xorist | 9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Size

7KB
MD5

23f7e9bb64b166b543ad6ca59169e924
SHA1

1762468e70a29c3d84606cf187b9a7f2bb647faf
SHA256

9761e741458d5c6ddea4f66e2f58a3cb64bf5ac7d71a8d3eaf2606eaa9bf3b7b
SHA512

c4c044eeab01c476d798d89204b4b6505df944916a67eea98e372d293be47a18f0437eb2698d96896693bc70c9f965a3ce79f7babaa4590090775bf89ba5098b
SSDEEP

96:ljZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmzaePj7jRmW+7nGMUA:Vzdrr1FG1WDCgmjPZmzjPXMJGMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2104-5538-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-5543-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-9962-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-10989-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-11306-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-11329-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-11334-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2104-11335-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_a76330a2da8329a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_9be5ff0f15b15eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmgid.inf_amd64_3a0240393de08f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2104-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-5538-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-5543-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-9962-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-10989-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-11306-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-11329-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-11334-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2104-11335-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-125.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MoveToFolderToastQuickAction.scale-80.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-48_altform-lightunplated.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64_altform-lightunplated.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsLargeTile.scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-400.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-48.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\refresh_16x16x32.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_40x40x32.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-400.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_achievements.targetsize-48.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_contrast-black.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\IDPValueAssets\PCMobileValueProp.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-64_contrast-black.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLargeTile.scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-black_scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\MedTile.scale-200.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageLargeTile.scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jvisualvm.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Sun.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-150.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNG	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_ReptileEye.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsSmallTile.scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\PushpinDark.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-30_altform-lightunplated.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sun.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\iheart-radio.scale-200_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-125.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square150x150logo.scale-400.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobelightfooterhost.html	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..logonanim.resources_31bf3856ad364e35_10.0.19041.1_es-es_f20cd1241338385d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-icm-base_31bf3856ad364e35_10.0.19041.264_none_0afe35891ca55376\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-display.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5e9e6820edd5dd7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..kcontrols.resources_31bf3856ad364e35_10.0.19041.1_en-us_0d940bcb0cef2392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1081_none_07a08c6e805601ea\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_db09942beaf4fdfa\Square150x150Logo.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_db1c43d25c426c58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_10.0.19041.1_de-de_87830d53abc825ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1202_en-us_d882497830128342\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_es-es_1b5efa638ab6e61d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tion-wmi-powershell_31bf3856ad364e35_10.0.19041.1_none_d8ef3c2dafe96e03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_8_31bf3856ad364e35_10.0.19041.1_none_fc734b41dc885462\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msvideodsp_31bf3856ad364e35_10.0.19041.746_none_ad89793cfc7e4a0b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\apppatch\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_98d56d82cf5cbfdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Configuration.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ks.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_d31c1c02d122101d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_it-it_9c4ac23c6d850126\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_10.0.19041.1266_none_ac30c50e935fa5b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\Help\mui\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-of..ne-amcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_68e36a79300f9f09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..r-enduser.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_58f10c521127c353\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_10.0.19041.264_none_f4672dbb03e8cb07\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\Branding\shellbrd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dc13cf28a1dea4e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ksfilter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_309d3fa4642ae13c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_10.0.19041.1_it-it_ba1e797e5556ad27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..infrastructurewinrt_31bf3856ad364e35_10.0.19041.1_none_5603222270d30223\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dpiscaling.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ea68e2e555de9386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_007e7e3a1bcfd2fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_10.0.19041.964_none_507f3b8f5adc2210\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bthprint.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7a86bee10e280f18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..imulationextensions_31bf3856ad364e35_10.0.19041.1_none_b9335b8a6689e498\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_zh-tw_8b37694f9274b565\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ettingshandlers-gpu_31bf3856ad364e35_10.0.19041.746_none_b8ebd5d675f53161\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.workflow.componentmodel.resources_31bf3856ad364e35_10.0.19041.1_de-de_5d20d2c4e2f6443d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\baseTemplate.html	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..d-dialogblockerproc_31bf3856ad364e35_10.0.19041.844_none_0dd643eb35c33ce7\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.746_none_a2b3f28a7d262dfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_10.0.19041.1_none_9f6ec0150224d5a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\splashscreen.contrast-black_scale-100.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aging-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_aa7b6d1512cde5ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e8ed852266361da9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_00af3b80c36cf65a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.tpm.resources_31bf3856ad364e35_10.0.19041.1_it-it_7e4c3b1f1c999520\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df0f6f89afc1a0e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-application..-appextension-winrt_31bf3856ad364e35_10.0.19041.264_none_f1b195690fb4325e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\Splashscreen.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..utomation.resources_31bf3856ad364e35_10.0.19041.1_it-it_3dd04c4c8e6d9302\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1237_none_8960a4121978b743\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.746_none_3f2d4097772e54ff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_522638c63f3c577b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devices-wifidirect_31bf3856ad364e35_10.0.19041.746_none_7f74465c5404002e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c686be49b344fbc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-clipboard_31bf3856ad364e35_10.0.19041.264_none_9e5b7c0431677364\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winrt-windowsgraphics_31bf3856ad364e35_10.0.19041.1151_none_7441c95d25d70905\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_10.0.19041.1_en-us_8418c1b8d2d6375f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-storage-applicationdata-winrt_31bf3856ad364e35_10.0.19041.746_none_ccbed6de69b40136\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-24.png	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VAXLNXVITYMSKUA"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6emg41x3O2wDpP3.exe,0"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open\command	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\DefaultIcon	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\shell\open	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VAXLNXVITYMSKUA\ = "CRYPTED!"	23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\23f7e9bb64b166b543ad6ca59169e924_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
144509489142c794d4b05c2a6462856f

SHA1
bdc2126a08a1a22bba8204317ded096d2a605959

SHA256
ba56ccfd046aa5c39b2becf760aa66d09b434c01e4d1b75c77ccda335b89c786

SHA512
5aca57be027ed5666c8808e260c1f498826633cfa2b77bd1cedb58fc9e8d645715de29e87df19962440490c5df17ff3d7fa32215add28057ebc3a46fe8eacf1a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
76ee4e88a92e5d034bc05c343c7e816d

SHA1
5298ec66c89d63781f18b633f312152cb429edee

SHA256
e909f0f8f695b42b558be276dca40e251ca144a9e9a61bb684d29a9550751bc7

SHA512
d36ad67ca46fd18127f6a4394e5935fb759615200d3901e0cab34df5a609aac8858abd077e7369ab0b9d39efca9705382788f6b33e5c0b04bbf8698334026e75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
43bc2ecda3509bd4a18802cfed2fe7a9

SHA1
480cc2d141bd0251632f9fe46808fabcc900842b

SHA256
6d0e391ce99c1052117d9d93784db379559edf3befa36e8fa486fb00ef88ceaa

SHA512
3316ec49ca4ebd845e287e155e89006c494fcabb29dac1c3bd9aa0f092e61ae143859622a66d30f43a689bfed9d91f191de54acd21a2969952cc85e8bcb38b54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
0024af8f542d2920c44bd5f9ca8ccd4e

SHA1
6c329304cd5909985a384846f3915a7c93847375

SHA256
78952869e1a613a21a5c42e9b7e2597a03adbc108195cf5560c73eadd9650cfe

SHA512
15bf1657f8f9e0a89c57e458eeaf08b20dfef434c4010f2753f799462df9e979f09a5ccc577af3b5582178be013fa28e044edfcd958f53710e1cd6751c716a12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
93b3c56f58375f72057aedf0006e0fb6

SHA1
ea5e2ae708a44de65078c9c30121bffc9b20068a

SHA256
ab9eb34c3734a649259418991b474fb3e278c713fe947e62f864fda1334220b4

SHA512
d29bbc6e987155a6d3feb7b1109880b5fbbecfcfd5c2f3b95162da5e8ab75c5d85e63b6cf6fe485fd439e28d281d11c5a11ffc0b659d1a05424dca68a068c5c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
7388cba181974f2cf23af6426fb3c650

SHA1
e9f2784fa23ae898d7b24f85f991661c1a2128ed

SHA256
4a12aef2daf5ec64b374bf5cdc121ba6d6e45045a0895d376ec03f3f67e67394

SHA512
db4af64d3ab96fccbd79271b7b9031529fbeac9cfcda980fef7a36b957e6f33617ce7d599eb9d1286df64c02ac27747b29d1d4e3fffba22a855ed4d7baa44658

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
3d5f7aaeede23e50fc37123ad47667c1

SHA1
67999ba40754e07dc91b4fc7a01aeecbf5eea5db

SHA256
96bb924427194e333e07f51148ada7b766adde80bdb81332cdf54a6e807c6ee9

SHA512
54b053364b9e745c61d2fb238888fd2ae263ef6970496d4ee8736afc15ce161a83198e00f658182e282d6168250ef7794227ee3e9b18dbc0cdc5165fd332b227

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
c7cdad2b9d75e4b5a33672023c2fcff5

SHA1
967c259fe5c2f9f32c4f0a6f2659702c3bc15926

SHA256
113a306ba0ffbcc3431ab3b7de2b6e363255f20ee8aa448b089890e7683410a1

SHA512
f65b6e000968cfd4c82cf0d20ab37c14a3513b645f711ddbabf83bfc0ca5f202bf7b04d4d1335c3a9dff74c09e0e4ae214a1c7e9b5c3abde658a7c86a2eab2da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
717ee9ad41f5321ce754cf3b5cc86b5d

