da3f35ff6c567bf235171e9291fb402d6ac502d1a66181510ce08a198bca9292

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
833e62d200fa60046d8b087d9ec61664

SHA1
ff99714c353e7912921b106e6b0d9e00fb5fd6a3

SHA256
31b8a06e49ed1c8ac50092d888001f8382d3cf2056ba132d9804a6d5574911c7

SHA512
83f7a83563b992c8ec1a5709e636ba7c3aa1216ef0dc052ea0c6cc803d2a14880546a0ae7c0871a4df373d8a9a1531f33f2c7c0d136b42062380d77da87db53e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
3e97b748c76b67d0310118739fb545c4

SHA1
6295ecd8fcd4d42c09bb12f6ae4f4abf13ec94af

SHA256
90e501cf684840951c32ff5e67cee3e09bf534ecb4ed4f2082b520792dad9013

SHA512
1f0b4496a8d4474c0691259e4fc25062468047f226c14f2f7c72d1b9c2bae76caa2c33bd8d46905e4a1fd798229983ee81b2ab61378652a6012e9ca2eec72aa5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
1ecaf3aca971f7cd386283ebdf5157d5

SHA1
d5c8588dfa5bce64a7b51c3b8a3c0c9e54a6264a

SHA256
c5c3b20105e8b61031bf34ec84c12ac0f5f33f036898d1aa5de923ed0289c9d2

SHA512
1c7c34fd10316b872db5119f989605624ed89a56c0b36c2ea18de4d508892f92e58de330b5ebc33e9a5aafe6d49f3159c6a332452ad7f50da93d102036a84142

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
394eb72f51bfa0e039ad0759cba709dd

SHA1
004964064c8ca579db5268e17d4d02bed2915be4

SHA256
56e43458b11a23b9735be1d99bc5c08cc1eccd0bf74f7fdd7f1c325703bc3a27

SHA512
98245a7acf73836b78dd7fdeb744ba9d1141150058464da558a76c4d44a823f454a4663473561619176385f53773aaf734850dbebaf94e40e566f4694a91d9ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8abf5a81bf17492edf503f2120b2cc2f

SHA1
a97e130b14c3d5dbf5344977b046327ade6595f8

SHA256
4834642df66d5f75e9d9cee331c571febd3b5c579411b36cab9fc8fadc97e1a4

SHA512
282fd5af0b60504380b971faf5422084446df747e6df90544ecb35c048cb0fe7df4a2ce2fb412f147cc2e6df4db0d76af7fc3ce7b8da396500750f58cb16ed34

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
b90fd6ceadd1fae30c3723663cb94304

SHA1
005e88fcdb0152f8716b0a76ca936a4488536c88

SHA256
4082672ba0d732eab4b22bcf040d09f19b950e83fcd350e88806f6a67b61bd48

SHA512
ddb6cd9a2919f95d8299cf4577f54900a5d58752423b65722228cfe5249d93bafce098a532e1381754725dec3efbfbbed2bb4b219b7c3a11c09b2beda2af6b8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
f904f18372bab6103fb982b65eb0514c

SHA1
e175dbae5f64d6d819920313537720fa9db8cbb1

SHA256
3e41f88581069626545a023656c07ceb4727e9f090f8ea91beea835a42b55a83

SHA512
2808dc6405d1997e16b5e6c5871dae3b14de62ab02ffa7d83b2053c94b29a80009a009c0721ce930a88736a543c29550f31c650ba6cdadd7c419be61afccb120

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
6a3853855d48612cd63ed3314cd00338

SHA1
ee32021d6b4670ff75e48c681e20e7b76039f93b

SHA256
dd7e9ee0773864615d3b6dc7c72c92e32ce2e06ca6255dfbae710ef095e8ab0f

SHA512
b15915fe73a9932b8588ec3d1f948f15813d3ed00a72b90fef0a26ef0d97f8f8cd6a31469d857baf257b3f14bdfdf7064a6872c89e5db3d94a8afabf14f1595b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
f8d4adaeb75aca62f1027f8696a513ca

