xorist | d016bf6e8ee34476729a5d7a8d33f068344ccb39141f3091663c269a6341d9f7

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Size

7KB
MD5

41084ab3be6d49c1483b0b192de7f636
SHA1

d67312b7e4e6c0c127b12ca1bda92a8c7ad7c6c6
SHA256

d016bf6e8ee34476729a5d7a8d33f068344ccb39141f3091663c269a6341d9f7
SHA512

7abe0cc4a5b8c5ddec7f57179b08bdef48b2bc6a2ef1bc1297c5c972c76fffdad8f389c11bb0b12db2c5aedfed643e668cd2e9ed37ee634a799491a6e0e53ef1
SSDEEP

192:0zdrr1FG1WDCgmjPZFeLzdtPJftSGMUA:0prr1gkDCgSaTFtnMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1200-5968-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-5964-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-10579-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-11003-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-11336-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-11339-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1200-11342-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe"	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsynth3dvsc.inf_amd64_1a08a3b6cd493e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1200-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-5968-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-5964-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-10579-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-11003-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-11336-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-11339-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1200-11342-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\LargeTile.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-white.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-lightunplated.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W4.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\202.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-125_contrast-white.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons_2x.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\SoftLandingAssetDark.gif	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-72.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-256_altform-unplated.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.contrast-black_scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\ImagePlaceholderWhite.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-64.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-400_contrast-black.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-60_altform-unplated.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\3.jpg	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-125_contrast-high.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-pickerplatform_31bf3856ad364e35_10.0.19041.264_none_eecf491155b193cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\500-17.htm	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..randsleep.resources_31bf3856ad364e35_10.0.19041.1_it-it_f5b981a11104223c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bcrypt.resources_31bf3856ad364e35_10.0.19041.1_es-es_2e1f803a732cf01d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_10.0.19041.1_es-es_3a8effd9560a36de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wmsdashboard.resources_31bf3856ad364e35_10.0.19041.1_en-us_f7e7f4de797fc24f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_fa27bcd27422fca6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..itybroker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0ff5d32a69147f8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ion-mfcaptureengine_31bf3856ad364e35_10.0.19041.906_none_d4f48bdf30d21e3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..erservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4c6476011e83dfe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..cesetupui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_56961a0e15460059\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Assets\SquareTile310x150.scale-100.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-newtailue_31bf3856ad364e35_10.0.19041.1_none_6754931ac9bff51a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-opengl_31bf3856ad364e35_10.0.19041.1081_none_83a2dbec3e867e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-imagesp1_31bf3856ad364e35_10.0.19041.1_none_9a5903c09209a3fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_301d4259fd80f0a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1266_none_9b77d25cc7b8e67d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.546_none_1940aa219780b314\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Device\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-internal-bluetooth_31bf3856ad364e35_10.0.19041.844_none_539fca50063617b4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ececcfbf6bb1cf51\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1202_none_fb3c6d3331975fa4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.746_none_5b105a4c330e01bd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-datacontrol_31bf3856ad364e35_11.0.19041.1_none_083e5b98dec1caf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_10.0.19041.844_none_013070b40ccb09b8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.19041.1_none_e77543382d72effa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-halftone-ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_1fee12ede2c36631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-24.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.activities.durableinstancing_31bf3856ad364e35_4.0.15805.0_none_90e98990329eb40c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.19041.1237_none_5f00842b9149cc7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-management-onecore_31bf3856ad364e35_10.0.19041.264_none_97d9b43333298975\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_et-ee_1ed1a6cac19c067f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_es-es_3d00b44c36ec5d33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.1_none_1b68aed5d36bd3af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-win32kbase_31bf3856ad364e35_10.0.19041.1288_none_233dec521bed18a8\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmsvolfilter_31bf3856ad364e35_10.0.19041.1_none_0614bacdfa299676\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_es-es_f287c4684874aa25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-npiv.resources_31bf3856ad364e35_10.0.19041.1_it-it_29f108b2efdf7dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.contrast-black_scale-400.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ewall-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f92f8955f4897f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.546_none_5542a2e0ec3ac491\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9df1b34a72d7faef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe.resources_31bf3856ad364e35_10.0.19041.1_it-it_40b665b37e8852cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.746_none_8a469514405342ff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ndisuio.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_0e3433aed88157f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-globalsansserifcf_b03f5f7f11d50a3a_4.0.15805.110_none_15cb7b4c9783c801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-xbox-gamemode-component_31bf3856ad364e35_10.0.19041.1_none_3784423c35f2d5cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_307d1165f6af7cea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.0.19041.1237_none_77b29200e9d368fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-luainstaller_31bf3856ad364e35_10.0.19041.746_none_01046694fb7b57bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.19041.1_none_0d51a8a399d5452c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_es-es_81e2b73dd9b1b23f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iologgingdll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d7f0ec96be8b1a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_it-it_c04c880458129008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_10.0.19041.1023_en-us_7aca3dab28c636fc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_10.0.19041.572_none_69f868caef559c22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-adsiedit.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e5095ae3d0c233ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-125.png	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe"	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\ = "CRYPTED!"	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open\command	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORQUAXCYSEZDONB"	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\yymq9398r5uRQCv.exe,0"	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORQUAXCYSEZDONB\shell\open	41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41084ab3be6d49c1483b0b192de7f636_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
42de1c0fa28b3e00fd9976c2f512c202