SHA1
56e51e1ea3365811675a6e4a8983dc6dba714347

SHA256
16479f218c9d2aa194e6aad4f090c9765fb0be4baf8131f5fb0da716ad5616b5

SHA512
0260e45ee3ed3cc324ede502b861975280f3b9acd59d7a89131061ebe8ed112395c133c503a5eb3811fc421fa31e5f48c14da12863a538c165abad3d4f6d3012

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
bb476a61735b299e72b1c3f32160afdd

SHA1
493f3d0d16b1bcc844aee4b15aeab721e49ff910

SHA256
27b6a6f1e60c7807e3159edf886eb4cd0f19d35a880d5b5f4f30c643d792283f

SHA512
924dee3dfa0176c362ae81ced9890e1231740482b9027f46723dbeccb22fe20b11f48d4f090b29cbee17d16ef782908160e69347e8e2a13099e052c5f09a13f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
b08bd92f07cf87b0810fbb1ad461a111

SHA1
bf6c9637aa8eaa8538504c369377df2b69283857

SHA256
e791bf56e32cf63cc93003bc76beeaf8b5253e7cd9f3cb80d85effc128a6f59a

SHA512
a3def4dc7315222aae8336036d2cff32e0c7dcea558bdf49ede7ef9ac2c8c3cd70ba7307d508d90306cb09b6ab52e1cbeefdc1ae732bc66ce4a286e5c52e7be6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
c522ecced278020a0de1636ad5d88b34

SHA1
1e2942fc34934c2936c14d28174df12e7deea2e8

SHA256
547274e057a572b3cc164054f9234f71492533b33348f48aa07af89eb11a7704

SHA512
8b92b08243f210fa86c286aa4f8448e5d8c3f313ea4688484ed4e81aa82ec1b7bd072e7ef08931d4f952369dee37648fd6a14b25a4753e8fa68913ab5e8ac8a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
72afb0ec03b75668f1d19b42d890249a

SHA1
28d0e590d2c1b12f8835129cb4a5c5d787c5eb0e

SHA256
ee9efb308532bd1dfddfcddb32b014cfebafaeec89ad71d8961760df92b75f9f

SHA512
eaeff45c47d854d699867f0e67ec42c31747e5e0e4e339d5b11e158c4b2473fd42fd10ca0843d4fd2e41da238cd0290f2116872f1da391671f4dcc6e4aee9e37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
3dae578171b20c54f011b7a465e40cbc

SHA1
45f5356fd81e62c3d72d90c6e0f2082b40797f3c

SHA256
57c73588d853d83c18baf60d16495e3555e54ef9d4a71916d4bf08a55b4f982a

SHA512
5ca78b3a9263e4244f4ea15fcf3148e09a66939e851a29251929d4daf89ff6bac69c500fb17aaa0d536b33dac38366131646a5065f96b2738972241b8bef9319

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
42cce23972504fbb31f15c790e616ff0

SHA1
d2c4c1dbc9590baf9185f303a56f25432062a83b

SHA256
e5cc004eec788408eff2b109ff0a0c3cf208399857fdd6ec3d2021473959c95c

SHA512
b6bbab7d971663967e88d98a9cb1974019eab4c7a1649a065db7c5406d7e97aebf5cf1594e3eb442b42ef3d22b5b0fbc3ad5fc4187c814e6ea0722e43e709ed5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b2caaf56492e55820b53130c9cca4399

SHA1
f211f12edebc03d787fcaae08e9097284f961e02

SHA256
879e3db8db06dadcb2f82f0cdd796c2a865346c64b431d202f51a66285a82d0c

SHA512
826ab781c7314ef3f0720c2f40509e7d913c01342eeecb91e6241c8592eb115cbfaa3a49387b45d6d8ba7a88a23cbf409cfc413ccc4979e1704fc0ff3af760de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
571be57804f92063d58730c0f57edce5

SHA1
4e06e83d30294ebf9762f27cf661b66346b43bfd

SHA256
7eecfc6b7f107333afdd3f2293077de75259b48ed2a63526205176a738faa6c8

SHA512
23e585fa0270cc0efa24136e264e82c2a7bc7a49430485731db8c7e5c62d5bb132c3d0b2cf532d17a7651a6567fc1bc559985ab94159d6a1df504cb3bb407ae1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
199345aeae43b144ebc9b0f6e9b4d774

SHA1
fd0be8551fc23a36c21768296e49a1a7b9de6140

SHA256
1dacaf8b367fff15a373a2e6e2afd0381f4ea070cb0bec007f3d1ba26293c606

SHA512
fe33ae634603f880e5a303d5853671812284f8a856e218c1e0361522930febf21d663646f6327a7a5c4d87942816c0a12f7c0718b047447fcc861828f8beea11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
3c5066996f5d26a449447e7180b62dff

SHA1
ad2b40b5ed57b50a6943b417a763f2d91c6b381f

SHA256
71a7d06c09a548c4f65339e0bc8f551bc78048a22af3af6c1c616f5643bcc34e

SHA512
77f0c97198b811d28cab4491e67505e9b1292d3927f0cfb8d0031eae4ade05c6f8f2f6a4474aa3951eadc22fb4b5fed8baca7f3350aac76751771548ddd9cf31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
9b7af48eeee8547310b071f621d72e62

SHA1
52dacec13937746be2e2abe5d549814f87291dde

SHA256
57a9ad1660a5ded149b933e697faa79904dae677b544bfea35935a0d93185ae0

SHA512
4cf0700af0748fea9cff67aacc120257f9d585ec9bb7ae2beb9e88b60234a51f265438960f123d00221ec98fad5f84743b867a24cf0bfe57a785cf6d8f23eed0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
0091548901d34732592da7a326d15f78

SHA1
52f8a225e5547af4d1c3901726fae81ef46ccbbd

SHA256
b3e75cbe526f33263177785997bb956dbc665e1e51421bfe4af4c8b7f2eef047

SHA512
b7d3d8901d91c5043fcc88b719dcef1c8d7343879e024e35f6f4741505ae481ea07fac51e6ced68f440a40cd158069316ac86ccf34550e3bd1a04bfd516cc5ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
b673d2529fdada82cbd0d248f56caa21

SHA1
3ac76b2a9544b67d8b82eeb7215c410da37b4eaa

SHA256
d2fef0b60bb836c1a84b05cc95f8fc117a0455f274e6f235c87cc5043e547eef

SHA512
208ecfd675c03c1eb6477d735b4f74aa3c8b890dcd2d2ad9f89b777601966b7a0ed9d4fb8dcfdc5ba632cd99f7ecb82de835f8a29d40131bf5a2a5e65269a4b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3760f152df0cf6f8e31d4e1605c01691

SHA1
19751dd03eb1840cab217cd3d208a1f5f939d5fc

SHA256
9be5d0335b8589b898d2ba4cc61797d38a9aca7f7dbbe81d1c1ffb35c5e6584e

SHA512
c5652b0e7724d2972bae4c22e83ab298066e22bb137897b481dc491c11c49f0978d602f0a70ee75b9c4fd602730a9f8b23d63d7ef42c521e16294e7f9df91e63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
fcaa25c41daab46e503c559a9964beee

SHA1
683de1668b176ec69d43a2b85c065245e47f067c

SHA256
67ec73252b6b7e1553f10633a657c5a0d695fe6d6ed7439e16ea4077ee4a5304

SHA512
eef3dc3cc6ca135a7bd89f76bf263205bd72b016cdde1b8285b3c4cafbf94e171f87585023bd0ab54706b008cc3a4b205856baf008850e8eb01c02f1bd0acff0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
64e12002d90528cd045bde1f8016297b

SHA1
ef8d78bd4452a9acaa98ce4655d84b56b3ffe21d

SHA256
bda3c12507bf8fa76bd88bfaa8e7c85bc876faa999dab9a866987c4d49937aec

SHA512
05418eb04227a4338a2ba1e1b79175ceabe3404fb5eb44ffe72026c4a9bec12488590c4f4bd90d15e01cd71e5b218ea01a0a0a28a43e18ba989d9993a5a7b378

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
c0f399356a496b819cd4511bb4daa416

SHA1
579e31a988e741e50841ea7a7ad5f6963caef709

SHA256
a20fe47e0c2d5fcb8e795a568a21e763b1d1ed0cd7f8276cabeab2fb513dddfb

SHA512
d4ec435bc197333f205643a553995ab9ffbddc7a6350a4b8fb446993fedba5a044fc358a591c1738f7f748fd4edf1fe4fa8c25a7b5f7092b83a3c78504f68030

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
69e74f77a828cd203e58f3146614ea76

SHA1
4a09a8ab3b92dde07372d18f6cf0a44bd0458eea

SHA256
2d8ef0c6cfc261387021d2ba0abf77d020d30d44405123d47f27e40e70d925b1

SHA512
4d1e482b8be3e7abeaf494c0a91088bc6c549f6f1d88d81e8aafdf872d3ad38fa3d5674dd54e18bf14034977ea678667066a4d514581f4451dab477bdaaeb230

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
9790c47570b440f555d2f1c74bf5315d