SHA1
162a6cb734e7ef6be1253e800392f6738ac3d622

SHA256
598ad4f31e4e7e10070ccbcdbd6325746469794db78b6d696d98ac9a5751cff2

SHA512
c43b0b11f68a7fcba7bfc2b2a1aa2dc72e6dab8ee99d28b055d4e655de7ebfe3e2e368cdaad15afe505fb59c1f7c386e09f5d9a2763af3e6ce99fd9c7c5ef2d2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
38e886aaba035c1e124c3a01ff56afb3

SHA1
21cd7070ba0287af9ebf50d5f0d81158dd7f28f4

SHA256
27b99f791a125009fdfe2b698bab8546021337b78e631c603f079e5ab9ef46d7

SHA512
240e05d85d088b5480b7b7b74bd4637621c7f57aaec376abdd718796d5fc7e7a6decf849743e6799532dbe4a6e060b7f6bafe4cd0e633b6259eef7e162c9aa0f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
5f8dbef4ba8a911e7ca380de4a1ff135

SHA1
e765174c5e7e51567b63c6dfaca5b05cf2947b8a

SHA256
5c3d96b189d74c020057a4ff567571afd7cbe8e3202608c321aa24665a47b6c7

SHA512
0d7cc40abe6ffc161ff099f62f2fdc52d825060d96df0bb33724e9ca4ca0a882582f784ff965470c6bbb2b5228256d4986e652b5396be4b8313e5378597abd4b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
cb683276d6dd8b75e90d44e359b2ba29

SHA1
39ec5fc1f24dc982a83b1fd8da861a6d25f5f7ff

SHA256
56d207f7391add567f5e7323bb16e27c5f7dac1effe074508ff41620e5ebb02e

SHA512
6b192a85fae9a7517ec96e4821c71fae787b82552ca9fa009cf1c6698dc4e50e1e1a49df2064c781acfe45afe9886e57b1d683065bd5c130456fdf5fabc6ec35

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
cd5e8633640a3cff0e62d30419a14609

SHA1
bcfc98979761f950dc084a1db7090e014d08e5ff

SHA256
1134c059cffc307a3fcf8997621f003a13d3709ce3c48c0dedc7024ffa6e9323

SHA512
dab8f95c8de7596d72dfff07438f028bc3f19dcf35a91d630eaff4a82c0ea424b5f25a7b627517c4d5abbfc4d053bc52ef5496d660ddd6f3f540291a8751b2a9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
7b26d1ec6fb5e570795c3f42b6598a0e

SHA1
48322a83168eb7af7f4b80cc6a0d3ad7e4d09f7e

SHA256
e455c568f5238439e2cbb32859033b1aa2dfcb6d7fd5d0e84fe0a5071b1b878d

SHA512
639790da0ff55de9a657aacd2a047d6185f174b0897be4a91bd726581027589b89697627d9c825356d60078b849db27b91675134f8fc460009f6c6cfb9496953

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
8fb81c26454b770fc2e06f73a7f6f9fc

SHA1
1a1877f56b11abeb8ebe197491f2f38fed788643

SHA256
8fc06716c9a88b39e322c5c2f09208b7b98932846219e06d28df9f45b1cd008a

SHA512
a32eed60e55db0b066f38ec0207a5fe84e0d8cbfe83e801bb1a0f91eba1c9bd8732692ed5cdf2a1dbe27fe071f11bc13f5295053001bee9b398b56cfb04f0362

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
5579e05de5aa6feb7c245ee25b86f2ec

SHA1
334b64cc3b675b6463f0a2844b4648539fe8dede

SHA256
6c1d124b99cc32459c9dbc672724f2f6e71d8d11f977e77162e7af89c290f772

SHA512
f827d80869a326450c39ae7c538a5e27e76f0d1f8685ceba69598ba793399fe003f75bbdc3064dcd1df85e54e816e0a57202cb4b01a8803eb1c7559c5f3828e5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
4f0a6d572ddd71e799947892549d3d24