SHA1
3a8773563088d17b42d050a436c2be6be67ce444

SHA256
4a643778ea62b6b697dfd1ebcd1d4c6e6bb0c2f0a923a2f63eae2a145f1f327c

SHA512
1ad62fd7037c773611547dff8bca42724e6b8bbe58f680a9f6cc4cadf0c4d288ead0ddcacfee099048238985b1b658ff4ac32897c8e59ff1c5d1bf17c32b6fb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
ada2bac539a008bf026c968600f31d5c

SHA1
d4fb66960a518f8c2da7e43d19c2ebb02e974c66

SHA256
8438df5d9a03317557eb84cc601628ca0fdc487e6066b50b3c048e3a237a1ae9

SHA512
103e6d26539f5781b17f8f37618e16ad7996d2b9ba03a0aec04b168a17d1dcdb8536dae6ae54c0dbebc87efd9dc3f779e7301b1ef2cdc294ee845a5f68e29c19

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
eadf761d84f689906f81750e67251232

SHA1
edd88e04cd971025ac9372a225792c10d9e2381e

SHA256
db734b96297981b56991870c6458ea07245dd95e5d114b534d6ba938ecab3d65

SHA512
6ccc58d9325156bb317b43c27e2750485bfc5ac21c92d50354b9204db75e2848b64d89eb2349af392dadecbd9f1c93401d395edb715abf62cb97b79618742f3a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
0bba8880dc2a9434f95dfea38858544f

SHA1
3c2628d2bd5e40f6172edc0c087ceecb8a175cd5

SHA256
5bb7b106480c5716700f3d5a39e7fdc2137e1bb02aeef455ff3e6ac5d45d8e18

SHA512
98e7f91d63da62337be9bcb7ec54ede996566133b40c276f1353fe4ced88af0ae8c35d75f7214cbc07a160c05f8cd3d219e9a40ca9f5678919d8fc79378e5b84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
230b24dec031911844833d679bed87c6

SHA1
0953c8232fe2ffcc79904e482b709d7c142c6d58

SHA256
46036787c5490afe6c226226d4b667e64460a34c6412224b4ea3fc653f0b79f1

SHA512
5c236f669ba9895ad17cc88ae0ce1c1af18ae6ef3894a02c8e4c35ab53b0c917595a2ac6adc4925e1a1e11ffac300ec7ab71ae26ac97d65439ce152e9f0c14b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
d87abc3bfe1ad4040b0e88b9b45d9e91

SHA1
b66ef6cb69933de603eaaaf1b6b3f51858c4f509

SHA256
7d506b1837bcffdf0178bf85ff0c0e9525e47e5b2378aa9d0dc901bf9349d49d

SHA512
2889e641f711e03095d9a1d61033dd3508d0f25b46ae702e99e0d547ebf388235c897bea0a1af788e1472157dc0cdbc8ec724fcf4f1f260e83152ba069762dd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
3a6cacdf883d128e7d2410a4ccb41e35