SHA1
ef696f0de24aebc84c907f93025a4b2dbe61d6c2

SHA256
d0e8a05945d21dc575cd4f3b1527effbfe03e6058c702103e4563e0a01f64299

SHA512
0b3ffe3b1b6a6c11fd3445bba31ad093156f7422a0b4354522dea04cbe373443fe5d12a55d0e2053cb3012990cbefc57a94d9a306db79b1f8e46cd4fcd584d6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
1a06eadb0bdacb9550f8d228cc51eb25

SHA1
d5930be31fe95903f28edda91e7ecccd7d97a5cd

SHA256
28af9e6cf88e3df0b0abe46fe332c3fae8dc425adeaedab1346d7fa8ace97048

SHA512
c8d08f301ff78c440b2954bdad466b7e8d95c97b65aada1f898daeddb2a37bbd743eddeab84a64f2501a2ead7b9740d46263e5cb4283611eae7f47418bad0695

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
752abc05fe609bfc84da1f5ea1ddf5c4

SHA1
5aa00b03dcd41883604ad11f9779df2577c56afc

SHA256
1518d50f12732f9d04c6523dba3cdd826c6ba66eb727d40955126ff17f4c0937

SHA512
dcdb0c20e5cc3a7de978f1d658f8c8a3bd42e50cdb439325cb2daf527d087295ec021e901f854a31208ccaf6e357f5bd8bf186f827061a311a6768cf2b94ac75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
28f59a76ae3af6383220eb620ca0dcfc

SHA1
5d6b0f821f67a38e3c84731c878c2a72dfc40e48

SHA256
d8ef810f9774a0d1fd06358ff8ec63c6c141f2091d7f4f13d6da3a1361018257

SHA512
e42df4ee71247c2f778a56a05601b58d752196f5f200cffa791a863ed7323da1f441edeba3e762b9e5c470ca8b260eeb6b0606e1ee536dc4c1edf676f867db6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
1a9edd5872bc353398fd7e3e7abeedd4

SHA1
023b568e815f29fe7c10dcf7214b6fd850f75d74

SHA256
9540e1f347f56067788004889660116f1891231a6a2df534bcf8c88f177a3aab

SHA512
03c044bd6375c5df1158aa4e73b3f507fbdb433ffe076df1cd5a1c5600d452c3c7d737e891c15b347c069e8e1efb46665dfeb33bee38972273d68905ea0028f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
2593b2353848b63ef507ab114ec149ef

SHA1
0ef63c34234a9effcd2eab73a9a82d1c2d9e424e

SHA256
d3b5f5eaa78ed9c4514ebca87efa0a666f0a5db94bf251d4f020d16c4744ad37

SHA512
52b3868a925dc54241120a752dd882c9757f546cd3093ea6e9dec5e8cdbdf1214c6091d0441aadb36d1d00825fb4734c9dc4025acd326c8b506e86b495b51a27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
2cdbd4a7f81c0fd6f2d5c3425489cf56

SHA1
c3626709badc6a41e5ef4f3d492d3096623fdd38

SHA256
d2eddf23c708c2c654ca3c9bfb0fbdde6a1afb89108fb9ace0b1d09c09ad8ddf

SHA512
df41b6d84a6c75cfb15681542c00500d9da19fed3cfeaaad8531554698fabba70fe9e9c53f954c578a2824d85d48a0a58eb492000af3081501d7985d321e966c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
09945759c0b772356247296b84dc4621

SHA1
1d892dd23f86ff3c0349db7cd8c1716395914076

SHA256
f00a577b89f5a6171ab912b4feae458f39ea29432efa8fe593ecf1065535c405

SHA512
17565aa67ecf7e7d51633009e280a29b9395c51898393b4c24c3b27be27c64d25c52ba8c8d5fe746eb05b6919f391880a80f5c6b86f6b349f81d8b67f746480c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
7ea8311e503d17d9ddeb19d6bac9c229

SHA1
5475c070e8a7348eb6500e7e360c98c4388fa982

SHA256
cfcd45c2aa3ec4054bc18c1f2ee28b79beea35780ee12ad29fd5d1a7589c61cd

SHA512
49ea3ddd29c362eb902f7522bdeabfdcab8971336381b1d26d29c3ca583ccc972caa120af8b9e671e1ddea0eb72ed0767a078f64d5117bf81ab682a1c01c580f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
d84fc85d80849fbfa95a7632c72446fb

SHA1
b79f99dc50047293af9ce5ed202e0ee41cb2bd96

SHA256
a2712dd4b2f9b92285e439215fc97bfcb8b89089e38011992cbbb9fabe4e7859

SHA512
6012c2201b56ea7507211cf00775e9166c1a1f50837dbcbe6fdd519001c9a0505153eeb890e0ce1c70692de1e48f44341ced025b38d8e68aa4867657ef8569f0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
1a7cf6da3805071c0e7a693a37830e22

SHA1
43d358520239fd655e232585ef8bed3b481ba66f

SHA256
318c3693e17b4c6c0ff633d52f95c50836bd8212366df1e2ff6a4997222cf318

SHA512
07034b2bce0fa00b5982dc2f9f72514f25e51c3f74f8ec6329a1fdeaf555a0fe34ee8fa47bde92225f7fca7c48789c3d9813c8b79edc419e57fcc2e0105d2ad4

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6b7c80811d5f9e94554765c822625f7c

SHA1
23cac1c9d1e9260d00d86a01f15793546ab32b4b

SHA256
258e1366475a525d8c23c1db0bd40203a5a3affb4a20a0da26bbda2339528446

SHA512
72f5b4a6071a8388d8a08c7109af9d8dedd54b1f686d2f88480597179659878b44084b8e902de3fe6093089047070fd7ffb04d97c12e595720c94a8c311ec26d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
f24ae79b70ffe5dae1f365b46f449d4e

SHA1
b134b1ec811a7fdf87f71e79593377d5ef2adc58

SHA256
fbe3c408107c82db26319f2a0cc6f10a777be35d7266fd359e88c653b15b47b3

SHA512
fdfb207adf146fae3fc066c7a489c5f5ad6bef14ae2c9f2e0ef0b40c6e53fb6e696dad775826b8b9b6241d59b3f7e291595858ef8056e8c881de90960fdfcf42

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
52c8a3e889355fe95f482328a3e2cdca

SHA1
5c789b45db4f9d8d33af14e7a39e1a3971ef4864

SHA256
80d70f03d89e6ade74c41cff9325a292f280675700c6377fea13d02804dae0d5

SHA512
2c4f56dbac56ffc2190117025fe3f32d9402bdf88f1dac01cb6490d2bdb08499a1d324567f877c81a3021001c5ef0c62998f8daa9b1aa8d6e0e358f10cda04f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
6b6f907f9214f224eefbf9e4bb892c75

SHA1
3e93a169e6b05d04c8aabd32c94ebcedb8b0835a

SHA256
830fa6e2eff7235cf1a48b9421fa8a5ba3f7e234added22bfe10ecf1e3d975e8

SHA512
64d9762e870cbb0b78ba3824e7ba5f91c0ff34dd23cffe789619fbe3fe848c0778646dfd25da6c4ba600b81dc77b3e34c9073e8cb41895f82399b4be65d2b772

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
acbdc5a255c7c4ca6e0919648e1473fa

SHA1
9c22b2aa0bfb82105203a3c421b2c856b2744f1f

SHA256
1bc4c3b853fce3848a1ca056629281c89947d598e13c0963d601f010f1ef421a

SHA512
42a10940c756a47b7ee8586b619e173ca4688d23986c6d09da6046e73d4e21b399c1ca644e59112d3d8dea6ed7b63a4a65bc3c7e4d1d0a337b237a72176478c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
006c33ff31ff1eca0625c486e90982f9

SHA1
a3c669542231b9832f667965c65f097cc5e6f5fc

SHA256
b6072cd2005bca40a487ab60fbfb49dbb678bf421bf7b4e323037e3ac3b0f8a3

SHA512
0aea546338a80aa694f42b2b6ccdd1e13b117bc0b3467ccee6698983165d54b9ba62eab2d0735cf3b6f2e5a2caa154dcff118793b50680c3db4ce9dad3764525

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
3dd84dedf37f2269182dd1959491e5c6

SHA1
bdd5066dff93cf1a4a759483fe91b968cc67f300

SHA256
5bda27aab748b98b963f0adfb4fd28b6939faa0e1fabb2bb543fc5e68d69935d

SHA512
09c6742cf0cbf346de429aee629b7d006927cbe10c7379244117d2ef774b1986ed87f26da22030ce56a1683ee0445ca784c3d5c820b04b625651417d0ae9165a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
29ed9303ad18d992b85545cb4ab53244

SHA1
869f56abd1c4d6c2d96e6772742280bb6efc9675

SHA256
b7e3109fc973595c25f15a83c72925f5db34380779dbd99c602d0dc2d34879be

SHA512
bf8e37caf2df567286804c3cb01bc76b92709ff9afc4b37a7b3bad0bbb035e25ddf729f3783dd1063206df3f8304b8c4e38bf43d550fbf78fb1fbc2346061b44

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
7cfa30a383eda26d24b8a12ed7738562

SHA1
14e04f22f54775b3748c0755ddd586e39913e859

SHA256
eb0a8714cb3b617ddd3767fa6ed15a5857d1ec924834cd5aa9da54362f250d5a

SHA512
f882c5a4067541a17975afda5b654200a53562fce6386c5b2728b14ec758cd8a8941fc27dcdb38de1b509bbde9da022f356d24f8fbf5e12c88824735120a3c47