SHA1
683b718dd11549dcc7758d8c22141c5a6c18f68d

SHA256
9496c2e86f348bad40290e9e55d157b09bb7a7bf2b7aa8e70d067497fed5a3d9

SHA512
013f6afe51baf93b8cddc0f11116d0093a8711ab9929141fd0e6c5c002c96b7c171efce1de350d85a6d668ad05230da2e1499fc34566a3fe6e50106e01df29b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
5689c149d9380787adf8cf130d85d4de

SHA1
2c45ac3e6b2cfa460e18b5226a448fc5f8b8b6e4

SHA256
bc7ad9f84fb504230c7ac250e10580b6f20b36fdbb4e1b7055fa18a49d394891

SHA512
b6cd5f16d3d3c53700dd832ebf6f1f26dd65009c3d86e0ee09c8f13808681df75af3080303e07b434018fda0d788d05210e50dca4f2c5c14114a9f07fae32229

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
f766be59c8b4c5d9237a35c921520d61

SHA1
0eb17a6b1cce553c865a90d3e15aa74bb0da23a9

SHA256
2f4f3d5093a1c6b7e33deeddb4b7d8e46dd85d1115865bad7d5f2f34f096ea1b

SHA512
16b74b504e86cf878e8eda701c5e6dfdaba637cdcf5da13e3c1aee77cc0a44da37bfca0c13992ad079a1330a053ce86acb96540445245c5b4315ae522fc848e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
504710437d88a5a0b523c8b61b6aed41

SHA1
39ff32e9cb260bfb1e48465cd5bed84ee5985059

SHA256
e4f2b7f906ef078ca8d0ae1f3b1b3bdf64f81c828fc0c168ee0218f1297f2827

SHA512
c8c4bebe349ef522ed25fe989ac2d2261ac82e429d45ba86d98015da7b0b20229e8e4507daad424fae014f3beb36b42e79c3b526973793431566eef4f1d474a1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
8017dd404269cd07d4760db8b09a40cf

SHA1
e044ce0e380ab17ccf5361e424ef989ca01f9597

SHA256
c77fc5ec8e87ee256d5a26f513929385c57f177f4ddec7e8c33dcb83d5cf60d2

SHA512
ede74f53728dab9cd636581fa9c534efffcecedb511abb2fac0d1c215b89a2fbb3de771c9a66134724460dedd705914757182fcc348598afbea6556f9c82311d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5a62c8bb85fb290eca263d98420a303b

SHA1
02510bcd3729bec700e0770d2c6ac9c33c22e998

SHA256
a8357c21012c7f0748433fec06a81247988dbb29b1def9dabbd581cdb18efdda

SHA512
3f875844964a6fd9a8fbedda425efedd83c5809f49fc2cf76f3a5483f536d33e0fe30ed33674c97ee5377d55a320c09384f87d9b382b59b908bb219371bfaaaf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
72ecc5dccd455aa582b119508089f2c1

SHA1
132d606479bbbc3af1dccbf4e9ae66aea34b481f

SHA256
12bc1caa5cc7dd32aae0a9a563fcd1f809aafc52a9349d426cd6ba415e9f0fd3

SHA512
fb3dbe3709dc36d7d1be79bf5a0ffae68d770f212373d877ae4ff5aa7ccb823fdf1625ea92e35cb316416e7d1118263b99a0756650aab157723b7e2e3d3f0f3c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
328ea6f1a6d41d156b79411c4aa39ee1

SHA1
15dd71695c68fcb2e6ec574f488982e40d6d951d

SHA256
cc9480df99b9e4df30a634bfed4749d7fd9edd881f29b563d57c8cd97731738c

SHA512
ac7dbf32fc428694910b74b7d56ee6a47458ff7a6e0f6338a77c9609ba2d1c57d628cd8ba76f85a858a4015c9a939140c05d9107cf0e1e325c4d5273147bacc6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
f931fdaf74416b4a27e07406ce2791b5

SHA1
815c2125641eafa68d22585fd723bf0869d5cb22

SHA256
7e33c2c9c17b5170eebc4eafc655ce3fc8dfb4c0e0786e50950e9827ce73a046

SHA512
b2b9194ed235889472678d43b08fffa299cb9d170a0c0f9425e479676d54bc154abbe464f5446756c9fb3d8a5769e7b7a64d0976917b75ce4924e07be3ca0e63