SHA1
00e67ebcc11c1e7cbf79cd598901f15d7a3d7143

SHA256
601de6e8b5656bc7011ad46b0ba9c5e108b65c6791d6e0ba79ce94ef846c9b76

SHA512
9b201e0bb1f8bb79e38091e73b29865c86353860485e1f2b6de4f0d2a00074ba84fcb6ae3e4d8356180be16e5e553da60994ce3704bdcda71292778b7c18cdda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
f6e88ac76a453d35727faf56cd042f8c

SHA1
3cd584c2f649874edd9a64919c20df56afb40dcd

SHA256
eb395b8b43d72e232a901bd88c9d067dff90679279a4b7b172a38589b327d1f2

SHA512
ab5a9933020fd5b8801d87786ac343118f1c65f838e3302812da3a0d31a83866ca068f9feee2ff77aa730ab647d54f0abd9ee50ae66d8d1466fbcdd519fcfe29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9e00ea326a9227a4fdd58a35c1ed3dca

SHA1
550dd28f7f827e69cbb02e32c4a21b12f42ebb12

SHA256
cb1a9c2cee6e7af118856fbd53960d0682b6f511eb6c9104aff0efbc3d45c8b9

SHA512
6782e4d3f142b8afa55840e99b65ec3e4b175ae5a8a46229e2f2a9d33ee9c0aa3357a99eeabc422eff6d5461922732b17c9241223226190bb956453f7bc581cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
1914f75d6f5345df619b824f558e1402

SHA1
b28daf10c2b4fd771590ead0c1f5fdc0cc56ac78

SHA256
d658c861dd3ca169c4fb00e03b30da0dd1fb574f94d8eaac0a79de651ad056e1

SHA512
75e073dad2cdf4def997a97e5b776f00cb9d492887b247a0e6c66013c3f430179dc8f85cee873e2ccef3dbb48bbe9634281150b6127f427b5bb875f2af032908

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
1139f124f40c618812e7f75b5a36b5b1

SHA1
79a9804331d8a351cdb168fe5219e1b66de498a6

SHA256
a0663e15a9279a74b481ded41b75b92a75284776249928905a03fdd438889fed

SHA512
afc9e762b95aac4e619290528b88614903df80d6660cbe042d0ade1dcdc577dcf0d4d7d2ff5dea948770a040736d2213da91a7faaf293b68b37783d04889bed7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
be8ca65cea4ec7427953cc25b655807b

SHA1
e3659e0bc7aef071ad4f17b3d529f1c75da5f521

SHA256
49c99106441a40b4ff089919440efd78ec3e62c6c955e75197c8bd2fe83c4f3e

SHA512
70cff6425be52b00a646c895694c1d51f1a49326f528085926947c4780e46000b30f1a7da78962462486e740ba0cc322a66513af8c069f9be1fd8b05735729da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3ac1a27a11fca5ff40e16277cfcc0196

SHA1
ccecdbba8f0e1f48ef270eaabec41cb4e2f4a3ac

SHA256
48dd09468849ac02b36df2067cc653558101868a796a02abaf2cb270328bd858

SHA512
17734b2d06a9137f013e9e49067791049bd535e542178a85776473cf06a460cca5ad48adc1e7a68b5eae9527d557fd2bc8fc5ea1586f3e9b961b2ae308d52505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
f41a4045ab9cbdf053d19ac07abe7c4f

SHA1
75df19e8b74c20ff5f810289f3bd2e11832dd336

SHA256
250eee58329ffe2cc3a77ce45dc7aa7d122bd37776895d54476897e62bb91354

SHA512
06a13d710c9632bf2dea269db3513af559efa372474afef18845872aa287fe13ff94c2623ebaa08dccb4739089d6a938f3148411195c666142d494eadd90e51e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
842db9f5d7cb70610ad030ef262e84f4

SHA1
a324c9b65fe7efb87d95245979c8d989fe557f3d

SHA256
4e01cf4612e482bb6a096243a982592a31910e804ebcdc87a439892d9fc51508

SHA512
374b946318868730ef6d66bb3634e930760ac91df307c2e7045f40e69d7a7d3586bdec1293f6d6cb28e1b9e96023db33e53e8cd4b2a244424bbbd3dae37dcc23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
e82b7623d6be33df407a2d728bada63d