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
1de12a2c83e51e3aab44d01e370bda27

SHA1
a5afac8b2bec61a3aaf42eef5a3f8aa4cfba0e10

SHA256
8c3b623608e918169dbb29f118a5c95707d3456b89485dc75d9451881ea9b2cf

SHA512
e8e1559589723c784468cba714a02338f77a50df9f31103c08c943aca95cf9a15cce630820d8c18a3396b11fa25a9a132b86fee915bac43b8186ec7326796685

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5de6c02f6b69401cdbd3dac4d4fc2c7a

SHA1
2c47484af640143127fd2e4abbccc2eb75a3955b

SHA256
441cc2793cc1a6672331c47e66be6f7eb1660e8506080f2942347181898faf4d

SHA512
f84ecf0dac66d89aafeea47cf9b673eb52cf2fbda6e51b3fc6d18390c1d965956b069587c960249c2e87a1718ed8916e633bf2fb1598756bcc623eaa5205c3e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
43ef89042d7356eaa7f45523576410c1

SHA1
0be867bff81afb638ff8a45e4c56de845ccabde1

SHA256
f20a0f870059b789ed326d9623331bc952f6704ffc6b661c72e9dd7e8f540254

SHA512
c71f97f039c7312461351d37405ab8aedaa445704b3a31aee07dd8e553c793c0d8a14e5bbb0cbef4e11f16bb923641e6b99d86dd0f9e58b9dfabb74fd63d8ff7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
bc3c93d3ce76525e73965571eac981c3

SHA1
58c72a506612c395186fde0aed85bb0d31b8da15

SHA256
090bc8b77a3681e7b9a33c4c292e4439ea0e39653d8946672d94a18184e157ab

SHA512
181b74bbe9482d4334d7be4cc4bc615f5f97f213d20bf666696b1e35e7e709c92e7fd4184b9cf2c48f4a219de95c2961d6d1cfd9ef6ff0ea531c2c8059ffed55

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
cfcafe9fa75af4dc3cff28fb3ae046d8

SHA1
bce7c7cd8087452a32b8cd02291f33363ea35618

SHA256
f620324fe51ca3f3ecf28154a6df20273cffc071e405a7a1b3b5edc87c88bcc0

SHA512
db9073ad6ac1a4e28dba5224c07aba8b39e5f2e0a4b188a7a43bfbb9b4f2fbf96b814409834076c13214c39663a88c8c07ad0e6f7d73bbc5df2b457cf3d817ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
23aa223dc6df26c8e705b8a73654bf17

SHA1
7fc2a6c9b7eb96a4612af9a01f03b6f1ac1fce4a

SHA256
6af7fb29c944bee41ed4ad17a6b9d954c3b5efbcd7aaee9baa746352fd5a4fdc

SHA512
9232a0d76eef034fb79bb253a501de26ebebf8658f12bf584ac762252fb874a6a029bc594e04132ff37dcb5b4c1fa7922c68df2353947be6a55ac96d86147e11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
43a61e95699bd7272a8a9180305a8ea5

SHA1
8ceaa2a035686b358ce8b5ff6799af6a45e25b88

SHA256
7b3bf087d590ee71dc55cdbbdf4e5deec6bdcd331c693e21d6f6083b0fb3505a

SHA512
1a8da9914b38bd91cc7b777e2bee1dc19d185af6d3d7024992763f758e9e1d435ae30b4c439a970c1e486302ea2db7289ee0e79368863439b5f4a0b22134ba0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
3e5f32dd091bb58f5ab59fdd926db620

SHA1
9cb6c175ef6d28dfdbb98b1d3bb9f9dd49b85157

SHA256
ebbf80c049ec08a40ad281dbbd5fd107ad1a093ad1350b79c9c39ba3ecef91b8

SHA512
0c339a656e436e24596900cf966e8ae07fbb96683ec1c7392e7ed3bc6be364614fafb60a6c8eb7459f8861dcdd740b645d9b3fb335d48b3fa9ba5e47ae74e018

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
94eeba9f79b72fc0340837f998790fc8

SHA1
18f81e65a1df172cfdd7bd3b0deec3a9ae179073

SHA256
48a21054c932c9fd6a8fa0ce6e0eaf71ebab74cfbeb823503db9eaf3d96e08ad

SHA512
7172d9c6aa9ffa23b8be24aeb7bf9ab365ade37e00d2b871a0a0ac96e49910178d724329e4123c0bbf2cb21327949ac8f0845114a27955c702036b7dd7addc3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
942027eac0f27b3de713142c51d6d6bb

SHA1
1674f3aeabb5b37faf0bcb5d041bd5a965198225

SHA256
8dd3387b227983fce0d1177f9e67982a52080e7cf8ded361ebc9ca7f8033e81c

SHA512
e33f4c39b1bb5c8300f23e78a41433ee88066f44f50a93397ac3e23794c942e11f2e8ecd49d998bdb35fe06bd8d6fa331fb7115ac3921e5cdc763fec5758cd0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
d689a7d4be761ec17da220fa0a2dc86a

SHA1
907084ac84c38fdc6abe7b19ea5affb53e4b018b

SHA256
b7aa096c20bb664f06cc9c6a145186b46e122669baa98f10e04510aff6f60494

SHA512
3c637c96674c435c13ad0f72530149cb581a0502a590bc9363b087c7fcc9e2441dfd936bdbe10b2370191668b46e071442a0340742be520289063c16450ec220

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
99211618165cb674d4237792544d594c

SHA1
7e5d70c6fc4614519360f49ee42a7a363cb160db

SHA256
6ff66bdf72df9c05de75da3b3ac9442b8eb04185518538e712d4285de04888eb

SHA512
a1d88537cd83709495f96b51496fcde4d5d5289cd58444d7ca3ad424086505d0038c99b8eb19390c04727001e885052715a1ed17f03b0033414be13a354237a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
5b66000236efcce39cb30bc46c92b077

SHA1
bc6d460f2dc75740525a4f7a5f188e2b349e655d

SHA256
aef77b6de10926c914ed0f6720ebf47172724a34af1ef8549a197a41c7198a96

SHA512
416c691f76cb7527eb40e1d691963a560840d2c099a0a231f00e00300f529014cbbc813d524e5750f32f7f663df4e51d26147771753dc09fba392ea674d60a62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
b34b4754b90de1d075d717e41c2869a0

SHA1
1faa0fcad64e57d7d3bbd830bb83e409de3ed6f9

SHA256
07a5954edd45e2f31a4b3c187ee2a4d8490e3fffcd46756e63e5290ce6101e64

SHA512
bdeb1e1715c4fa72e0f900f8a0ac14197c84f9c0fa5aad1ab98b1803a4848cd92d4cd4b9e31e121499fb2f12e75f7ba8b025cccaa149706d84949fe0fbc5e866

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
7aaae8b53606e65483b2935393e43325

SHA1
216bdedabe31664fb7d140f0d8857bdb5be39234

SHA256
bc286b5510b4beef2be0c0d2908c84d86d6da33858f7c774d56f6fef3c09fcb9

SHA512
e2fc1d07255b128775337a7e14ca4627e1b63ffe673bb4101fe2bf70339ad5574d7eece4e69ed2dfe6cc1a0bce5cd8654d1d510f56844579f7813b1b921b4c45

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
ba738db84d781a13d353100294f9aeb8

SHA1
e4cbf6a8d7248710bae6adfa4e9305e2d1b9da1e

SHA256
6adae6c4b2ab81e81b1e2d21ccf5369de6b5df5f3f0ee101b0cd48649b485e1e

SHA512
14ec2253ad83076793b9c0c99b058c28c90bc16ce125a742030c716d3edae5a1d080909de119ff6f87dbb0a96ebe8b2699016f1ca9bddd47f6027d3b82a436ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
e6807946c0ce250a5e4e94dee1bef03b

SHA1
3e9a80bb3c47a7ca5633de8009a52fd6fc0f8f35

SHA256
6de734773db2c3afea1256ec64e9c786e76556ace6b299b2a8b69f59c906afaa

SHA512
e11e16a4f8c168044097c668e70c74c265f400de63ac75617d3e368c3f6185628542c3054e6eed5ae923ac46c78aa36cdadefc400c9580c8db1bd9f1fbd13e38

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
aee5ed85baca9c7f97b14e7caf47b82a

SHA1
97903dee1321229afb70a1a13f7c5c99585a1fc9

SHA256
80e1f448ad40e6abb711a49451f0989bbdbe00c632a0d91dd489d18f75e003a9

SHA512
dceebfc67877c005ad689a96c03114eaff91bbe558185cd59ab225cda28384126bb6a75446cf1474e3d1500bec2f2df6d6f4b1e096c34974c95edc81c5aa8fa7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
2903d61fd61100ee7e370276842121a0

SHA1
a61528d02b90cb8749e449c1f3e3dcbeb32805ee

SHA256
79b795cbe1db910c51e84dd5f57c557032aed314fba451690cb74446336251e4

SHA512
7726b34183027d7a0adae731fecc6f2cd1a72fb3ac1066e6fb2db88df1489430a765cb336d28fa592b5213070de940b1206a7e8de6b1f7c52ad5529e3888d40b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ac396084574c97db413facfea72588a6

