xorist | 7f645dda20bcf6daebcb766087752ec445b174956def5406fcc46268c06ed49b

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Size

7KB
MD5

3f171bd7c1341c99b216622fe6cddd70
SHA1

fc657e65b0434e8e2ef890498b1288dbcdc0f637
SHA256

7f645dda20bcf6daebcb766087752ec445b174956def5406fcc46268c06ed49b
SHA512

14af5391fb893195b53ff9772ed843d2a0b2b107a382dca485fe5234e0c0173b66cb2c21106b3cbffeb54c7faa92f172294813188d5306762675e5c081f7e5e4
SSDEEP

96:lZZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExOx9hGazTLIQi9TAn/MB:jzdrr1FG1WDCgmjPZOxT1Tlgkn/MUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3204-6612-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-6611-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-10778-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-10902-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-11217-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-11222-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3204-11223-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe"	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_1183fd0f13045f2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_9be5ff0f15b15eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_fefc1160d15aa667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_2afbe7d3ad20f42a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3204-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-6612-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-6611-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-10778-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-10902-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-11217-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-11222-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3204-11223-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-150.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsLargeTile.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-48.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-400.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\IncomingCallBrandingImage.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\82.jpg	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-30_altform-lightunplated.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Package_Light.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-fullcolor.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_Package.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36_altform-unplated_contrast-white.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare71x71Logo.scale-100_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Success.jpg	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailMediumTile.scale-125.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-400.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNG	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-150.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-125.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-150.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-200_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-24_altform-lightunplated.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-16_contrast-white.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-150.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\MedTile.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-150.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentDesktop_144x56.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..inkingtypingprivacy_31bf3856ad364e35_10.0.19041.789_none_8449eb3c2aa9b8d3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_de-de_00c0adfd23657a2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netvchannel.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_24acce325c4dbbe5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-inputswitch_31bf3856ad364e35_10.0.19041.1_none_a652c259d4b23766\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdpsvc.resources_31bf3856ad364e35_10.0.19041.1_es-es_ac72f7d1ebcc72e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\Square150x150Logo.scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_10.0.19041.572_none_f5171f83e5099b12\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_10.0.19041.388_en-us_3b9e163a021f3ac3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_428f153d374a9fce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-gaming-input-winrt.resources_31bf3856ad364e35_10.0.19041.1_en-us_c5e8f04350d9d967\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_c43cc6bff54f38a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..namespace.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd1bb194fd938e1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_8956a7c3a5a75e8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..ncontroller-library_31bf3856ad364e35_10.0.19041.264_none_90ba872b37ccf2cd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\WideTile.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w32time-adm_31bf3856ad364e35_10.0.19041.1_none_d2d74a76e3d190a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_prnms003.inf_31bf3856ad364e35_10.0.19041.264_none_f47802fda1463635\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1c70b8da70bbdf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-system-userprofile_31bf3856ad364e35_10.0.19041.153_none_8e6b702160866b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..e_runtime.resources_31bf3856ad364e35_10.0.19041.1_it-it_35eb0160d757cc2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_sensorsservicedriver.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_cc6718e73dc1d075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3fb0a8e4c7d8fb21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d7000e392960c113\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_18a619ea3b54e730\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_bb77f035b622af7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-virtualcameramanager_31bf3856ad364e35_10.0.19041.1_none_b6ff03a2d66dd163\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-coreshellapi_31bf3856ad364e35_10.0.19041.153_none_c5d8cff48405ddd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_10.0.19041.746_none_a5751a882524bee1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_10.0.19041.1_es-es_4276252934479e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\SendPhone.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.610_none_afaadb8f0b8a9278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rymanager-utilities_31bf3856ad364e35_10.0.19041.1266_none_e79a9b2a119444ae\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..pplatform.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cd46efea037369e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..g-printticket-win32_31bf3856ad364e35_10.0.19041.746_none_f153f37bfdfe3ae6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5b490fbe94bb7c04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo150x150.scale-100.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpdmtphw.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_69f98d0d8cbee220\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b59f0a9deddecf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-48_altform-unplated.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\Prefetch\ReadyBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-white_scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..datautils.resources_31bf3856ad364e35_10.0.19041.1_it-it_e44b9bbc6482bc1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx35linq-system.addin.contract_31bf3856ad364e35_10.0.19041.1_none_81cd8f3f2443706b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_10.0.19041.1288_none_23aa03725ec9354a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bc96b4ae7b398def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-virtualcameramanager_31bf3856ad364e35_10.0.19041.746_none_df0740eb95df8fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ntservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_3916a49b48bd5d9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ntication.resources_31bf3856ad364e35_10.0.19041.1_de-de_b072f1de17d291d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..states-english-main_31bf3856ad364e35_10.0.19041.1_none_61f05777503fd472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_10.0.19041.1_none_0f290b062a372133\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-aphostclient_31bf3856ad364e35_10.0.19041.746_none_0b2a039ed99deca5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msftedit_31bf3856ad364e35_10.0.19041.153_none_b3bc67a4960bb2bb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_th-th_f2f43c5dd18ddc99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SplashScreen.scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_it-it_9891333a417b36ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..xtensions.resources_31bf3856ad364e35_10.0.19041.1_en-us_18c4a33dc8ebf6aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..japanese-prediction_31bf3856ad364e35_10.0.19041.844_none_5d59c527a509e471\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Generic.Theme-Light_Scale-200.png	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_0bc0c6751faa809f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.0.19041.1_it-it_4222b0656f07eb0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.0.19041.1_none_083e5b98dec1caf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe,0"	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZRBFRVKEZVNQLDH"	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\ = "CRYPTED!"	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\DefaultIcon	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\jgd5P9HlCkDJpaP.exe"	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZRBFRVKEZVNQLDH\shell\open	3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f171bd7c1341c99b216622fe6cddd70_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4021436cae20c035238f2242c27144d3

SHA1
e38b4e63ca3cfa3a68a51074500598cdbe98f03d

SHA256
9370fb758c5226148ef38c94aee267e4ac8ea2e9ba51fe6ab3c2bd05ca69bdd0

SHA512
2dd6020907f0e711213a2f45b6d0b703c2567d137c76bbd261da2459d5cef15a0d8678308983285029fb68f96c373118bad945e8e4c80985ffe2949684ca47f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4adaa5e4f4bc60f30dd7eb99204ba3e9

SHA1
53268c76d71a724688e8f0919c24f7484531c6c3

SHA256
45a44da3fe1a055ff7176beed7dac3ee059cf7e6d2b9ae447c0d192bc5a02de4

SHA512
a2cfeebc7a7193bc9d3f8c0c077e88ad77e34e07d03c8f9904642b8200d89cad9557fd9dab462bbbd9ff5ad1e5d0e3abd07ec46d5797683f158dce30f8acc596

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6cf0437c6bf964e373ec948525c180c9

SHA1
cbe8d2bc5d7d6d377a81a62db2c91dd002b58200

SHA256
09d983bf717abfa433544287707fa395366bb5af3ffe1591132f3d11f8598d29

SHA512
f45d5301785c391e06227b7756350a2966ba5e36e5bfef5597baa5e2b12b038c2a92a72057a16c0c7377f4949dd5b221e90380ffa7e9ef886b7ba72976c580b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
289373985945cbbdc6b26b0159445fc6

SHA1
1df88806157f5e12bfdc2e8d9a292cb23bec2abd

SHA256
a93b4bb2958f5760fc006e8d5b7b4bd098b7e2efc18ceef13dd982090b44cc64

SHA512
d658c4b98a3b265210bd09f3169944c4a75704510568c87abee022a26d91792fcee2b7b1defc810990737497f29de7b7bdffd2f156d1999cbf49415fc24a3670

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
a602a95ebee9001cf3958af6af9c8423

SHA1
d86325234b100afc13df844ba21124c56ab2eceb

SHA256
4ee80a4b34d533eaff295b11b636e18f357a76df3faabd91d670c707b7ac4ff3

SHA512
dd78ccf725ae48334dfcdabd905ba5ba156226ec78f5facf3d29614038b9daeed8eabee9b97693df8cf9d7bf7775d2262407e756a266a3729abeba9fb1b87d9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
f65fdf74bccfe8e43d4447a033d2965c

SHA1
dc1ea3e59f74bd2fe1dd9e213f7b2be4796e70d7

SHA256
bf17f6ab0481bdc820dbfdd2a4803a7f392c5920bc3d4c500ae56b4254501833

SHA512
74e99b8db291d28572a59cb4ae1dcd44ba5e240bae710673cebf65fe031a6831b31c780bd964248169ef741c0023c2b2966815704d32a03f9bb4f1cdbe869f57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
1644e6db421da5af2dff31df7411f9d7

SHA1
109f6529470ce8a21e8f34f23dd197140fa2045e

SHA256
1a79d0b270743db24018b643c2b1dc60b71c3d73e2d0523fb2936858ace55f41

SHA512
a25a321a150f7a9c3c67e96165dc051d420fe09bba699ac1068e2da6628a1e57c26c3d58d7e5100acf033656656be265318a8c4e7024fb367467a73bd91fee99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
aee60c26294892d908e8caaa8ac8bec3