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
e9f84beab4345ad22d0e00bf794dd7f5

SHA1
3c8342be3a65b772fac68a22063ef95b5766ef55

SHA256
f80afbb1dc09afd1632b628e9c122a3d59ff7a85b7b65f03719ca4fa0de862d3

SHA512
fc3a8227178b19c58a651f8c91d6a9f107603ac5293989de8e3420986fe7825e79c1f63a4b0b5e984b8fd34809734cb4c0f1ad01bce679053d0291aa4b2ac680

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
5145207ff70d1964033f54b97e2be844

SHA1
c2bc15912fb3ef0a30885ff3f7d8f5088f99784f

SHA256
689101faac08e214596fc909ffaff83d4283d676588929ff3b3903d0e261d22c

SHA512
2670b82a3600442deccc1b24ff7afc9d8a5a3825ba92053cd22f3fd25913d8dd63ae8be1174f6aae3541a2ff276eb95fa5e0d295d8525a21cca6882e2c8d601a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
cc09e3f4d9c8a3b2cc55e7f7ee3ff18a

SHA1
403324e7dcd0fb8370720c2c9409fb89bd6693da

SHA256
a86fc8b264a6b16d51e3cf5974a0964d6d05ee0bf995ee4aa1ff968e36d32a63

SHA512
a2087cf655a8e3a1e7263a0cfaf665553bba4672d22775891fd18978fe533ad07a8a59b9f9467f3f7da658e9f0056a72dfa212d67fbf3f1a2355377950d98cc0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
4c2420d1e607272de277528ac0c541b1

SHA1
f3e270183bb9b212f8c640bd15761077a35af379

SHA256
c5d0e9cacf5b8e26e21031c88a4d3ecd006cabb5a6d61a2fd19de35e52616e34

SHA512
13a12e4bc1e537aa660cabc0afdb3cdb15ceda4797aeea32ceecff26c289ef0fbd015046955b34887d204037770f96dc5a36a989b736b8b8f55efbe0cf02f841

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
8c89c5181e5128426ae37a46fe072534

SHA1
8551d62500eff052b30dc31156be5c2f294ed9fa

SHA256
f7b822cb81044f4edb0aa240f784699ca642e153fd94cfc1a9239215d16d93bc

SHA512
7dc34279c1b969292c822aef1ab579fa99628866780727a17836e2669b96a679ba650e779959819b81056e8a3fa4d26c1039d21c2a87cd991ee100446f4cbb14

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
a6a8bf3f7dd6c6a6f1432061927bd45a

SHA1
807e0c065c886f25e2b46fd4cd06b0c8bb4aeff6

SHA256
03a65b26a490e914145a18192070a12d9297645d7c580fb07b5e2da237054cdc

SHA512
6081c3bb4092e0570c67f62684b5e7910b1f6d04cf28105bf7916bdb7e949514ce34f55346b1c24e038827bd0905e9e3ba55b98d96a9dd7b18d1b8b1466ffcfe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
73aeaa28897be79dd62a05146c8e6ecd

SHA1
d1411eec545f0a9c42702d77568a85aaf7bfa9dd

SHA256
257620e288d775f02ee04a3516465da40f0a3fe5f57af66f6bd6374979f4d142

SHA512
49c9817299add0fe34f8f74607abe39d65b732830ced96402156e8452550c8c1beb5c93468b38e94a2b59fc52ac890d215c17158144293c641943c9049290738

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
62cc51116687b52c757b952dd83a0102

SHA1
7b3b3220be21533971f197e1e1069e8f61c17a6b

SHA256
f487731eda729a0829ef63490fa493da2e0d335e2df0eec2de8223cad3a4ba17

SHA512
ec93f159ccc518f911497b643d060cdbb5fe8fe8353c2f024cfc64ab181c3e3160d701ceeda5cd2f845d13eb1d1a471592da436f4355f5ebaae4b1cc31ead0f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
bdf782be200748e75e9e2e9e446e500c