SHA1
e2a6f1ab1b51af14889ac1f9b18216c4138c2805

SHA256
7be94ec2a61c5fde2cb3f23975e25ebde438772a19d84fc6253aa3c14d7c67dd

SHA512
f28b4b5b2480cfb9b62f4286114352091d1315acfafa6aa99d613e2d6a167695f7fd98f6f512dc67ef2dfcb8ba09d9000b3a5a2cc2f9ecedac615888a24b23d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
3535ad0d8ec19e486d4f74bca7d6f3c4

SHA1
1b35d6de2ecf07dcaeee2a21232c5c7589e63994

SHA256
87802e89e0b6c5e147a015616f09b94f14c3b775e11d826db6b1817b572e7964

SHA512
c70ab3b1b2d1dc90cf227fc821a6f90ff65b536bf723073459753df487df8cfa7b864468a1908ed4178e80e96337280e3da7c6f01e5c7390fe6f4f0bdb2e1fe1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
82190dfdb56a34bab9aa1a3b87ce28fc

SHA1
5e164f966d29166ad3768235cf3cea888a2501dc

SHA256
63483bf7e2bfc5186caffcb332ef802f16b79958add3c99c21d7caf567fe7677

SHA512
1a599f52ef19e0c0788a25c1dffa9ab21e35adfe3980aab14dab8296a4ceb6254661719e69a0ab07b7804ad28d5a40ba75cf7bc4f30757d5f14c340e1f3fa9d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
db1fb919c2cf7950e82ba3cd6841bada

SHA1
27d1b0e979ed6b96b98090ec3ce9a54bf1a47354

SHA256
5a7b503cec71b1304a9d9fd5068a9c9b42cf66c3c8968865f1071dc4a50ad091

SHA512
4d6157b6aec58f62c1fad5ad8918b01986dcde3f278276d5c0091ded1bed1b2eb1641b9fb9d972bec62eab913aaafe46ae80adfb1219a7a313c880063387e250

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
4ff9415bf7dedd53a7d358ca2548b73b

SHA1
c8274a8fa3abbd0e9f9def032d0b139bce98d006

SHA256
62e8ee6955997d714178a52f82e9d0f8e77964b18dee5b76d96f15994559b90f

SHA512
1aa856d076df405fe8780f9286260971dd473c758876542c8ed55c2a7dafdb848fd336d264e44e70d3e5ef7428e956827fc14f2409ec9a448eddaaacafda2753

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
421982d65b98867f2dbd04dbef16383e

SHA1
26536e14d236090efb3823fd9e529c27febbefd8

SHA256
d366fa3415006fa7864b4d3d5bbf11979eb3d91d67c009e3256cbba86697a897

SHA512
0fc077ec11e31bf57d65156ed12caf06fddc1305b4cc50c3f699a25614ec027e6346e0aeebb7d7931d739ba6361f91566b499c83d609502fff6d6bccdd63fbb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
ee4dabe33d22961daa408b4f7f347e2d

SHA1
b96a110447c368ac4110a0d70d72633824e20055

SHA256
e01a1168f18ae809daf850f2613d0550db10762bf8508f2980229cbe49806ab9

SHA512
2d093ba687ec582492e77211b7311243bddf04f93518b703c3f7a1840137e0bcce3e0b8116b74c79185739442232513d0e4a6968ea5c9b6f3a7a26042923ebb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
4502d7db45c3cc14cc53f67f205d8854

SHA1
02139987afc97bad938942f5f9db80a25fa065cf

SHA256
8f77ad5ca42cd63cedcac827ae8efa7cf0a3194f91579ee68c9aaf122b1e8154

SHA512
746a0dbfe8c2fa92a57e2790973cf81f70ee501d0e5a3816a3ca0e31f6e8ac9cdaaf92fb4efabae0d8ff8b9beecf8bbc793eb626862214e3fb4dd77ae0f7c7f0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
eb9a304f785e0523cc27d3caaa1bdd17