SHA1
93bef836b3517e64df5231c15cdeccbe85559b28

SHA256
5d0b1337f934ae560073f134b441bef5856ed159240551c3ead0fab062683542

SHA512
4b821087fb5fb33b401338c624a8c5df3ad466e56d25d67e9e2c09ea3caff0e2fb1d33ca51db9f84721dc248bafca32092113baad739f7d3c4d7957bd7e88a54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
47b04a79b43a1439307aacd762364605

SHA1
71d8ad58c8a5f93524a53ec680adcb1c106472e2

SHA256
0b51ea17b2b9ed631dd1c19fad84fcbdfacde40dca202f406ded3c519bdd7831

SHA512
51edff62fd8fc7f3a100668df83d1c4ddb89875270cb5dfe9699a737150988e54af671d4f9b001560979bce4b895d8fa7338b546f647dde59763f9709c6a08f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
8b1f8f68335fdd33b5b5576e5feb9a28

SHA1
38cdbf2b6743fc321c7b194694b60950d4acb8c9

SHA256
4d51211abb5dc290e92898587cfd8a7ad53e4dbacb3fc2bf5a3271df41fa7c48

SHA512
506962538e28309e37ed173e3ad4f89f84f6ecd497707db334e62c3c092d9ee422c83bc4177e3489c02d6c5bdcf84c9df5167d88a89e09f437c9ff4d659825ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
464572248b3eb7eda348d73267da5bd6

SHA1
26b6a40d14565d9b1cd65317a86e487994b6514c

SHA256
84140707ad10dc13da92dc6780ca9dab5ecccc3c7fbee225b332d9f33525ad65

SHA512
16db3ad88e779f7fb8b60bff1733ec5eef466132efd1e7927c91c0a9fe2c5ff0da516f40df13d7a108a6dbf27a01645f414baa0d362b025b5eec3f276da64632

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ddd656362c804899d0373d668e92b19a

SHA1
e75434ba0d112ee3ba6dafbd6fdec8edc606594b

SHA256
0c9ec6e36fefbc7ce1f612ae20319592e13fe7afaabdd25ef396ad63f958d009

SHA512
3b9c7d1e6eb61b108d3f12fae59dfd7c2787484e907a2086520b4c9dd001b045a668080be73156f7a6989c0f696846b03dc3783be98ab890a58dd3fb53d0ba0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2a9728c48e4bb996e5d002d30c7a53ab

SHA1
21195a4b9a3696b49c6e9719da851bd051c09cff

SHA256
6eb9f5c31f1d522d65dff6aca82287548df2b7f65513651abfd5349c37dda297

SHA512
7fbbf4b873b51bf26b370d5e816767483a49790bb4a27f01ebe3b569648ea948d22ed8b5ddaee9d9c997ac4b93fac46b614e2ef9c573caa2c3105daf3d10b20d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
078f02f33a644dc0375030b7e866da3c

SHA1
5a36c393d39876e925ddddf871deaf742890d386

SHA256
f6df9972bc37dd7274f9634ba2d09cee3cc3651f3ec8f1fa32d94a62d545a120

SHA512
9fd264562dd68dd52e875abbf37900f4cc4bbc090d4388658d31665014b8d99b2399bcf316f727e1a8e74315d2705cf1995d632246572afcc85cb7b2c5327ab1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
0b961d0f173ad6f2b2f506a87d71b744

SHA1
f68414f64db143abcfacfeecc3e770e7cdd33813

SHA256
4c14902ba57655fbffe4f431688aaeecd2344d05c15450efa59591158fc88071

SHA512
961094ee839fa71fef63b057a895528ddf1ce2697eca7e848c3ce18c5dd8c92ff7ef00f4e595bb3025ba66b95d4f51f95683e64f0b2675cff2396bcff1b6837e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
723e20882d0efa2de0e96e4cf0f34d39

SHA1
b1adebeb62f60b9d4503e705d41a97f4eef33c9a

SHA256
ebd83f73343f6239d7f515962cf052c9d319021811965fa1cbe4a59e9185e6a0

SHA512
beba486aa6ef3433ba798de3c7565abc51de772b8b0f1822e42798fce536fd9ce3431c2feaa98164a5f5e68c1a29d6cc63f0a05fde04e56c072c486235a268e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
cc96906133581746047a94e41becc1d0

SHA1
aa1a918c03469f5246f945d614df1bfb3e60d30c

SHA256
bb8b64874dfcd2b3de2e0ebbb34613893d32630fb1a7ea8b8563ef104a61e1b8

SHA512
cc29f682d41ee897b890eaa4da1cf194b4fb993ba17fca5f907da4b3f7e5ee2af7f94aa0c581fcc46a4e80578aba971e3fa7e568714dd2918dae2462ccf8e2f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
ba98cc4eda503ca10fd3d21cb10bf699

SHA1
3d5656765a0a776c27a4526690d0cf980698661d

SHA256
63f8ca458860ce13ed61278f43c6565164cce8ea9459f68032d26eebef5c43c8

SHA512
82df887ba201a9f925462d2c6f3a8fb3d0a14e69a0b8c720944444c8164b66e6e65b3c0f4dae8370cdb67cdcbe6ecd43d9de567b95e4ccf6cf29c33adeefb523

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
b4c091d543ead6f2b23547cd44fd4d06

SHA1
20446e6505aa76d765998276ae200b3248d95438

SHA256
350ad6b90db0226e9208c3b1f26315e56607c9031c133e58ae9606ca0a19d284

SHA512
c39166595bc08d287c26cedb05c3b92a721c344ec1cfedee46ade0a298c3044f1da8b4fafa23de559b62aa9daae6a05399fdee695404a55cc279c51a14d8ec1f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
06ebacfc8f0376bb0d6217da1a036eac

SHA1
e5a371ef21b0a8da00369545a3cd89ec72bc650c

SHA256
3a3265998b100753a4a198695057d704590de4d52384b0d7a8830882ff694d68

SHA512
5d7d2657866911e3ca5f1f432f6421bee1afd9c7b9213d4cc1b6c236e664e792cd9bb218445d0f143291e6e1fbb56859dd9a513bcf1339a71e5be637dff18c23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
b2914296f9aaf21a97fdc8ff9828c556

SHA1
7ce077cbff25c3d1decaaf21cae3596826ce9021

SHA256
8f2b4cad8559c47f2328d115c3da4c909e3008ac5ffbeaa77e8f5a0634b0e312

SHA512
dfdf08c934947344fd5dd70576f2bbc4d25924793e2cee20038b43be48cd4cd2ca86aee1b39849ac88ae6cfa624885fbe5b31e83547e1dff27c8177c7b868a7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
c929ca73482b8ef7cfbc913548b3bc8f

SHA1
fe41cf4e1a1e342d6ff9519fd392d59d17ccee82

SHA256
b81987a65c47561d9a060fdfe86d6fbe8609ae9822064b1234d45bc6b6113862

SHA512
9590b166ec7b727e370efb207d0a7036a79bc2313f3681b5196415224910657c001f859ebf13c693b06492e7073b389f986dd0fa30d145b636130d86374b2052

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
b3946d8d8821c749d21d13342a5b0d6f

SHA1
e8f0428d5c076264c6ef8beb73f1fd3fda36d327

SHA256
ddbf1f8079347a66efbb48af3e31a4fbf9c33a008dbca88a12a2b05b0637b35b

SHA512
812dc30ded1c9797aa97dafb4874d186563a23b081fc3700db312aa68c5fc6cead224aff943f2ce1d3125e75863af2f8376f9db56eb776c433ff0769fa98ea1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
e00c0bd960ec87985b05b95f2f425e1c

SHA1
3e834ef14193ee43857c3a1a22bc56f768fc3a2d

SHA256
30182d8cf93bf2d9ed41043df1d5993ba580b2387707eac2a05c6ec7e9194258

SHA512
173c5278d7072375096e166683b3fc2dc55a159ca4fa4d59fadd23bb93169b63819c0c27dcf91027c038a1dbcd6f2b70e2ee66a1899b995d78c3f9954060c028

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
acb0d8b30c0853188601ca53fe164cf7

SHA1
d2b0a6dd3f84990a496f6e088d60fcf9b150e87f

SHA256
634dd59eb3a4501c9d45e3f85e59b5e72583369b6f6fde1cb6bf3347697ea098

SHA512
abafabe068c33ff48142a4476887a8cb6abf9a069c3c7ab0bba53e6c21c5eefd505367056b8c774b6a1a2237d93caaeb97c7f7ef9b31bba410180c6887e39421

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
f33e4aa81b3d40d323d0d909f5cf9746

SHA1
42df72f02dbeee98a21788afd0fe307ba171ca50

SHA256
e6162299765679b12f9aa20438285f87fd0442c056907eccfddfed4722bae8f3

SHA512
fce005333aa3aa9201c8660f1398abc1c1f73f8ee1dd155cd6f63e9cd6df3733e4a26ebb22f449861ac9f6f0873905834f21b8cfef2d253ccf5238859f251b60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
cbcb3def9f2840d514e8de24f8f321fa