SHA1
9c6c64d54654bf0a31b916755c1024e5b4d8fccc

SHA256
0f9aae257fdde751532bb7ae87c0ae3094c10153cafe5e433605dcae79430cc3

SHA512
677a427d5a8cfe3021f8c31865cbb041e7a561f993619d1c68a998ce44754632422e504b25d8c87d1c567de5dc6263771197120fc5f6400881781462bd1cce95

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
062df93afbc74bfed21335b145431ebc

SHA1
9481235213d8649ed0f521297d37e2e9f7676bae

SHA256
2b78b2d1272038f3bccfda323f445cf02a58adad178011a6efc0d643136822e7

SHA512
5822809f019d19b6059a33b1e99049aad463ce3745496080bf1561bf1c5af872c5ba053cb61908f058ff44ff67a5922aa387bedc86cdb8f6925771eb802f5824

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
ad4133fb5d99ca6ae2fe5a80c1facef4

SHA1
ea09e34235acfa7ee22ef20a735015bbf0ac8a34

SHA256
93ef013b8cd45d03929e4b404b29ee88acf6f64119a9daf6c318edcdffdef893

SHA512
0c74aed6e02d78da8dd7706a7aa429dcc1d90ad314d5710ca33a76dc60b0ce3a99a70eba58bee1b4918c40f858e8319ff75c952daeb239577b3525844609018f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c617226863fed87bbd20ed9f59b51f5e

SHA1
97fcc99ceff6fd215e55f0fbe612b03aeadde201

SHA256
dd4e9de82979880dc7caf9bfbb60ab2a5b7db99de8f6b11ec744ed8d8648c416

SHA512
31fb4a387145bcddd0ae88025455f2f7aa97573c11152b05abd65731c34eac58833e76f1adf9842023a331dafcf216e4a8b51f8b555ffb880a4e93734ddbd6e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
782ca40e61b645275fc6d10e50853b60

SHA1
93a891e4ff7f26078310534a95f5090fee13050a

SHA256
ffed73b3b8684001ba093e36a0bf0d66f131bd1ea45bc432fa608edab0aa6d57

SHA512
1c444333271cdf0bb89cdb1529fdf78173f4c1daa2b0940813e5f47a24e1eb53d99f24067a7504bfea9b27c93e2c393de3a21569de7446d3c307e0ef9d3e7a55

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
2a7f8ba46f58649db0f8a03519ffff84

SHA1
d451646d55a99b6b44a49be1427a4df45d6ebc34

SHA256
bfd3a47c4eef7d3fb8d7ba5bafd2fe78720f421943dcc7e33d13cfcf40988fc5

SHA512
a1cf4c7b8f91cd30867d7893ff87f705d0020d8c5c451d77721be7db13a3e268a8ce752d31595ecc060e970cdcecaaa3e79c2c187c289887d76a88cfb119fe3a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
ca2f67941cc73ad645e82d5fdb2ffdb7

SHA1
a2d20011069845b2357661c282777183e89b0ce3

SHA256
c641d1b5e38d96c4ee55922db6aaee0eec18939e7f04175910c397c0e1a3695a

SHA512
a95d6b70d00703ca5df7bf670cdc6ce3c527fd91e6eeefabc3479664302a9cc2f988cd91eb426b9df636fbf7918e7033c926ef725f146b82decff4fcc0f942d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
ddef15cd3f991b3e4218f2703cf20896

SHA1
a6aee06249fb64e1cd63e14f116cfd43ed62e1c0

SHA256
ddf84c8d5e5cfe31e06d83f9943cc4f793d86d8b6dc58fd26776a2e43df9e2b1

SHA512
1cdeab54fc76f2ef10c46247c776f23648568badeff88235d69bb747222650b90d70126ddda806c06ef458114dbb16b21cfc49d4cd60a905f1dfde00e75e1788

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
8ef61afc6e9ded083e886f0c16a4c522

SHA1
e8f71be546556813a09e790bdb4b5a6f08b54c6f

SHA256
2c76564760278c6357d7f0f69896f82ed33d4a73035c2ce63ced171a7daf3eb1

SHA512
427299b87f5e711c35292a0ef6307f22f6c0426b8ccb85eba5ea6096d74b4845ba105b2e9727c4dd80f8bcfd9fbd1d2fd4dccce8fecdb16d5cab47c1e77977f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
f98a2eef372f62abc308e62bbc21b711

SHA1
df67911793b11c98a8f98a644dd87da183c89f11

SHA256
7adef761285945052972a22c2a1d3afebfb96f97053c8d1c77ebc5bebd215bd9

SHA512
241d253cf9f67318142c1eb5dc9028c837eb53e6420e823e34533367a35f98da1fcfad5a7ecec20f1041ae23a8f4e6efb50ce9f94fb61fc66a4131d277ed62e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
eda330f43a24a29f73d7711a92a657a5

SHA1
ac7cf140f485f3e879e596d3f7ea144b54fc0222

SHA256
4225e5da54e0b0da6b44acf4aea080076c553a028e69dde475ad658ae0047471

SHA512
ec9072a15dbe00007a0a6aa7e93fb96d34f752cd41c8c6302ebe1a047d463f8a7d7134b5c01497ea99fee4d1202db48b9af04ad70e8e4f87f01cf56e9d2a6c1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7c97b4c9ab54acf812d1cff13ba09783

SHA1
7d95b28776553c5ec7847186604f52a93baceb6c

SHA256
0491d6d8a1e531eade8ff592ff5cd79510e4000fd2cff5c43026a3a23e4155b4

SHA512
67e7f293bb082e53bcc0c18926eda8679707eda5bdbfaacb5e57d5d308e8d0647037621511bdcc5ccf95d1a5502d378b77dfb2f19786754845e75f924c4b654d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
251a9b709a12a9d7a6408e8eceee22f8

SHA1
b39d3eaf385b5c6ac809fe09cb988dc006a06184

SHA256
0d95a71ad7f509dadada1618d8d6da1da56432efb0f6dbe418c06879d6fd40fb

SHA512
1c4ca2d3a3277d9d8a8bd58fd9450f4156d29f1e3812dcfc587253e7e0af3bdebdc8abb3dbcd56a15cbbd392121273d639af9528b09d857c65b2de68dea404e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
1af9689032901d1393b5df94b26f9592

SHA1
cfa056fe6ba790daaf5ef6e8bd090b75c6b6486d

SHA256
f0fcc0eb0943d5841e80657bcc15a9c794717c533a1e08e698976192962259e8

SHA512
a1cccdc115a674a568577e4c0307d1e6dd7d041d2540000ba2521c3d145098728fcf0a28cec74ab61e087aadd35fdd445c903fd161176e874923cae4d7f5d2f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
de8585b15cd2369e28cadeae886fd190

SHA1
117f2df7b6068be48f43c5ace5108241fb849025

SHA256
8b3b33b8295e84f047cd09aa9fe437ee86bceb6ad885d7c7d11b98847fcfcc22

SHA512
af434bb9c9c46236e31c5c65a21efcd8da54ccf736a1576cebbf1f09fcbd0321cdc791f538dba4441f6b946c27424830c10e0fd5e9889e1ccd702046ae3cc656

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
4b3bd2f408adba7e611547677b6b95f1

SHA1
d711d66fd34634deac1c782b2694797ef9ee3388

SHA256
1707a65450e2b9f0c985be84f991fb472f353a1bcfeab5356a240834539e6a9b

SHA512
e38498271880b8ae586d34fec597bfc2a9e0d35b7173ce5315b3ac3bd0da70e835642512ffc17551520e8f956dbf4d08fa38c0254ca9ca60f1a3ff074342b3e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

Filesize
77KB

MD5
94d322c28a7e5bb4a09d8827448b8cda

SHA1
4947578e9215608abfd6329d048df391cb6ba7d7

SHA256
13af8f130855bc02fcc118e6914cd77bcdcbf21e649504efe50982d497e6a926

SHA512
1a1ccd871a03c748d6c8d6371772ea5e90acaa7468a9bb7e9d2c63ef91153bb22aba509ef9d54541c7d0ecb72a0302b7e9f1fcc1382396a4c171aa5828b8468a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

Filesize
47KB

MD5
ab880b052391ffcc73b02440b0657049

SHA1
ae7b3227292f32726c111c655efcfafbb822ee77

SHA256
6e04643193c4332f9f7d2d3a95659c203de8f963eebda6c1923ec9006b8c99f3

SHA512
0308b3a63ea5cac3e162e144812084161e6192bb984221c0255b6ad40559f361db3838ffc6b6ccbfc48c554ada88b6801d5f13769a713be8e28c83d786b64dba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

Filesize
63KB

MD5
7a4879132d8699b216677ab5e2a661c2

SHA1
300315e63bded3fdda0ed87a075b7dd252fd3ae3

SHA256
b59f5b61ffc30e9ecacf8b3bf70712332781d8945a732ca6c5ce3c42fda6817a

SHA512
eac7be80d72ff69805dd35320872549baca9cecd97e8fe40c73404e85902db4b0ea0c752b71bdbe8169cfd9d0ccc12a767145c00eea3879871af44fcea325e8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

Filesize
74KB

MD5
ff3266b8e77c7e39add1a8fc6cbab5b3

SHA1
7a5afb828b75a5d92d8371558e3100ae118ab59d

SHA256
2bd5e04752eb54e97d6e99c8a7d7548ad89c746332af2b82abf0139e8713950e

SHA512
be32bd3ee4182abd6d1b410c8a061c8e0bbce8a8d438fc8f9cccae33eac765906966ed999ae4c13dd66c0c5779f08f472b36fb3ef953b546b054b815a00cebcc