SHA1
207619318fae781c0286b8de1d727d4b662b8cca

SHA256
09481b78342ab5fee9ce6986a325dbca04d3593a566625f2a40562ff78aed991

SHA512
60af19b7956481cca63a6adebe694f7b23a2502def173bed5f7e2c773250bc7925aae50de23e5e6323f5f8bc4e0bb7b90f8ac2fb6f22c2075ffc81416f3bb1e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
ca700afa33132cb5eff3f26ca89edc7a

SHA1
95c26624b65d2aa34589760543368d3cd7a571ed

SHA256
7805e1780152b4599ee720fa53128038537fe43f29ef462c22e24ed78af2e3f2

SHA512
dad3bd190c17f5a0b551c272fd8b6d26860409405d06a016de78f499fdf2121acbe986becd5548692decd1be8962e90888fe625a2bae985201ac9f25dfdf410a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
86f25551c7e342891480559dd1cf646c

SHA1
75dcc2190d4c7241392495b89fa7104939fac526

SHA256
73884893fcd75179b9032ac4421b3f3b1d9d852ef38989790720973cf61dd867

SHA512
c2cd003e34822dee5e1337af3618ca79be74e03ec34f705391a7d02cae093cf51f088d407ba808462a83dd3b5d66a3f2506b39ed1937e809529bb03033f50744

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
9c9ac39c14ee6ddec9ee228bce232063

SHA1
71fe330d4997150eeb34701c106bcd23c6881cc8

SHA256
c12c85547f6b665a906ff2ee6f94974e655d27d462d2c3cc4032de8147dba966

SHA512
dfcb5099627f7540d736a2d43d46043df1e454af9bfd1fbb42e399f70156e5da3138c1ba70a0c662840494abaa14adc2c274f025bafd69d4ddabfad47cee8d18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
55aae99bc643aad1ced001ba4375b42f

SHA1
4afd8f841e05f52a35687079a1417432ff72ed92

SHA256
6a950a649ec7ca64ca20a8261165c15e6f503fbb43981e6c963ca58d7495072b

SHA512
3f312719c1b31c05ba3984fe5775d027a3391ae57dee64c29c65c8947d8365d3183f7ac46b32bd040e37c4c7d9aa4d5bc59ccc40d21baf2ff9f30ebabd5a1d99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
c9c6cfa650690cabed9addbaef417687

SHA1
87de30364229bb0b346f2a35146ae7338c3e90bd

SHA256
410bc48c26302f68e27ad629fa37b68a53ceefe6368d73a24f1abd60463cb606

SHA512
1f77b8bc7dde3814fd51be16b764034170b1ba1f8595c4e3811c95ae3ef33f69b360b20c0c6035cee0498987ca8628ff2f708a845afa5c3ec562f00bd011b248

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
7610bdc0da8562ccbf6f716f3090991b

SHA1
9427cc977a68120a34c8aa4ec61e9cdfa5ebc1f6

SHA256
a810e9685e2e3557661e2b6cf3a412814c109967ad96c352b2911df067dabc0d

SHA512
bf0758ac05d5d3112aa07637f05fb6c49b9d918439a593ceb533843c46edbab5d6395f0c2cb0be61d556f56ef4b2d148a602098eb3a884fdcfe1534f86a9b8d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
077599c343b089c8d9ae2f0c53b0336e

SHA1
c19108d6e3a5799f76628eb5051965c5ae75c837

SHA256
2c9a759f778b8c3e0ce732c5b905c94e272385fd168ee8d51eb249b9783de205

SHA512
1a813c91fe781f60dcd836352789f65665b5779a53306fb560ead8af97a900ebe78a0e63331e0bae9349637acc6dc8f23bf7de2263a7a9904282b1c4e1127b3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
8ab9379a74847104c6276dbbd3dc5929

SHA1
8ad90cd5361362cbb9a3f06f34486681aed86ac8

SHA256
71f83a340008e1c70d6e4b467593e1e1e6c249d01025667f6e410a727ee1bc9e

SHA512
acd9c2b4d4618faa4bcbbef0c29946b892f5b337b3be78ff617d4ef01b954eb14cfc07c504662c2f5e599aee8e117b9b0585ccec995afdd6aea9bc316823517c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d5541b58d92730670d06dd3f52ddaefa