SHA1
42436a131a1d19468739f96f99c9e23a1a81cd58

SHA256
79003002448a10750900e4ea3618eec0d823a3f356c1dbd8ffa69f79c258bbeb

SHA512
fc16c433776a09ec9db36129cc5d5e2b2b5d40b8835d47e7aa48db569e2b2db7cbf9b7e6c9fcd25aa96b4692e3e2402eb3431892f2c9c8bd5e20f9e787de3eab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
31399c1415758bf125edc17231b4b705

SHA1
3776e9e0a0d520939dad4bdc270b1985401de68c

SHA256
b0780e559625580a2b62a37e8c4c0ed3d36086a79149f7b6d84fc70a48d79d8a

SHA512
abac4697f3706c885ed21e6eec77df7babdbeef79e6975d3e08f572386e19f544cac3d632a45d62c5e2bd595720c14fa67f29f4c0fa1a05e31511de9010882fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
4680cfca369053bcd5e67aab0d91529a

SHA1
6c1bc6ac397f68230ab0cb5b8ede8c97cbf0c630

SHA256
d20a84886320673c97a61cebb3312a66f2e058eddbe29f25218381e00d886b60

SHA512
ffa7884be5c0562f431f80663271588eaf5a34c3cd03d48c3083e68fa2b31fcf9fcd0d0339fb8cd56a06507c8163bbe68d5be31c7d13339f4b91cc3f1ba928b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.EnCiPhErEd

Filesize
1003B

MD5
d963edf3d35995fc086d30c732f2bc52

SHA1
63fed679de2e9657e7489851d4e06620a2d9015f

SHA256
aed3a6f67a11dc656f62892d7b00a67b41afc37b6e99f4cada56f3e876e6a5c3

SHA512
6ba5d60e609d4a96bb68db5a8056fb229e568dadffd442d941aed3db5d219d22f628dc382f8a41e56e4551159eeb17e9b2d592431c4e1d2960f93a2f1eab6f3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
b329b472ee711f8c632c3ee92832f4be

SHA1
817b016d3e799c14b8ee658e2c57efd08fb70816

SHA256
2d55beddaedd0b9fd969859a05d2eacae172fd5eb4eb219f35196aafc0a55106

SHA512
824d2c515cd44460611113301485f96ae0aee4ab1afe18b33e0560f44ddf263fdfd61778804d3a14b7ffcd6a4e31204c86e9233c0af95b95b2b9584dd108fd80

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
bcafa14ea98b0df1d4851aa278c738fd

SHA1
5e3e1fba222c311e6b5e11f0329314ea69ed560f

SHA256
66afbdb068a58ef08a5399d98766497c05c050483c910b480ed8aded340a5b16

SHA512
fc5de6ab87abc14ffb29485a3427cb47a08118a608d5cd53e29f5e712949e97a4237300999355a3639ed28b5bbae07a58bc7456f0f941b0fa5ae925dfe89e3c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
8db7792f714daad6d2ae9a87fd1bee03

SHA1
528e8377daa210dc1c5c7988db0d4f923cd533d9

SHA256
32a699019427306389b99698c0b19940b25b414956a6c3adf38b5f601cb74f0e

SHA512
d5fa346d3ba7483ea2ef2e54d64a72b16132b400c0a5fc76a3ae92560191d96b0c0a6c30882457368566abee537d9746cebae4b840b6ea4298e44d2c3997d48d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
d935e640c762149f154491cd8ddfc873

SHA1
75e5e93fc1fc3fb295d9876bad43eafff8706ae1

SHA256
f5d92c328c7fb2d6266b19ba56852a99f2cdd52ecc3c5bd3e11f50c8871d27f3

SHA512
77e8ee923ef033bfbf631466190e67ee93868bbf965a4c6a733ba622dc0bd9252ea0733b156614936f13cd6f2dddd23b1bdcf4c959719c634d1c82338ef39870

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
833013cd879fd3f812606c9ede0807d8

SHA1
0b1354fe9b4b06389c10c89c0233de21b1824b14

SHA256
5c6f47b8923c64a105a58c3b647d47ceb5515e7c6e985743e564a3eca402e2fe

SHA512
b0183ee9774017f8a612bb2eca5fc715d677a8a1aca432672867747a72a5e83e78b0c6d5b060bf7761ad5e474962b5787b745c485428b09b911851aa45bdda2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
e0c46a64bb132cf04c48597aa83b5131

SHA1
6010e5e4273bb2cd774cb179c8aceb599f473be9

SHA256
a036273cc6ccfd7aec4918bad8a99b3a815f394a3d17335e8fffafe52c5bd127

SHA512
bdf1a06111a171965957c6c7151250e8e76540fd962e07bb54342fc4d95286d897339c4747fb9260a031810abe951c7cd77ab6ea9bd967bca8259a1a8f105eec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
73faf268de4d6f0c9c27d739640ce426

SHA1
26dae99afa2a46a6cfbc46808e576209d3b36bac

SHA256
c7aa295e9522ca9d13016b692e698588b0fea10040a8b6f4845a86f64ec8e736

SHA512
7b9f652743a98e73b9d13bf1a7dc9bbd0d7a0b1c205bc62e26cf55ce0f32db920bf747cddb86db3da8228368aaa88c0d3364b76b11affd3a0f20ec0604f4f73c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
311726877edd510ba9abd72b1e663867

SHA1
7d1ac5460faec00aaccf4f21d71ed77043851010

SHA256
005ed1371a5963c80984cd7c4c75712a4c4bb108931418fe079c6b66685f4d77

SHA512
8ad9a75428abd487b44e776ac4d897b84716a3092aacb50f13e5bd3ea81138a951bc5be489116b90a45a5913e239bc204a797fd16062811f1a014007b63f6e3a

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
285B

MD5
a7d769635d5ea3f099e19639c556901e

SHA1
2db39400a4d7f7c0603631b5f6e1d6356b2fdc75

SHA256
a4a94d8fa8c598c6f8166fb8606b1b853918dc0838e958417e675b246a1ad913

SHA512
1291cd08c9df59d420174a2fc2d1e334d0e1ad38584af20533ea33e6272a7ce93b6e36a198c56772d9828f5edde050b782e8fe356f4619212fc7a1b4231bbe38

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
c1ed8d70a2fbbd918d4cac4cc78de217

SHA1
1e0d05fb341bbf267f58df84bca6450a9a118866

SHA256
9e343a26b559c398cdb3e89efe2a5d769704120fbe230bd79955ed489e3ca0d9

SHA512
717309b9b928015d34a3267c6987e6dbf1be5e787c062681aa27cabfe543d7e7b3a3dcd15dde23bafec2d49992268e771683b1a9565a2bcd10b38ec3a7454119

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
a23841dbdb11ab7ad1891ac98119c2a3

SHA1
40294c5c8a4d83445ba79d7a40c8a169258c7410

SHA256
cc2021dba5dc8e54056ccab11da05274e264fef69f99804f0db173791691b21e

SHA512
5d84140a38ab9288ed9b6dc2dfdf5a03f74f9cecb321eadc05b1ade2a7038161f16e90114cb25479c6b4b631dad20619e85d6df4316f4afa72f21849b43e9e1b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
2da6f7dbe7c96b2da7cecc6c59a87b9f

SHA1
5056eac80cc2fdb16dc237715f5c09714250b125

SHA256
3da093864c2e349613364e59ab995a5c1e0fbff3c139d04bfa44f92f25f4c00e

SHA512
fd30e819b0a11f400630da26ab7e383e05d89c8a84536af65a892481c54eb58f12a22f07865180f2af1a64c51896bdd008c95c15e060affaa97cfdb5b0be708b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
fc7105d1a794a78dc5cb7239fc595034

SHA1
2718eaade77be955887494e6ca95616b2794568d

SHA256
c84e310541da0c1d9f673164bd5db4ffb9bdd682d2ff437900c417832957ca8d

SHA512
c9c74660d833b151e07cd5c3a0fe514353da7c8978c7baf17b9aa8b37263123473bf7b92f23991eaf54bb8f23245f48416c081612f0470b3d3b26a7693cd2017

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
8d5c4a1e2cdda01468d5a2f40848d81a

SHA1
c6d7f78c045e22cb85c6f95177ed4ca85259b22f

SHA256
0d085317f3fbb83ae5601a5e7083c28c762e7c9f20b2258c6d45f252b859b006

SHA512
17793e1a80270388d51e7ff9b0801e3b0a22074a6e8259c6cda04e0a809c7cd50755bcda31673fd4cea8e8757d99038f99bba7b2b431a4e9a93207203a6a6cac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8f9de083d845236d33247858a241f2c6

SHA1
d3b713d97b7e369bcfad36b8adbe3f57b81800ce

SHA256
79842a2a63e2e111a5b2a1515f026c0ebc8f617134883b326ebc1f6134bf0cee

SHA512
cd57097cec6bf7ec5b0045e0f822b881bc39223524dca83e3c90f81bc9cf6fb11fb68f4a65d86542a3f7f17fe2469e4308d9d6cf6cb79455ff67fbe545ae22c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
3ed4c8146d76a03379a3cb7ea02d05ed