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
a7fc5c97ad34a7134aaa9f5817f8e9ce

SHA1
9de5edae632aaf2dfe45f50f4a8f95a92f31f218

SHA256
c64d5d875ddc120a02f5a1ad4e1f4ee5dd60b83d89a573ec3b4247bf5eb2c5e1

SHA512
ba934f2a47be666260d2f025b382177ce0e31a6dd8869326277a8ae66e7f29148768305e76e700b22f2b78a6993886e08e0ad0568b440df2f8e22f74176fa509

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
afae6dc985b81897e2d65b2a503395c1

SHA1
9e653640ccaffc94078ca66fcceecc1c2ef2d03f

SHA256
7316714f172582fbfd1a912e96b1dd3b9d0bbb569b8d3c9f4c802d747ad261be

SHA512
a2f4c2ab0a812bf97854dabab71c480a847397d2b7a9cadaca6db73d475cff07ea5508168afca0efe3538a0fbe3f0267ec117db2855ac9e10eff539c34de384e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
8171a1ba05bc068cc44e9857370b8706

SHA1
9a3949f8ef650526d60f3ac8203fe9ed2c349a2f

SHA256
ecaf3f3cc09223b79623d74e37c268f4fd430423da543169dcf707cf30bac0db

SHA512
20b56efcf4f3594dc2fbb0bca52fc783b2aae8c8086682088a16e2546799c4f70c3afea0069e0cf4b2b9707820593e52bb6583362e88b6ff12b32d30d5adc7e2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
febbb5c2c009377f1faec937e6cd8d25

SHA1
09919bffc6f904d11ed0f395dfa3708f79eac1af

SHA256
b83c7cbba964899477862fc4e22abd1429d386b7a3f0476fa6f88372bcdbc0a8

SHA512
06c21070a60d2de10376e7f7c83f8c779e9c9674c2a6a9412ed4474fc0778eaf4411a9804ee3e174d97b5ab9ee051eeb55c21c9815882885510bc3c8e3a7bd48

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
967d53ca768a8aac82b87ab7df59e8c5

SHA1
3953ed8c63e3d402f66bb9eac33967faa5ada9ac

SHA256
bb05f755355f52c74140317cfd613a3b5e1ae4b84cc3d8198a9b3be283babcf5

SHA512
6249565ce6c283120872b561812c10fd19628b69c4d42b2bf5a4dd3776fe14d4a6626efd99251796f6d0ccbec3c25f4ffaeeef612110a1a8a01e192129fbe01b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8e26bd95a3b0434a63b79f4c35be4d31

SHA1
4ff0e89c8fd70a65701a1e4ebf933075946163dc

SHA256
e8ca358d18236dfe41e80214e317d8c7340d042a7d1853661d50240d07af0f4b

SHA512
e3527d57a59ed98004425428f3473b36d82349523aa924bd3e2827bea4959fcc435cc2996caee767cb0966682c17db6dbd94383df50cb7ba14a31f27148b32aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
2c26fa04b0b215c70a00106f363b603a

SHA1
40863009db6024bf54b8023a301740f8c9cb15a5

SHA256
cbc80c9f157300be36cfc072592fa0fe556373f39ae082c6dbfa3760f7c8e832

SHA512
209c57f57c58ac8a84cf7ea150bced9019499f85daf2a642b6916510df409b5255ba4d133821a15226632d459e28b7e3fb38c30f4d02b74d1a193e050596b0e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
f430a9d8ab79da7d2cb924a7a8a61f4b

SHA1
777248464a0f08a070cb8c512d1cc4a12aa0c651

SHA256
29bcf4983e1cfb54268aadb2c8302393160f80a6c752b79eb5395c8d8cdf6a76

SHA512
2a6aa6453e1ed59ded53a5d4120555df459d7d6ba799a20db00dee45fbad0cd50d3067bc525e8e3e2518abdf3b8df8b80dc43ecfc44eaf8810d6e57ef7fa71a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
dd916963b284650db1f4b289389da1e0

SHA1
06868e911f32c756f3df2dc47d21c5c9d98cf4c4

SHA256
60e2203edc4f69bf0bc62b23ac010def83a201c8e68746b9bc5d5fde7f1f792b

SHA512
36d6ed263c21368f27458334f5ac9567ea0241658679fad71c47e25de44871d96796fe1663746067225a3cf0dd34e6e26adb5abd8f4e915197e55ea96b038e3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
7be0dff662d72f8fec16abd393308198

SHA1
777a4852f7e59246ed273cf5e382e2bf8464f6a0

SHA256
222d5251e99c2660a31275ce9fe153c2ceb225016596f537bdf4d1f67eaaa6e4

SHA512
e8c6494d2dc2cc93977d0e3e658d11e99b4c76d2d32bf64c85406a5f1269fda8b580b785c9aeeab08cabc1a0bf13f5b6f2e83379a35f2b37bb80672a979d77c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
e2ec8a4496f6db836e2446ca670bb0a9

SHA1
a360ba970248520f02ef1a0de293412eea5da87f

SHA256
66b23aa4dca93702f7b00cf5c4013b81256c958253a21bc3c28ba65d4ba3f2d0

SHA512
e3fdcc35f9bcf4dbb6671efbeea47c355564aaa15e379ab2afb857f21ac450d132ee064c4d50595cd0d1de0c53a5774573368d41d34526c4e08ab6db00191939

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
273aa9ac67bdc7d76253fa5bca587de6

SHA1
b804f7860cb2a8d994bfb3ec1ccdf0a7a2b7662b

SHA256
84caf0349836b9d0a6eff7f2fdc608771850b69bfc6bbc6421940d638e22c58b

SHA512
925a8de2fb62d0f2528cc8eba68bb1fd64045e70340b34d10f4dc6e728d3a57c9b501f8c4683035f839f1d528e58177f83980c17b18241300060ca88a558df18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5e7600715eb433dc9c286b7b4474c701

SHA1
88b76c1f14a92b5a1068fa94a78f1be82f46839a

SHA256
427cc4b2169870d01ead4bc3cf6ed4477576ef2991be453ceed3aae325d38b85

SHA512
2d43dda45765726db9bc09930901eb181e12d09ab78f4fca953d1b690a348c51ff3b9691fc1513fd48c053cd758f7d24c55c635e462a504cf64d36a625e537b5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
09e10fd026ce4d79b29e16d189430be1

SHA1
b69e6421be87d7e03c5c19fce5b4bd6c10c1a0d5

SHA256
1e0d03f5126a1bc680110c79a4bf21ed98bc153def8c5a410507cb3f0aa9a166

SHA512
bf1ec7914ce37e72f0f868b858e513b747589c7fc8063afe598fdd64a1996584d01fd937de6e73d2ccbab1666921c5cd32fec5d6e57dd506fd41309402725f25

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ae3f6a18eda14e291261e533afe24825

SHA1
8750fdf2eb2bc3aef6522ceacbdfd5f5c59978fe

SHA256
0304c8f2cf8e9b736e03fe67c46af9d3b96d234b7fcfd4da128986a84ce409db

SHA512
e43e3e1e1af492f27e03e6322273261a54813900460212a62e7f03bcf815f5fd66bf6271d1f50094a17e82d0e88577b498b46ca1acf7e89f0d6b205ab4e1e6e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ea8036850a1599907dbb0ea8ff41a96d

SHA1
696d47b0edfe76da29b5c8fc3f71f50ca00f9e59

SHA256
b3098efa8b167770d49a2b534c3514719e8e037834192757ae6b1b9e4f166297

SHA512
b0c3733fcaf97e5d29e76e162fff2306d298715baf095aa0c72e1d99b2c5322e2d866b48c400f156aa0576fd7e08391e51fec90dd50e9e7dbf12520baf582244

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
389eab711bd4755758fd4fbb1f9a635e

SHA1
393abc0cb3c5e47ac9319b71293664eeed6cc408

SHA256
c5508320f07d5cfd4c453cb92a21b79bb86cd8d00ff80c2e69335ce96aafcb55

SHA512
e82bd0d082a01a886d78cdcc41a0c04281bc85382b2970dfe855e8cb8c9b1d268c8b50ba9a11d8889984d8388f76dce955869c29f0b57c25d46b5b333e9df56a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
d526b96f361218b1b9da738e0a5bcf3b

SHA1
c6a110fe864c8b78163d9fc190fa92956d9c08a5

SHA256
935f4fc13f30e004ec84c9dd30b82028bc27bc1266e76d53b2f111dc32496fad

SHA512
8695fff46dc02149d4f2bde221bcb707b632f0165fcc7fb202feb49cc051c3f7cc729ae3f33e4d218cf2a9e5a608069aafff27ec06e04796398fc3700c0303c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
4cd90b74138bb4ba2ca3a2e9cdb5c8e2

SHA1
fc4f9ccd15bbe592adde0671c5c072b8bcb18275

SHA256
095ad1a279f24182ee9421e36e0db7bf9cf46a76ed7502250784b047a3e05f58

SHA512
97d987cb8c1ac74c14dc3c1dcdeef01ac07189d300182b3dc5d33664cecd61d52b45052b7410e99c5f659ee0b302f0afa189d6a17d20a15d4bf67fbddc7ae3c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
620e5014e6a039b240899d536c7601fd