SHA1
826bab57c1334e954e68871b7a2a2254039a7a0d

SHA256
48899cf21cf9b499f9757cff235ad8a9a871403f0c0f7eafebd4fffb0b561989

SHA512
d556a6a8fd709aca86942b6f10f4b4b2ab82134840e69bbd61e8cb27813b2563b4a5f20e0c2613574274835f38fb9594127ef212b1a51399c98fdb4d42b051b9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
574fccdf8e8db99885493e12e068a8bf

SHA1
0e412ee38248371db0a0392a1c94bbc6b99ae771

SHA256
e763f327f5469004eff8c24286fe13c7d78929dd42dda579c1f3cd1cc44bf23c

SHA512
1957c722528c1616bc9fc0c9d67d08cb8d1903dcf9b16f099c61b0c9b37cd4a3f50390a887686ccf3b2153d62b15fef91bfa6674d9ed76e3866ba7bc8119da57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
4ed2d8e9bbc3ff5c32c35f7d112df075

SHA1
1e43a1ed28dacb81dff83c9a58badc59a97c626c

SHA256
9ff380a6c1d579e5ab9f031ca8e4aaafc4fb6b429c0b4ba2b864b495f7de05ed

SHA512
6e08aa711e902f0251f1bddc4e36ff5f95cde90174418edb650a123c1f6c36e27663c85a17d4f4866a451bd19e96a1716dcaec3620b8f36b15bb9318c9018735

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
3dd43027cb15d1e996bc3a650aaffa29

SHA1
133f75dace673cdf125bf378578856834b9b564c

SHA256
b64a620f8a933fe270d206d066dc35ca53d4fdbe5f5084362bb47ec5c29b8836

SHA512
5c27ae055c88be1759f5be360e6c13b81b9e6acbd743a2c16e4ef57bbb9136da0cfd7fd3296a3dde10bb651f0729225312db76e0d8347d3c06854af7d286c9ec

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
261045cac48a735a5e4a544dda2175ca

SHA1
794d4edbdea4fd4772663a221ef1f903f220f77a

SHA256
9380c1a8b959af7ca50526485e97efc74b0e949f192d626332b4aca7886232cf

SHA512
4e2c2386df47f7dffccd2ddac4f8b30ec6d4b7768bb0e9a7493361b5b7bb7e2106d851cdc6694e752f34ba6f90357a8b85f7e9224249517b1438778804b97d79

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
532b2a1f2573d27486ee69bea99fc9f6

SHA1
277ba7e537b2af4869ac848a61b913bb1124ae03

SHA256
9fcaef01ecf88777a9f578c53ecd1e57705e4bc990ad187678a417c10d0ecebb

SHA512
6ad35925940831540b92facd6f10cfbf8331611bf97775fbc52ac5145f8b864913d006758be8ee1b6f9351f9401a68e58f6a3c5998baac86f9980e859c610b35

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
07954249d4dd3f90b852067c5f91720d

SHA1
6a231bc35c9a4070a0c4ace5fd4f9b0635dd2259

SHA256
bf663d3d4b6fcf9c41ce9a6371cc9c77a1e02ad89e6db6fa100582789b9fd592

SHA512
e856f6349c46ab42f6e87a291ee6b489b371df067c187550c2feeae4062dc5a5fb57948be31d964199104b2618b33d726d75a1195f646298f73bcf17bd23652b

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
68e8ffc96383654f0fe98977b0f28f8e

SHA1
8dc11f1110d6d1b71283ab1a15c24ade782bb6e5

SHA256
9278baca353bc3aa972d92769d6373991a8d5cb4052699106373257ba2063be0

SHA512
b433956cfe2b3d08fc2788b5c5e163ea297acdc95620bd65e01dc0bd760372cc9a09731114f6b42ef63e2f6bab6eea824a8141f2e9a25b24e586d5f73553bf22

Download Submit
memory/4904-10035-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-10874-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-5561-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-11211-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-11212-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-5602-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4904-11217-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download