SHA1
7453f2b7ff69b878cef81e0af109a4cd0e42fa34

SHA256
0380e0103b26470e8d7a88e973e2d3f08f88660108bf2bfb8541838b918cacd4

SHA512
219872aaeee7193d062ccfc2507e94f2de50f80d12116e59222e223a865bfa62f9f46eddc51ff9472c8ee056bf0dde03b226a936f8f6ca153b45f5a203a70e51

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c0d982fb9e1445a1c09436371cc335db

SHA1
6eb6de256f7d7b53eef46f171d9e12ecdfedc197

SHA256
66e889662732f94958d94450ad515077260d988ebaa12dfe63315fe818e4690e

SHA512
552e3dfb3bfdeb4b7b1e52c347ebeabd324dfd3164e15b7e541641a3f8551b732d591c2ecf72b3acadb19ee96f1616d7360bc1089f2392e80b15867a8e36c59f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
a9ffb836b9e40729e095b91b1c7709a6

SHA1
eeec1f458ee1848c0eeded1501ea3a9950a6e358

SHA256
bef51fc8abccff0c2a47cac2919396624fd0d37436ebe8a9b4fb431ae5403fe0

SHA512
ffe9dcd9c6a2c7dea5670c697e655c137bd7a03a81be48fa44d7c3557d93891a8ed80739b762b1d39cda6b5180ce188df9e3be04a4eeaaa77362d7b35dcb3a2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
40e525b0c817fb7a50dd510af8dfd3e5

SHA1
1062922b67cd440e9ba75029d46b42492cad1416

SHA256
1e6d5de884186a526561827fd92e5890bb6d0571883cae4cb311a5775e3aeb76

SHA512
8acc1828af26ff67fbcfdec840d90201a8cac6dd5c29b4374e8c8dcd15ba49ebf919babe27f1bd2b6e1857f364b11298dab704eab9c5240ca2fe4dd0ea42f9c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
da153859bc1cfcaa116e2a08ae1b8ef2

SHA1
58e43f830b828a897ba66aac5be252e6b3ebdab8

SHA256
847be65d773ecadfb832480122ac0e893d7d21cd461e0daaad65e39e23e385d6

SHA512
5f6f27d9c20a0d3263b87dd372feaf06bf6db518732f33641798ace626d26533224aea81c3b7dd856155ea37d71c1003ac8289be1733fd8a56f9bec7b39659b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
8b321c263f3291b7ba352a081b69406e

SHA1
0b526ea1f8106f61358dbc302cf6d8814cf5eac9

SHA256
b24634f4d9c8612356c6dbc5a88fc853d9f7e80c6c9f08624450d83fa212f2d7

SHA512
477593fb4f0cfcae62be331023457211f8c0ed6aad7dbf15752a0c20062ca09a55e5365e2dd4e7776b2de847da15d112b57a447bb756cf6111db249dbe73eae9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
6a6ec21eb5cd0f789aa4a693b8338e03

SHA1
2c9e03de149d699ffd69ea69a87d236b6f0a0106

SHA256
8a565cbad9eb4ce7b3e3721d1615d6408c9ff43467ebd1a0c3496741c2bab05b

SHA512
e6e7d66c0bfa6aabacb619fe514884f51a5a5f13b07b8eace7b0ba8278a690e739d87fd85461a26be73cdbad7284a5c23544c5efa43b876d62e5a4a06c03a4b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
e341524bcb57fa1560b5ff17b0087881

SHA1
3abc6e5d8529c614cb162c74e32c67c86d648c20

SHA256
8c1a1ec9b113678a06a4aff36981d6884b359b6572ebcf13c562ac261b6e014e

SHA512
fd3c30c207b5868d4828c67c88740560bf4b8cb4894dc5e839ca8591c1657778da64e7b0c0fc572a4a6adefffada12af3043d48186dda52871c91e23bc556fd7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
0e290e00e29f6801e69c50fa6d39423c

SHA1
11035e4b32f24431b08a98a7872a8bd6594d4627

SHA256
3ca749acd27750a9bab4f8ceb3839dc7086477a393066f2b1d07a213684018fc

SHA512
12678ea2a93e28446d47f05b803be6deab02ee5793ccb22d5cdf18edabacfcaa2f5704b345fe5e806d7bf943d423bb8f366231bcc0fa39cc01c0b37381dbe442

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
7fdd42b1dc51e8cddd34e5180f2e40c7

SHA1
b5b0ac07a591af49c857fc4ac5c8382a29a59a79

SHA256
7ce9942ae7522cc9664a7c0ee55030a9012c1e89f87a96a3bf2b3b42dfadb229

SHA512
04ff39d665bc6423bcb51ddcb27622c568077662019ee484e849ca4e8ed2785ad6b2425a8351b121b664feb6273156cd3d7102b04f96ab8dc19396975b5ef94d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f8b264a9c8016c6f0f5c77418fe65fec

SHA1
d090c2349c8d1db869b72931c5991ad38267cf36

SHA256
589adf9e0b56a926a49ddd0c0dca31c95dca32be51bbbc7943aab1307fe39384

SHA512
dc028d5bf1d419f11d1b988b754ba438023d818327d84a58f565870f7d094992057801d4e7c42345d1be503713f5eb94a84b31d70846a35cda17214f2d24b879

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
2e14ade00637e7986b16e4b81d8bf049

SHA1
8f23881555a25f0ceb3d8ac2ea7fb05be94bb876

SHA256
c695a58b5352f8b2fc7a87c5ef402a070a188f208856b3a6d4ba6de71529be4c

SHA512
d41c4f8d37e20067e876aa16bf9d8dd1f50e82656003c36bcb1c32a6afb0dc9c8bf1e79dcef38f7b29c0a2b6f97194143b5cf7f3971d90e8200e5d7d5578cab5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3d78977fa4b01e2ad24d055ee6235181

SHA1
371166d743995897b7b747e9cd773acaae3f296d

SHA256
0f14607258db217124e383fa0370d37bc8ab214ab270beb21606399ac704785c

SHA512
b16b42c67fbe37070fd8ef1c0e90dada8b714e3aec4bc004350df7110d83981b8e31fd6501a0b174d93e7b381c1b3ef56e65613aeed24ccb2daeb09c59f93ced

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
515d7b0a53173e93b7f854864ceaa889

SHA1
8f917b39d7e6ba2b12a12e40253a7249c10c38d4

SHA256
fcc60428051f9b8380e2db627fbce93a8eaaffdb4fce5fdbd38abb794db26c03

SHA512
7050b929cba80e242479cd88aa2e7be7b79817d9122701057af1757f0820e1f9439b152fb3f02c2cd4cb33d38be73cef8968aa666fec175541335c0259757f8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
e494c07caeccdd4d0bd5df715d543fc2

SHA1
986750c3d0adc8048871c0b4b850bf9216a2431d

SHA256
edff516c8abb67a9172bf2082878cd46f515126c4ea0681431df79278707b160

SHA512
0d04fd14dd35a9ec55e9a93200fac0f0a2c41c86e3ec6b880adc5d1a5ae8d5ff7cdc6fd1925d96425d032d98acaaad5d473ebf9c1f78baccbc79e1125f29082b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
6ba1ffc884f92c165c1a11313cf2595c

SHA1
d52e68fc829785f1eee272f07cbfc875c2cd72f7

SHA256
dab77a62cea72b96c4effde01d9009b070777920dcdada510e3e0766824edea5

SHA512
85c345819f2c07e8b293e4fcdf9fafc6866ab0a7feb575168e38ba92b8b9257de0ad9157254f7782fcf8f9175779725608c2c84b488a493e1391572c68868894

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
87d224f5c20def04c6e454a4c9a1a286

SHA1
ab568e8c23d1f5d63706bb008c2b37a8f9a1ff6d

SHA256
5aa533733747ee48d0a68474723b478de73ed82b706fce88c27f96f1002a1413

SHA512
3e648fdbb98b886d028bcc612d3455a75a3f8230f89fdcdace97ea37928d11a57231c4753dc1803740bc73bc8d3505ded0c34fda2cf21497335d73f0e07a7d84

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
c6132482cda0cc6239e92bb24a3b631a

SHA1
0aa41c98a44f3a1144a97e63958a5033032571c7

SHA256
805156bb627fe1a8b21c2722c729b0af435dae0faabfbf8b9acca193f14494ea

SHA512
279baada402452503cb95be10e9196d1530a752e53785e5114c7da872d73c049491c8e39a516187b9b3e31804b3d55975a4aaa3a78fef42201da2ab7ea1e0799

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
1b6603ce52c29fc252cf645c8e40f124

SHA1
49df1a90584496e148667af9ab8a5fc2cf3f76c2

SHA256
8816e23703db3e81bff7f6b19353a1fb4880beb4f67b490edefbc2b243d6d588

SHA512
cf8363adfdbe193d24cc23fd3f65f82c44a582db1a5f5b6803a057eb701c4cf88aca7e5a0ab4fdc61c732aa900f2a659bb00ccd908397bb97ec2d4368cca2327