SHA1
6d023a7123b57f07d4d430b4462340b6b3d51e1c

SHA256
545c0f7a6130988e867a0439a11d0331f0e663c58b0a5059af0d3b540d4b7c38

SHA512
1fc132efee95cb95afe5b2ea4c4c412d7152f41dd703a88f52a8424e67a8012d9248dd59ce61176daeb9aaf0eb8b7382c7a153839540113d448417e05ea45848

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
ff531ba553155223b1e943850fbd8237

SHA1
3f9e2c5571749de4d2c9692823970b35cb5f9cb5

SHA256
03788d6ba7adc0bfbab8a35057bc4b52d0888f1c0c93f02347c4faf3177cba0b

SHA512
91da2a4dc15c494000754b5203b273bf4ad944b21ed92378feca51173dc9706527d0fdfc46d59ab8d90de127a4de62fe83a0790cd3083e35e311c23d28f7cb47

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
282f280fdd3d369c34ff81fac32104c3

SHA1
1f15834ff80884ab9f71eac00141c389fb8e2364

SHA256
870bd9f9b5b869079961a21f3b62cfca24dc8122f00bf8e1a3e9541092273f45

SHA512
0856a005a86f0b9165b4754691487cae062674feefff005b35e6582e989709d510798b430d49bd2f8d664ea5f9f6261e741ace50e81767a7aebd32686c93f2da

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
b47d6ccdab2f7255ec36d303a856677c

SHA1
9af21380847770c428d4d06f42e716d6cab98035

SHA256
2ab35de4c9524a7393f901f469fa3c50a9ec707f25a75151e96487e2f599f039

SHA512
6505721ecd9f2e8985afce8072b33015d6651a31b3aef4698c39b93a87d15bf4ef3f219d230fde83247b9bb36a3a2ab6a821bd05d1c6e45d0a58121049f4ea0c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ce7edb3a3ce870e86fa238933192fe9c

SHA1
e35914aa62de37a2a543b75ada9709268c0a6e5f

SHA256
df30853c9313b2f603fde94d5362155a205a60fc5ae00f2f78183f1ac2af99e5

SHA512
99e29102d204d57b4ea7d656a590b19ad9796086082a00e78086e70b9dd955c2239f4c09094615d6932f2cad5f789b31cc599598b257d2b1dad57d9ea5c97478

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
54cc15821db5883209f75d1145301d8d

SHA1
d33ea9344b1b810cc8d88809aa4020b627764d92

SHA256
b8d1c9ab210cf34d4c62f063b6396441e7e70d16a1f7693e1d60b652ce49906b

SHA512
e44368171a8579125f564c03238ee38f7de466e4879149607f977b7d9ab45ad5fe5510b5234dddb346bd973fdb3a5ae475aefb6235872cb5d64cf5e2424d502b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
308522e41eb5e4565a6a41c08e4c1a22

SHA1
e3c417bd363a0004189310cdd49d583e0be9e27f

SHA256
e92d6a4ca9688c6b702c7adba4c7397c35b65e55cdde47cee73d3ffe911b987f

SHA512
8e1e5d71f8232fa4101b250f41d43e02a5328f83c7a6a0ffe7d5b0730b227dfd1a50e8d2580941bea814303d675d428df7f706799c4c225c7365f835b030b13d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
49eb47170020193dde4412ae2ad25c8b

SHA1
1661e13e6530ab9660d618452211c5caea810881

SHA256
5e2b365bae1381007273fa5e046b1ba52614a7fbd3f04c67c1b1ed3d1c3de0bf

SHA512
024dd32941c5a7d09592b0f563147d298c73d55c404f2be3ad2ada78cf433fe1b1f2851b72b01763ba3dcdbb293c67b70d8f44b2a9bb1c2e8df07d478a38e854

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
c6c869eda430ecab3266b679e698a6c3

SHA1
685a5f964fc241894e45d97243aede9e8cac0d12

SHA256
76b80f0c6f41045c9d6dbd9155e43ab044754c5f169b8e53d1951169216a82cd

SHA512
d59eeaba6901ec1c0a2af1b5ca37ab335c8f6b34b1ee92e3a538eddeed500b00d646b292be21d3c202c4c44e630ca20209b662955d25bed7eb49810afeacbe3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
585dd05037adc978250fd9ff61f04864

SHA1
6fe4a28bd045c286add556e766f9d134194340e8

SHA256
d140dfaa4012542788877f8f953a45a70cc4518bf5552e2e6ee126afb0de2818

SHA512
787da32d11733f6b2ea427cde0041a306ca008ae0f608390f168d5f11f9cbb7fee4303641a4dd3931754ab98fbd9586d7d1037ec76574ce6ca73271dc91e054d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
f8968b6a54485119f2c9f81fc25f9bb1

SHA1
871a67750a954ae5944e15a3423282db275d2398

SHA256
0fe769e71524dedf521c12371a3e459bb0ae815cd9e479fac1a6910e56bc0bc5

SHA512
58ee8c0b004c454c5ebaa7b6fc9b18437b7e4ca0cec280b25d796fc5c88bf1ea4e8f10463248c2303ad0edb34899f1296cf898bfeb225bf1171b637ac50e1431

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
56aca127e754ffb2344e4ee234167204

SHA1
ac523a5b6c2d7dd96d0496b7df3ecf2fae88493d

SHA256
4323695eff93f3f7c369ed16d096f863bb1e8b7c287a84190b9ebdac0cfe3af4

SHA512
ef6d3bcd87d5fb0feae6168a46aac6cee7a320d317b11da2438a56e2295709385b19aa37fbdc7c0ca485d1d802572ffebb74f36856ac513b5a5705a41da33df2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
22cbcf395ad440b0b49e69787111f793

SHA1
3ccd4c396e6c5214d9e73b598db3c1c0a573e52d

SHA256
6831b2706a31d314de05060f7062554e51502615132ae60c3b8798453b05c04d

SHA512
b9078cda9a9c9f7c7da20c23349cd4d939b6709800bbd7c9e56929f0466c936ec742363743c476400fe0e8e7558cc9260f255e4dbc0c06cabd041315bdf2f3d7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
13850d652688671004cd62cdc8b8d24e

SHA1
aa45061f68b04e7e3be6967abd8da77abad8a764

SHA256
cfe8f22f09792715cbddf164a17dd2b97a620b1a84ff480476e22fac256dc2e4

SHA512
3ac1fe950c021a992cf57b2740016280a9b20c1c57325ace5dfbda5c9fcd40d85ae2c6c7f6e72f28902ed4fd79f74bba4a9ee8a9ce90a8b179137a6846e05a41

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
49adee2fcd6696743b9f3f524dbb37a0

SHA1
5eb1e63aeeea5e4bb848c19dbae10a3af53e1684

SHA256
a84fc2a10391281e2c895692bc8b9482f5bfbe78c95f71439bca5df43c537b16

SHA512
94b091ee78147396bb410903641e741dd18cb9e2b0ab5a8bd0d8a8fee2bf1991d03fab4427d286f52fd9e6317081d14210512f537ec015d4bb8811e72d823d75

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
5cc0e5150a084d0cdc844a30e58ae5e8

SHA1
ec47330c166f69cda88c7e95e2454eb226e9354d

SHA256
48085b55835e7cc92b3fb1c1a83388034ed6f7cc0848465f23072402f65dd591

SHA512
60655260a2686f84f303de73b4a60d4e9c2ef563ae8113336830ac5ad78cb877c301ea4befc6f9c2b3fe579bfee85da531cbf74d98018ffb724c1e07367855e6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
19b1b231088443b4418e4b1eb6b34404

SHA1
4a41f381fb57dd9654f192141db8343a2817978f

SHA256
0b076541b70084d2acb9618605ca5c7fb2c2b7eacc22a7f69b94eb95bf92c444

SHA512
7c09019a9e7f40594a2361e24333484e6cc8d6af4e822bba2060d96e9a2b1248beec25ec84cb5d1e18c7c0856839a101a360917f9226fd6d80c361a616564d35

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
fb91836ff0b52dcec3e77af368339870

SHA1
a4dc5db1c16099e109c926c7665acbae8aa3c8c3

SHA256
3d8ea7f4dfe0a52443a11abca7b12413d1eb71a87cf3b1108504e2b8f5eab2ef

SHA512
11644db8038cbaa2bb4957a96e922c984f9cee5cddca4e769dc79871c0df6daab02aa4e0740b4fc51c495c051e760a9cbb8cea72890df50702a42218b2bcfb42

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
c9ba0fc8c78e88d81bb9be5d79ad59ec

SHA1
e45bd4570b19dcf438c3df4a0dcaa36ff086ace4

SHA256
2f1010abdd5a5996dd9bf5b49ec2e4a58f0f563ee79cab6503aee58825876886

SHA512
6d725b6d0abc9199319eada3e14d2cdb2088e69d0a2d6bee1dc95c721028bd4de6de3ffd3d5d8f0ade83262e7179361a18fc84537ff5e543f2884ed3536162a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
9ccb1f3cabbcf99fcbe837aa85fcbd56