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
8b6476fdb25323dd2eb1f277e2b6f18d

SHA1
53aee3594598dd80bc7ba4f8763fabca15ad9eb7

SHA256
9a20fb1f1f7e55bb2348200990f03cb9413f82defc8b25d21057714f1f0e7705

SHA512
6a62bfc307f4c01c4b86460bc41019ae3037f28ec5d84b2a2e7597eee468a1006d0307455ec427ef3d4fe125fc9c597be140b6a6daf3730becd02024dfbad607

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
78b3f0f14fca09b01358594cfc5da940

SHA1
c012770680062003df8a8ffd10c559e7da40aeb5

SHA256
c98d91013ceffd00d1ead8045edc0827730347873babd5d96cd21c74aca6b396

SHA512
35ddfc843f15f45c0085e14db643ded050224e4954316b6fbecb940c80353409cdc7368e17b4921f8f4e0390a3653bc14a2f5d5e6cefff2cbf684ea1e6f10264

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
456ad44beb4ed06e219fef6791ca27ac

SHA1
19dc2fe43780e88ed3bc6875c64e220e2184565c

SHA256
4f35ac557d08f6045bea83bcf668e4ab355db434bb405ebddd3de912807f6494

SHA512
ad2b1380d7c8e5400316bdc5f556055601b4315ab6dd700501f9cc5363fa10b916e607dbdc192d12cf670861b9c580f99f0427bdc3c8bdcee3f359a05772dfe0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
be3606afdeb345eb8b976f4215bf05df

SHA1
a57407145bae6824eab41ec5526d96bdc4aa2b88

SHA256
4b9788d43e637662c5ba8275f02e51566bbfc0a2b3d3c7b59504c791380178bf

SHA512
a638d27ad0612bbc202455101c89e5f37e497fd134a02a29806ea943ed8a844451a83eb2aecb4d045f2a6adfff5770d1e4bb9efb030dacc3172def1ea2bee4d7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
0d2f2ecacf54969160c3522f8f07a091

SHA1
a963441bddea6b4de31e370602dcc484014d3a24

SHA256
468316270a45da65a55a070e430abd3410d848151fa474e589e6b19b6c085920

SHA512
7f5ade2456f301597fa88cb53a1bb2a4e38b55be8e1a859d8ce2c32389aeba31ac3cbf7a80a976c913258bddf1f0a89cd8a9318e97848992fb255a9986808d36

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
2c6560aee1a236d4959ad909c8069127

SHA1
29984b1e9e5c2739ef34eabc485a1dc9a25b260d

SHA256
b68e866ce7bffc87dd3f2dfad6987bd264652d1c66dfe09371ac60208043ccd6

SHA512
2d116cee5a84db5a99d106273a0b8baeca779e93ba1f63c876d1562e11dbb03fee0a462c07683cfaff438ce095477206bee9b9e4b33f91182290109073f2d41d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4967d671f8d4b31ac42309c78deb752e

SHA1
66b55ee56430662236d87b8e46c8bd2d018957d0

SHA256
ecf614d7708fea3cc0fd1b66cf75da3c8b1135f3c02b1b2ec885801c5e4431ab

SHA512
581b347c531c351e2d7c9c71aaca3881dbc32a454fc38208f04e534474640d2c0b7eac0a40c3026f80506efe847f0de5bb8acbcfb296be25202e3e4cec08ab99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
0a34380ee4a8e312c2f9b2ad74ead225

SHA1
b1c4d43566658af06c557978038776cd2a384946

SHA256
a5e0036730f6c75ab5aa4a88f561259e82cfd6a15edcb62797b8c0e340d491b8

SHA512
0adcaa5cf477cb1b72f02f4ecf74c2d74d71ef7b7d7cebda32c5fa28587e527682eaf63b508dcddbf62dfbc500c5091bbd5a2bdbcdb935b67ea7a8ddca8daf42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
0c1025c47e6d6ff1228c5387efb22898

SHA1
863bd91d767bcca218a50c07f0af14d0c39ab85a

SHA256
dca758250dcd50d637fc8f3ef39335f948b819c05115fee38d699696f70cc38b

SHA512
fccd3d682cf8f4d1b4545159e07099a0ba1892812af12199d3165c1bbcc63639af74e01626eac1ca3831bdc1bc0c60610b7ff8bd6690655ab18ad955ac487830

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
7256a9f90400e42878daea12df80a7ae

SHA1
1336886c1c80a3698e2c76d3b842743bdbb46455

SHA256
a3c8e14038696fe2b8e5d5828e2ebcefc3d09559d908ab94abde7b0ae9fba0ce

SHA512
e92b0ebae5f751f664eb67a0d650e1fa23b0c3cd811bbe050f0396d3bfe8b3a6f778a314a818fcab15637fbcdc4bb5a5ee8c21c3d7bc4a973b7757c7c0cff60c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
2fc4f9626399cf318800a44223d21dcc

SHA1
6cf682629045de6e19cfacc09a69a090fb74e927

SHA256
076d72d95db3d36eb5d66a826939af5bf2d84e1accbad41beb64ef31ecc65691

SHA512
5799e5b08c264446a68a39fb280de1a09a3533cbec1c58de762b73e4a9e7b97f0dc3a1eaf864393449bdd84b8f7e533c25b74a586a2ae69a773e94bf8ee1a81d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
2909788a2f952f834df7827f989813fe

SHA1
d5c4b380958315bb8c580a5df8d36e340e451477

SHA256
1a417a159090fd006aa792afa337ae6deab390aa235df4477cff60a86d137eff

SHA512
36154b2597cb8a447179f4a82e4e701d7767f90d3016978ce4cf50f2b718a44c0f2e69e63aaea49abe15bdd6cabc740a3e69d3e9c640f1d07e3be08af56406ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ef14461f88200edaa6c554f6169c8db3

SHA1
24bac1af769d8370e2da10348ae5ee1e6d1bafa6

SHA256
f406c35d2c8d39154379cb38acc630e908e68b262c9dd87d63189fd16495da94

SHA512
d617d8177c44dccea3cf7035345acb47d507ccb06c80fd813991782a00d2f38c628316bcf2887928ce980178bf86836026ffed4943c21daaab55915732e8eee6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
7f9575b225df566576f340a217703497

SHA1
5bed4c6f76f136afb2e648f6aa668a9d60303144

SHA256
6e829d23675f4d2b53fe064a526614cd447b0761d54a774ba8f3f43bb4a25bf9

SHA512
dd851b835d96bd342fe4c0eb4851c65f1c815cd093145021393359473885a38c12d71d2fb9eb5f44bd28cfdc1929d1f85d47fbadf0fa0e880055faf6aca38d5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
a322b2e8a042c40d895e9ee117508104

SHA1
0c369f4a2dab515ad3b7a4582204419168f7470d

SHA256
46c51edaa6f535ec8cfc338ed8a3679f1faccae3546ef5e6d195e421606b6289

SHA512
72358f922475609b609c948593dadf456b010d95b405dbf71f2d63db52110c393dccc8202f6cfd1356dece2fe4412ff9da07c1fa9906dbea344176b6f43b0c2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
e2d7f1717ca73b18c00c1610f6767084

SHA1
a7d8a48d3bd842da5a5aaa30e11fd1aeafff0d61

SHA256
5de862f596d2d6c04a5277162a13b4dc59ce7b151f52de6d71ab6e0e8030ae20

SHA512
5f9f343e8fb0cb98ada0c8d1750b0b5a2aec663411d8c1178ea88b15aeab5551692ec29e51e4e2f8deabc3442ea8c1f9d5a9860cdee627f49896c70713b58b5c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
d0ae09919476232f21e238d1685f707e

SHA1
12eae1c92960ccf7d1930d0e360e34e25e579bb2

SHA256
e0099f80d8a9e60ca707ddc6458339ae002fda3ef5c7bc58bfa08986c6bc70c3

SHA512
d4d3918b38903d625c593057661a39dfff5703680b67b2413b0e05357d283aec1dd99781b4633db50e5861438e7841753dd18f6a0e898780ab228a851aaec9c1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
989d8b89500ddc47db369d6e54a78d48

SHA1
cb298b61528f2b79f2db8fb83538f2d6223317e1

SHA256
fad9d68a2da3b69dc8282ee7712842eb66e3860608cb1e0ec2d908d4034d92dc

SHA512
320f7a91088c97c8e11fd1a8cabca234c268bc1484daaf0c650cf3dd2238c9da6f69cb5d8f3ee206bee458fa21a5dc98d34494b62fa856503db81b4f925a3cd6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
e5f90194ae95be81cfb78d45f3e46c69

SHA1
c6d015e6a8cf815fadee72b6d9627f85c99e6439

SHA256
1113b05ef48cfe85095edbfa7310f693261b7a18818cafd31955a0fbb729ad1e

SHA512
e7b6b0dc68d5d730faf456484f68f1454ed73fdb28c84fc643be25a57ad0146b756a3e18ba593cc6e476a5858521290b6bf370d18086d52ee406e1ab70ca6ec4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

Filesize
77KB

MD5
9ffee570abf1fac1190187230ade1e43

SHA1
d028c52fcd94c6bb6db858e40e9aa34296e46802

SHA256
62c55b3185cba9215b11003a296bb715b731256e209496e6e064e5782d94217a

SHA512
07775a0e5d8f5ce9b3ec103d779518b2a8f32268106abd3eda121955c8d665d0893b6e1af0528bbd58357a841a51a731d8a26870ac76d72a3a9921cfa5212407

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

Filesize
48KB

MD5
d91c068bc8daf82b1255099b0bab772d

SHA1
0052e078dca98cd38d14d0c0b70946fcee7a502c

SHA256
86bc82dfb7ee4ae58a400b78ab76150ca78f5c70d093691a99d435468b5b6c5f

SHA512
4fa65752e0ebc14eb251db97e937143d73ea8993db15c55568631b47c4ff37f4797a9d92f19aad91f1601c668e4ce0dd0964ed347e0928eee8d76001224df229

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

Filesize
64KB

MD5
e88af7833dacb01cfcdc424c5c389754

SHA1
5a333136bd6794b678541909b4d09dbc2e17b1b0

SHA256
9841bd661b39f76185edbfa1b4cc3924fe186b93c1e93a8ec0c1b988e7ce8a46

SHA512
4c6a60a79a4022fe8fc4f35b45335e09ae152d288020aac3a38def68c353e8074980eb1e6dda23cf169441b046b13cbf375e2f8ceb2d7cde4139acc639eed722

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

Filesize
75KB

MD5
1e0182a6f4fad622ce991d94b08d9086

SHA1
0ee3e461515bd4ce859eabb2bc36459ec6913dd4

SHA256
cfc9605fac3827be15f04fc8a062ee59adfb68866e271bc750a57955a81852a5

SHA512
a20c9169e33f3f1ba35ea142160e0ee82fc99bedd9efa07b3a731ef94b72abf70b48f04b5af75954bb1234d78c8091410d59be4effe9a6d2560b0667989d3d0e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
ce1d1ccdf4d636ade59e29adacbc9b1e

SHA1
e8fecdcbfce0754a316d43b53744bb3c5fb3f80d

SHA256
e03008be921ab1e02c2935e4e8be0a11bc20a38f286d27902eb0fcd65ff00fda

SHA512
91564b596fd148e47bd0c794d17f829e05e0e6dd7fd540b00ae9b08875f00a8342b2f81e81904d2ed4814913b2661c5d657fb92cd8a42880cbcc3859e987bb13

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
ad479954a843d1bda6af753b1aad67eb

SHA1
14f609d859a8575b545cefae10cba857809bbbeb

SHA256
49a84b15b8301c6c0b1d085f0bcc97e9910dac10cd067be08f4f261ed9f5e75b

SHA512
17266049bf165bd1a6231541584936bcbeaaf8db27337c9c18e01c9dce61a0cf105eb0eff6f9dd743f9ee7aa0bccaf2b39543aa45f97703f2402ee57d39e902c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
81abd299f8f931f569d125d9216c635f

SHA1
e8de35ba8d1be99096e3d41d452ee2aa4d4f4fa7

SHA256
e942e9e0dbaa1c844bc57539f39db4d9db094252943f591175cad0338c994d41

SHA512
6ebceee82990bcfe4d849b5827ab9825a7ff8519aeec6fd3c51e7790720a4ab6104d9170da8f9a7f6799db6254e64a3e83a09fbf7539f6a941a42efcaa43fd2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
c9ad6107b6d0b968cb7683d171c0cf6c

SHA1
1fe5dc9bdfe15a609966c07e1babc2ed9528c294

SHA256
ba88c8e86f73620dd5fb524dc1c208ad6341e3d4728bc239258fe01fc29507e9

SHA512
1039f30f18bf9c8dc1d31d289b2491d1b9ebd7a03624e1a9463ccbcbfe070450213e2822491d1cfbc9baf74f2367a523980de3dcd253e2f1686ce5e56bd8b4db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
45679ff00745ad58afc10670af38056c

SHA1
373492d5d3d3f944a5166168f31b14c6b73331de

SHA256
3adbebd9030b7f569989667bee0f535864a166d2367e66cc5be54bbc2172ec70

SHA512
4eb0c675eb2b8b75d289e85c65cffbd40f1ee86b5347d82ac1c40e70285604e5272feb16c372b4b2683e25be44269ec9eb058a6e0fbfbd81d548ded5f2e2e0b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8a263424dca2800839fe2c58f221fd73

SHA1
7acbb6d8369e7197842d91bbee42a0acb902700e

SHA256
1080c85816e68553d88f102f8b5ea066b2cf553dcffb26d36f9bfac5613999a1

SHA512
932a447d8322f4508e0ec62249e5056eb948202da8eaa56b1e1d728e67dd767d42b846739cebcb1d4fa55878a698c113cf648fbeef6ea3d21319a3ce576395e6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
eb2a5e791a819db112ad1654c111524f

SHA1
1d5878df732686fcea7cabaac1d1d5c1719389bc

SHA256
8406ad9fe30cfaa52c9e73128cce96a92b523371f18a9d68c62dc8eb03790e00

SHA512
099194657ff48d5e7709bb830eefc196da7155dc7efc7500d62afd631f8bc816f9dcab3cc136e70ef6d784cbd5f50d13648e145ff7f4b811bd0ec10c93fa5293

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
588727f45f9add683f94b88f2c72ccad

SHA1
4e94cc8a1994d1fceaa9abcd1123c0147ea2ee55

SHA256
39f9fba3bbfa9b69dc24a6cdb75f56c1ced8e528eea4ad46463ecdda3ac5fdb0

SHA512
4c48ab695e3991af4fd9f0d29255216f92390feaa4827e6e9d3c9b44d0b438acaf40aa5a0ae30eda8c01807c5faec6f25d6d9932615fc25c8b389f44e1b7919b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
435a7d0a8ffb995138b68ae1b83b0103

SHA1
6d58d94d2588688f35c0eb74c4f5ba7efc50c091

SHA256
eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232

SHA512
1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a4858bdfc6a8c2f77c7666b9cba76f0c

SHA1
3d6bc50e18d155c41261435546c028e9bfac5d9d

SHA256
524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de

SHA512
92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2ea82e72d3e54826be6d68a83c0d925c

SHA1
c5f6a8c895f29b9d7a0b19b83e51cea289ddbfb2

SHA256
b3a7e4ea222f7715710f524ddaaa24696bbeb46c23702eb9c6602665dfed53a1

SHA512
9a78c178bd80cf0e56602ecb0aed3bb2ed63da4e16f9ad5e0f653c76d1b96140d692547d051b6d6f964af3669f4e006ff5bb16eb96d6deea4c9322be88b2aec0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1617d5339e8b203219783eef534cb5b8

SHA1
3ffdd34334ba6c9a7d7147ddacdf3dace23c234e

SHA256
a9c8f544caf278a04d25b3afe40e9f1d66935a8d78fa576cff992750744e3065

SHA512
624077c9b6e75e8fd330f0a68efe8539d9ee434444c5b17acfabb84386bc3eabf86d70f6daf7f36edd37ce69029a324661642a9d2a11a8c21b59889de5de55fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
66076005a1e10c284eea6ff22899b9da

SHA1
444848b795da1f6964e5931e9d598ec6592a2608

SHA256
a33de7e6cb51c01e9cf0de1d272d1017ba90a8b12e2361f57e7913416a9c868b

SHA512
086c4b554530b51dec6d7abf583e4911428869832ea1d8596eae1188b202ca44813faee21db2cad8fa04c4a56d9211108421bbdae6967d4729f67cc7923d8bc4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
cea490a8b275f022d789293f958c116b

SHA1
77400c2a93257b61c194bd33d7db919db86b52ae

SHA256
5dea768e7f81ad672d621e1b1b2cdd287bbf8258437b3c0eb60946f2dc6a3f26

SHA512
d12e0b817d143381b9431e55edf21c519a1365c0aa3441bf75c71dd4539e81877285b25099b6ba2821f7fa44ab7090bef8c9a36f446043bbd9088a09ef27a18c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8ee64a6210a297086f824d7d4791806f

SHA1
217cd640229fc23054667678bfbf1668805759f3

SHA256
1dcf604ee2ba55884e323f21d53e3a047c373379c44d42ad76b67c0fb1adcf56

SHA512
5701443b0e0265e3f3dbec4d9f2ccbe342e9daae9e93d34412a392368a5a6ecbd32cc9828e92df84c2537c49634455b9b9a5740b64a4290d812859493d02cbe4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
295ee021be75531e2d65ab253892965d