SHA1
7d00b5c9271c461e43c8fd35f03b43f8dc66ba85

SHA256
b7449d101bc9ebd0949a85deda2c3eb5423d34bb947bff426478ed639f04c420

SHA512
6d2cc0a22be6a935a5e82864b39b3e6931c6b7c9ff486dc564478695badae71a5a2c72a347d719283da5c88dcae3fbac0fc3b15a9fd8ca03f2d5c0f2b0a2233b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
528d03f30a4306a66019a45607c557c7

SHA1
e435284428a2432bdcde6488be6898bfd379b681

SHA256
63b8a0519a39d1850b14cb680a19a9e2aceb0f22a77a90fdfe45b201a7685411

SHA512
49a98ab7086365a1c99e56f358ae6b65218d9507ebd56ddbfdc93e55ef12fd53cacd461bf343c9a2cade3019bdb47e7976b6d301640e5834e89c6cab920dd55d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
f263e5542c8e964fe207d3054dfeb5c7

SHA1
fb2ee84c0d19ec6851b83bfdaa52ff7ec9a65d51

SHA256
a6d50333882d085b76bbd694cfa695c7989242963bb8e0a188bc9902e43a7c92

SHA512
5d38797dcb4e57cc86456ec0e86b9f1f1be20468be870cce9b793105eeff85a6d573e886a269b2bcdb7a6add4ae986c31a973d7ad981d79d00f37d02ae6d7509

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
b1799ab441a1ceb59d52403c9f8dc2d7

SHA1
4d7ec1b9a53a6d8f6c7591808144a4a680722b68

SHA256
3fb67417a6c131092c4b79b32f1346ac18130de06b11ebb2ec0f3b78100c7f95

SHA512
d8f907ad3f663f6a4dcac6ebbb4e9009375ab265fa23de2a9f5bec3e81c7f54a9115811dacfabd4747430c855a0d223b5907352f9aead7bdeca7918ba0d199f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
85a4f533ba68c1bb2cb9ca57f828bdac

SHA1
ffe75f4c54d4e92a7bf7181adaf4b7eceb0621b9

SHA256
2bc47edb5701bcc2fa6882eb9c8c313383569bfcf9c3a3f5edbb8783fbe34038

SHA512
2a376fc10bd1cb2b614f48014630d56550f9c249a22391f193369a5efb0a596a62218bf028979b059931fd545957ec5ea006e8e46df24ded59567de1095e0b18

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
d82811552320e3f9603991762d0d7197

SHA1
8402f1d86a885375d7715bbfe99cf1423e499259

SHA256
214a1431290cdf68980fe32d51056f2ec3df42bf989b6da62666ab15a825a270

SHA512
ae5f17fd8731db25d6b34b5463247b64278fbfd96d85a468f4b757a02756fc709c668150b0c210e6569814c6e50df6469ddc644b3975a15476ba0d3c30eba174

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
ac181584500c69c1b7662ad9c5adb28d

SHA1
e34c83bab8c6f0a80b0b48624a086e13a50a93d6

SHA256
43aec30085dbb054a284257daf2415cf5e4cd7b7f20211cbc36f29f8a8099217

SHA512
38b4c2940b907570fd203a448ed19f8e09f0d73a0927648652862b661a6f9ee79fccb1772829679c020a1acce2f3a49aaad00ef23582aedc58adb4f316557afc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
664c531d02a46132c81056581aa7c812

SHA1
841d3ba562eaf4baf9ddcba326f039cd48297ade

SHA256
a04c17a3cf9023e9c1e7ac4abc53368ab0b5e028c2afac36d4175f0a52c22b3e

SHA512
9073351e71d22a4f61c493c2196bf498330facbf211c7b4805a5ab4814646b373f630ac5186994794f2c1d14eb19006bbbc871971477bb4b67941bf9c869fb18

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
a0f15902c6ec20aa26d53418f53a2cfb

SHA1
98299319e3af969001ec3593e5ea4e6b2875240a

SHA256
5ebbb445f87dd5065f47c1e8326bdb0d53a7da82742e1b40e084032353fbc757

SHA512
1e4471c6bfd5d44497af23545793b8689ae33ded3b8c0dd8883f0f16efa05e09e2791163b78e8fd47f40cbff89c0a4b36fb25f5ff99febd7aba8767a878f79ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f862ed4a320caeb0d973aa4660a64451

SHA1
ad00e52324781b9d01ee18550d31201bf757d09c

SHA256
09697316400807f5c275329bce4ce7b85860eb1537e8d61aec8a286fc1045c1e

SHA512
ba65df658fc22bca450e7d5689029f2484d5bacd89a00d09c26cad38a750fb616dfd4572cd0ac92c504c246fd38d16893749b1348921e4c56cc1ad7bc0abcae6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
105782720f97cdd58822af80bb107592

SHA1
e8cbc0568c0a2b28e6eaa7b223a3917d97af6432

SHA256
07061e477e4625168cf753d5f37f6662f363d7d1c4f8546fc4848c8eeb5418b9

SHA512
fc36f1a8cd7ddc865ef183d62c1f0ea0806514264a7f08c9d89150d1ebd43bcd2fd33b63f6968d53604aaaca4e6331118f6fe68650f15fe41af5f838328564de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
bfb7a0886e078ff06697324fa8f51ed0

SHA1
d487ea97a895cd6121d9ba001f7eee944adbd42b

SHA256
aeb335a7f9d3014d7f55e88c41e14cea0e65e2faee9333b40ec9e7f9aefec292

SHA512
a6e4a898e7d8ab80aed8841d197d77ee310e7601977c145c11d57aff425b1d683cea77071eba928ccb3ac64b841a36b856a573727c3d26b59066ed281a5f5ddd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
f80caeea6c2955d188866e6257927514

SHA1
3c7b79af4f9d9715dd2db0cd4f062e0f902857a9

SHA256
ba7093c9b38390b622e473a286bb7f3e92cf53fa3e6580e80a30f97b4377131c

SHA512
8084d55c2772c9800c56dfa96f5c578700ea8f3f811f02cdcb67d04095f822e46095f7ef6c5e8f1b14ed889fd8940e760832a1288040695b05a8a4c6e780009b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ca2d78cb0e4c537adc347a85a7903eea

SHA1
4b074eac78f699a9d52f1b0d7195a87110dc921c

SHA256
195e4af18444bf8ccf3fb3cb6920206217f1028a659e6c062b32f1ea2f2d754c

SHA512
6eda4e6272b7fa8f8541846506634a34fb5465e2c97670a0d97324006424e1e9bdb10099925bc71dbb110022eee5271dbb1522dc8b1fb2f59111f3b671479ecd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
735b0aeb91ccd9d43b7a1eb8d8948c4e

SHA1
69fd89c30decdb04aff536fd787363e00dec2cd5

SHA256
660a9e8806f1f117f6595c124a269929a1e61f0ec2641703ce727df37e8cc0c1

SHA512
a99a9861e7768bbead11f6283e9c9f10845597769cbb7e89c8148cad553f872ad44be8cc1a0f0bfbfc0172f6becdada3c7970be17db44cbde3eeb0910008eefd

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
167496bade1033f10109e4a4b805d0d6

SHA1
a8be19d884d5a602bc64f7f487259248745133c5

SHA256
aadc69572e93003b4d69e1598ac60f0353e429914191d657c3fb889436119c1f

SHA512
9c1641988260b82017c03a7d4811b063ef596c642d129464394dd2ce46ee73e671334cc93852f55f5b173bed92e2d2d431587c8bcf264c6946c91ddc5828e396

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
0ca3c795e80052cc2d61cc3e4cfbb4d5

SHA1
b5d2642112ae2b550ad970e83a9f8048bfe0e3e3

SHA256
e1daac20873d9e6fa342e3f0683922a3f7448c9f479d6552ad40a9164478ee26

SHA512
db181898d74ae3a2c65f77755d559d57f03eaba19d2af603df9ec7a41ca4a9aa794983441cacebd233cbe2f8ce8ab6b836885035dd6c3ad0a1b28ccf3ce64a38

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
413291301e1812b483a346f8d06f9d76

SHA1
53abbf518e3e7e00f893dc1cb9a6b7a54e36b580

SHA256
98965bfbc1e220f96c93fc48810ce37c7628d42dd30c365a57333a1ab2f810d4

SHA512
d383376dfe5aa0239754411054f05ff383071040bad928c31d5b9cbf55741b446fdd4c5a5d613fee348f39f57e1e5564ef45320e76145672bf1a69896896e46b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
0c8df60504b14f9b4821bd8aca3a4f7c

SHA1
3dd6ef652e018fc7bc40bb987fd41000ea0ca849

SHA256
8c5385a90053e82a02902b417f7d379b32b947c90a78414788312fb3a05f5fb0

SHA512
7df06091f42c940c4db7c3f534a8f0ce6d05d5e3c8cad0de4028fe8e29640beb5c4fe65e3b3457538f072cb93d710297f282d451d1ba1b1c0faa07cd8658cb45

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d0a7e7e2bb900654651f54f38798de73

SHA1
465ab3a506d6747755322797ae94378276456919

SHA256
542cd1dd5ac36b6319035ec04c7ef9dbde0b15aec6cbd9e3b4b0611f72fa408b

SHA512
aaefa7c87eb72c82dbd88d23a86bc1612a3fe242818b36de0fff35de5cc0560fbfbe90acb9ba351509df4bcd69223726143fcebe898f8df86f350428160ea752

Download Submit
memory/2104-10989-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-5543-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-9962-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-11306-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-11329-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-5538-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-11334-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2104-11335-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download