SHA1
e27e60b5a33bf74bba0fdc131b2e9cc7f52ae8c3

SHA256
0f884c805b9c1904136fee196c4d98a4b558687c7f1952953b7577ab3fc5c4f6

SHA512
27fda1ca9cf80ca9e02aaf77aa8e41244ee5bbad88b3d2daa5922edc8132dae67268db6b2afe1fadd9b3e02040614a6c9383e1faac3a0a66f79ad825a125113d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
859ac8c7ff6f0261458f1d5eda8e618c

SHA1
6c845d00ce4ed48b38e5d783a047db20aadce4d1

SHA256
3fe6bca63d9509ed5a6b78c31fd938c8a31a22753e3df976055ef99fc134c7ff

SHA512
19d2d18b8745a79c99952913c8c347e3146184209ddb15a5d3351834bb0b76d4db698e9b78873cfa0df116862fee98f50a309dbd0c8cc8867a510dc11baeb02b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
c5b92270d5b05bdbb175d368baaa0b6c

SHA1
0093965cb826a49f844479b821bdf900c46d9f1b

SHA256
dd30185e1976143270f009c8a19df58d2cdd17042536787f814a4f8003b7c08a

SHA512
eba50cf2ebd5e076d6ed495dcd8e8cdfc9b422107bca9c8008625820e49cb0b845203cadd79ed31b335e4f1b02cb93ea43369be2c33f86a67d28741439531133

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
d5a28ee4b59709ece895872d432098de

SHA1
ca4533b57e1c84856d5524123ad0b6dc0bf7ede8

SHA256
0e094c1dfbcc9c78d420191d11d1368d6a4271ae6d50d80ea51d5e2ff6c72c05

SHA512
b4e230f1773e0370374d29b5b35e1b3a76fffeac15f43db6caa19f432cae98655b8a1b090c531bc71039c861613e205958539a135ef256c5f42c7398ae047cb4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
5bfe286f91c040aa911f7574184a9463

SHA1
3f5a6ee3b764e40a942c6a8b71cd98c8bc8a2735

SHA256
f8de974ade3a2be03dfc8513fe90ab9742c870bbc495f894d401dd7145d3bf86

SHA512
cd4f8c220102f24681fc3b3659b3ff2c027fed22bebe30f616c274010528f22f2523aa9af3b2d81ca6931cf89aa35a1abdd3da40afddc3f924d894671d7ea9d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
63864b31e7875435e9a0f81a392c56c7

SHA1
b10b16f76bd2a66b8b4bafd32ec96f3a877577d3

SHA256
cf623a57d334b16e1af28bef36d4be3f3d36bbde026b8390fac6d3ac67facb9f

SHA512
332fa07b328d7dc02eca783d0e2e9fe388a082a542475b2ba88d0f6e51f60e99b05b41dfc124122179a5f1762c06545378bbebe114da724f63a9590d3f1e76ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
4bc65bdbae15f23607aadfa780800c9e

SHA1
5803b7d7e8e6a467d1fb76997a5d8fa1e6f9abd9

SHA256
3cea57d8f59231c43a9a7c288dbbf4cc1df0ea0e797086a339b1f5f8dd2bd83f

SHA512
5c21f36b0b3896292f69a4e722e55075d682304b66273dffaf3d20152cffb31f5e55f1dfbffee73a0383102622a38e576c2080bed4c1f289bdf87ee29423492e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
ba8c6e055fd70fb46ff01807ed520541

SHA1
ede0cf9361d2550683534ee2eb26d12fae93eb71

SHA256
5f12fb631c6a72ac2d91657414ae9d4a9b6f84cb7cf747ac08993bbcb8700bcd

SHA512
04a8251137223262aa763ac2b401e7f5a009d92d3c884bc871d8905bdb9634eef164f5f0e564ef23e4243c3a8a40871ae9a90691a79a2293f57faab2516d9acd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
7a2d95cdfd9c20cca24ee57995a29a2c

SHA1
7fde6c2fce8ba7cb8c93f1ff07a8891ba9709073

SHA256
f38b512b1c67900eb3c6be98564bf12a242b4d447b9c9d1150ec66c4a96c9733

SHA512
8ee28f884c5104a1c90f51f274e315107e8dcafb4b7ff98505a449468e70f3960be3522550da8bf5aa98f6c625c4f2ff946936d7ce394c3f21e2dc5ac70a9771

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
64736d76006b025827b5b36f7d6a25ec

SHA1
35b142ec193dbbb01161f14c220f12eec6cecbd5

SHA256
b212eb869e44f82ec2e58bc355a2f51603c04d736bebb43ac12d95550e99d4e7

SHA512
aaefd675b63d06cbd993be7ab6192dd843d8cc99119d88a1ffdaec6cbc90f685d29e8faa39b47d1d10d19df81b398201e14049f00e0782482f41c93a6d7325ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
3f229362fefa79f05c517e4db3197f28

SHA1
309c20764b63ea9e0771c26e2104f077d861b5d0

SHA256
08e235d3364d5efe079dcb2f4efbbbc9b6f3493f25ae8227c17659c27b84f3b7

SHA512
0eec3e1d5fa560f644d917277ff2d10bd3339f8feb566dd7e4f189b8fb2b01491cdca67737098f6111ec851399acccb8af15c60c0d7b3c632743545d387dbdfd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
85521136cf9b8ac95712e98f52cb9175

SHA1
ad6eb4f9755fec9a23e2005340ca872542f77e71

SHA256
8c35c79b5c0d7a98e131a7c378ccd6db7e862fb49dd3a96f3c1c34d322d7d32e

SHA512
6a4c9c2e880259badff7def7a363d74ac7d75897d9a4e84adde53c237556b80565b06746c5450cea93e750dc24f172a57f4ba30442b54b276fa7f82f6bc158f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
f511d16b92021be3b31f654047167b9b

SHA1
54e4a2197a2641831a2636ea6635b40fea0b49a9

SHA256
d2ecf3b4c4e486741a59f94ac32073f2f7db648621d6a1c8d1145a14f7e73895

SHA512
2539ae2ded4ac115f4392c8fe89d833e5506328541264fe06bf3b68b206b3399e9ef4b1b1f3018c16e5c89404b550f7ab315c7420fd19632edc5e1a2a308f23c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
9b4e38c4419352cf742b1e46aaac485f

SHA1
864dabc3a741798845a6847d1052021968e22f80

SHA256
367a0365c52f6f3337308d6fe5deeda01ff77adb43d9f51ce53acb4a8e6196ef

SHA512
e3072dcad1aea55cc8607c39bee1e164e9ffb3a65370c19273421cc4ec99f23f20de858ba1aa72de167e10d30866b1826cfd3dada03a6a4670922c6f16bd8f17

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
acea12c6aaf2a936e419dd82e22caa2b

SHA1
0228da3ecad3e47408d3eb8b2b39388b333389f1

SHA256
331500e8a55d46746bfda422824216567175aab1d2601807a787179689c9e9fa

SHA512
3602c5e50f306b242b8c8d02fe1d24737e148fd72f9c15704b364ff23f5c810c0df6a0623a302d4180ea86fd0be49b36efd986670cb6edc03f3c652ca3ba61cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
265fd963aa3c566c87f3e5a9dcf85c8c

SHA1
bab47501455ff2b55fb241ecd1de9e655b9ad03f

SHA256
af44701a04eaeca8e611666ff19890b0cd709955babca3111459fe3c26400b60

SHA512
832ad7c5ae0599e8689fe55ea5dc16f164515d6cada655e2fe2503b5c0fe6bbe9e5652d5ad6dcdd5a3a96edaaf416bf1d25bbdff82ccd17cd629a63e35b3ad95

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
acbf284dd381ebdf64a5600ff2d218d0

SHA1
18e63f76b2a4f0d21c5559a15edd5b2dad892d89

SHA256
d08f7aa24a82db418c5f81c8d0bcd87731ab27d9c2381a05c6c608fa17632e1d

SHA512
1265f180c1f0b1e30692527e352abae2e47a0133dd1961dc9d3afc898110859b4e8c1101250a244158306b7a05b13618b1130f94041eafa470b8d4ffa02f1e26

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
e4bd063b1b99c77994d50a57f2c96d14

SHA1
98da6b3a090486250f80c1dae6915c3c686455e0

SHA256
2f1f2e7962538f9b93ebe0a37d0cf8c18a0e33dcd1ac945ae95e472c899df682

SHA512
0fad18207f4338452ef74169517b019553e7c0aaa0d25625b0038f6698686cf139378064f2979d4572906701e97b24bd1f65ce5af152469a77f27b4510339203

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5d9d5dbe8c776a4fed9a23928af273a4

SHA1
526622f3d6a471a6aa5bcb1c33d5393c7b6cfc84

SHA256
37125463bc7000d76f5be5ef2bfc4643971e0aeed64789aae6f5a74514c198f2

SHA512
d1029eaf81fc6960b1cdabca96aeb538dc654ee470a24c294f4b174c91464206554d1fb6b04c16d148e11f18bd498b941872c6883360c4defd00065ae7e85780

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
7085afa286e7ee9cf4bf63f2771f5930

SHA1
6e53217b8cb55b2f828f0c882085e6db7cab2628

SHA256
dcacd926ff521a33bd61ce4d1041835f9ed61e98f248449c06af2ed03a6dd831

SHA512
16ff64f781e1fe387c39cdddbd22a672b961a60ef7ed9b734965e780e6fcc9c32f484ee0b0e6b22ed035c6342620b5a160e13c1af9c80bf967d9aa7cff30f4dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
9a6fd06ecf5feaa488a204a2835e2502

SHA1
7bfe34df0c15c7c76cb14df70ebaef1ea7c61a84

SHA256
789d2057bb55316c1cc9cbe3aeffdcc45b5062984cdeef726f45aabe0661873d

SHA512
88064fb060721a4a135c87a26b05383cbd600cec4fc2c9f42228101869dcbf0f782c08eb15fd0ae21fecb047b26542a744fb16c4ecb9eb54dc43ba14118f69c1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
4f0c12e5631ce4c51a9b8d54cea43aa7

SHA1
bcc8d876630de821d5ff36c3ab83fd709aea4879

SHA256
be6ac77950a853418c4c92d25af91820ee586b2ad458540dff0d846d37d97098

SHA512
83e1c5595f3a8055ae2e12b13c55ac3c934f96c1f5ef8cf3a25d4bdc791d09af63c6c2480c5db17701047bf77c624699c57cd626928bdfe8bef48e1d2bf2455c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c3a222436c4d421d75b6de45c85ff968

SHA1
dd710cb11472e8dca57438f7e89bd0897ae1e9fc

SHA256
3408d35d0c36ceb784c61b95ca6e11d9881250b4c7874b5100f7e06f68ba2fd1

SHA512
4537cf191e8cc1db0e6d0ae334cab8eb95636f2ffe79d278dfd86246144c00bde6bc5e6751f7662fda437ac38df20fcd2a8c92dc39509b50616233b892e6664d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
214cc92bb95024990f89f8324fd0af1f

SHA1
c01d1d00188c20f2637c34c06491ad92ece11da4

SHA256
276eda52e9dec0efd789282458238c492ad830355e70bf48758611f3a5fb70b2

SHA512
573a491c8ebda624e36c97512887b63e1b33aa55e060123dc907fba1c19c5e75ff59da63b5b94b19c8791d7cf3d930e2fc43bc6eb14f3471adf5e7c7da8d68e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
c920422a0430a07c8fd04830be02b900

SHA1
59416966f0b2709d259e335475f8ec8e0ceb47d9

SHA256
cdc1c0da88b207a43bf9181a70abef662efae9345f6ffa8428a875841ad47cf7

SHA512
85f4b0ae9ad658b71580bfeb8649b8ab870a09440aa3a9f8bd0cb44a9bc735a80a24da483ecaf67b08da6f204ed19497e89d433ebc6d1d2c7385fbb06d658f7f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
d216fc3fd0168633e0cae39624d8c5bf

SHA1
306aa977bcd4418e2433e9b7461afc8af6a3659b

SHA256
fe56f8c9fda2e1e82744380ad3c1ae7be50f00409178ba0e0a7b097bdebee346

SHA512
3334452152d03cdb90480b76d3d94f2bac6c65fef9c910f6b438f81aff7a0733c94a19e0f10e77e99ffdcdc04409887aea6c20b6491cd3180b1d269e76c1fcd5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
6334593ac0fb1f0614246e2aec8e7fa9

SHA1
59e4633760ff3bef8754deeb11e1387d273c8af8

SHA256
99bb22f46b75142489de5671c2f1746855ab4f7372ad7ea1e2acc2bf2603749b

SHA512
d6be0b2d3110ebe33975b0ee6238bc784b295a51f136896aa9d3aad9aebd449cfbc87721ca5f647a8833efa0d772f0e4699ca4fd231ca8a7ef16427a3fc6e6c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
b9d2cf17562e8fd92258fb154bd4333d

SHA1
646c447b36e99a05ccf5fcbd1917fd756f344a87

SHA256
25183ee3c0371479097e5da2de3ed11a5b12e007617d95f2b3e63d358bf159b2

SHA512
c623c0a90cb7625f0f4a91e292f2e4f8e6aa068b3b86be09a3f9cb5804000fc5f0ed229f07ebdddaa4658574c3cc585b066cc2dff4d099d09af9bc99d23759f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
6d1505eb5a476501cae0943de2487444

SHA1
4aefdcd3257cc57d3c2fa9d35fc34f6478bb8bdf

SHA256
c93179158bd17dd935afaecf7ca90cea44c4541e5ede2160edf92d89e0a25a5f

SHA512
3a62330338ad3dfd9afa76fe15d028aa611683a2a6cec7288ef06a3611f2a1f8d853458f855f70335c563030db10c95e1d6c79b7f8b532526a5ad3d6414ba083

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
7a034eb7280e399fa045ceb8a86dfa90

SHA1
7ad46e76c5c441380865c765e1f316450f2a49a0

SHA256
bebe569587c4684d3c096f59f6388f752b4ba453950fdc70995fce35e619a042

SHA512
91c191104b8368c2ba18159827b4f37e1a3daae7805f28c66f90e969d354a2ad881bee10090eda3820431e569c61926bef36110ebfc0192309292f65d8b71e99

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
196077c472e685f088b8bfc77a6a12ad

SHA1
d97b064ef1e663d22023bf7c2a6f41d6249a103b

SHA256
ebd0e6ec1509af25afab4222bf5ff6224099d23e22bfcace1c8dfb8a73c6bd01

SHA512
dbb2fb58b1e2f2b776e09f1c0864a0e58ecda4e7a92bb84dcc0513521b9f9fdad685470c0cddfa00349db1aa4bf86339f955eee65faa8c9fea356a068fe14852

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
9e3f202540a1e20a0584e153ec59b313

SHA1
780e0b0f95f9c418a0a6d5dffc8661553d57a85b

SHA256
62d3505e71c59a3d5103009a969cedea8458d382c630b7c500218f88fa4015be

SHA512
9244ba898c0049ad12212b3ba6b0547bbed01f68ba6e16959db581ae00092f3605cb73c8864c125ae382710eb67967f34913c072ae9fa044d46b5a038e988b38

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
8bad20eaa33cc58d19b2dbb75b66ad6c

SHA1
badd2b9ee141324e1511677453ad26c285a6f211

SHA256
2ddb3dced88f097ac36e6a5dd3ac2a7ea8b439482ae8853481fe125b44b56453

SHA512
e180608e99efee2051fb6663db8735463a7e82a149c82387232d37218042cc3d721d6b77930bdd325be4c94b3b77b6f130e0706b0fa2a50b9b97c4e094cfe6d4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
6d02475b23fe417ffd24c01011a0402c

SHA1
ac480fed4b39e37a187a3be2b151d25f8b17c8d1

SHA256
3223c736c38f68ca3d92accca52daf093149d9813e8e9065278f6dae4dc41961

SHA512
148d1a0a20924838740c493248b65fe4e593db94822e866caf2ba04ef39a843b4836cd011734f9f979e0d2144c5b09c34cc80b29523c9687202c614091f97770

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
92cf7194e90c6d65fc1c23b9e4370d3c

SHA1
6a7184cd5eb98ac598adce51cc9498fc1720429c

SHA256
e0e8f607d7212d3fad62738c63f6f13420f358b66a34cc89601ba0d65bbfcba4

SHA512
4587e2993189ca6fcb9fdf3c666281b406955575b63b533f63717aa25e6659958aa879ef64e1a06df7b73088591aab81b2bbff9b0655d90b8a2e0d3acf6ae6d1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e9cabc516a8e5d992a8bd827f283a993

SHA1
8023ac9be8e8756c8ff284ac19dc0c4b091bfe54

SHA256
fac89dd613df3dcc3a348793478c74e08747a811ccc9081309869fd5f2c481c7

SHA512
f4f7ff247562fe54c4d1b163dff3c587ad886d666f6b8bae93d31d2bd775f9520e77433b509487f136a1145267f6901004b68621a4498880f7a2f341f8c2e062

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
2750a616f078d0b4b432678b2989e895

SHA1
937f8026b0c7984d59a1c7b29760a2d219f274fb

SHA256
6514759cc82e692d1b7e11423630c373c8e282e75d854919010a9a12ba4b6b40

SHA512
dda99f5863bcae42a71999341b046759e495735d724f187d82dbabb49a11fccc20ec5adfd9d0776418fa7ca864e65009c5165f212aa790a6e6f9c6bff07d32e8

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
186c71a5be0123fd526a9ea3d096846e

SHA1
a5e9dd012a3eba8716ba97c0c1aa675f4c5aca67

SHA256
2edffea9f7db0cb219553c7c12d210743960dc71fe25daffcde663d8874aaa45

SHA512
e09ec6fc4681c3abf54d32ca5f920dcc5e7ea3d5f86c9b87d26c30cb0b77797bbf2ed7cd716a1354d125b85cd07bc9f8f074d498034491d2e84d7c47556d6862

Download Submit
memory/3204-6611-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-10902-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-10778-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-6612-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-11217-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-11222-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3204-11223-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download