SHA1
a8b2a5493b5db4f4e1d6924eb4ca06ddfdd3f2a5

SHA256
6a60e2b8acd002ee4708bf17feaf46bb2b2b9ad38db0aa17d8165b097a14fb10

SHA512
45ea364e348f97f41eda27e0430790e7301dac7f636f6dbca04040fd7d13efe4d13c0d72eb4fdb069ac5e6cfd7df34fa7d9d03fd8dbe8ef94e2526d51a36e419

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
c95f78dc0111b43ee31620252d168c8e

SHA1
e87fd79bba2c7b7ceb0ce69690b8e21365a9e217

SHA256
1f01fd031f42224449d87de1f1059bd177cac0782e129f9bc3e2ce0689b2c701

SHA512
f4ef9e982dfab04c6a8b2a20b0303408d04aa5a6e3faa164759de5d8f2aa96d1ed1c43fbb93ae831f543994201203ba456da79cb102ef197adb893ad171efbea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d8c6711e34107ba80c5ba399d86a6969

SHA1
ba51349370fc47be6c3bb0380b704bda365ff70e

SHA256
2dd2e6e59ae5849fc228fd69861cb983b277532ec835b2663901adfe2caa17d6

SHA512
a841870a6bdeb3f4707f63c1270a8ac147285b1025d5352af3581f102de1d05cc8b08708cbf2a77cd45dade78e444b737e335482c3eb593fafd7c4b3b606300b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
255ffcb80e88071692ca679326d5f148

SHA1
c4767f4c9f82ba8b0545596b02dd42ae74174240

SHA256
ef705fa51de5a636149e65cacf0f4f0dac9b89ff21a60505a18b8e686e2bf1f6

SHA512
60c01431ff336bf71f1cda48cb0004fa7f6aac00c8073680d8b08acdc50bea3c47c3b3e00608c36f379b3d7ddeac8a80383506f4aaa5017605179adcfac7eb54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
24cdd62003308967377a44218394ea87

SHA1
9a927739b716d05e6d770f633b0481ae234efd18

SHA256
ef42beb384b22628e27310f5b95629a9ce7ab7e60480c5285f24fef78c251883

SHA512
d3c2c94e5ca9fa701cea952f3ae3900abf2d4384c042c950eb6847f8d7d204aba2cc6451e2910101daa9a7e27893fc35a637e6b2cbd79631c0e8aab8087c8818

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
487467aaa847f0b67bbe33ca2f61d1e3

SHA1
ded2fb42875803759b095356767c967eb2bcb85c

SHA256
8d4023762da72b9e4d84a36cd394064060dcb1364df58e89138153b62f660ca9

SHA512
062fc30ba59634b793a008f90aee3ef2049b774d68540a86e8f2c1a2677218f93c2f135f4797d63dc7a4c5e9f3664932c72b96f81d03027f6b592ce4fec36b8b

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
d27c0c5fe3e64ef41c0c03e28cbfabec

SHA1
2bf7c130c5d4b0990f465f54f19ea9464e2ebbde

SHA256
522804a9bc40d71d21dac4feefe348d63cdd7c16378823cbe30853138036a59a

SHA512
b95a755e9d6af1318757ac00ab98d6797ac30da652ba71eb87e5ba8f7694b570d9a7452536bb74bbbf3a2fe197aa7c97be9255c665a8eadee3c78c258fac2164

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
2f6b402b46659d337b3694478244d0da

SHA1
6730d4a655497d11f7e2b7055e2e7b01df562a51

SHA256
660f34d9b799a62c420b5547f26cc7c8dfb7698b0d00589c68e60726af2e0497

SHA512
c8c679ed0f1eb5b0f579dbf6a3a1189de2d39c40f882178966349c4ad630216449435d2598a68e3fe6e644a1eb1b24179596c13f73eefe39c0112c2b32e46664

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
5d0949a32c23e0e12a45affe84f4e44f

SHA1
49c80436e1318a0792d3e32c7b3766ff598ac1ef

SHA256
0d459b471fb6007552c09f55f7a61a1ce772325b7e75486198d2ee72c6470727

SHA512
fb4db542a80829040edc734fcb5f1ccbb4aef7f2a1efe18560fedccd971b94bd4804fbab67f1ff2e44466f5b20949a2edefa59425d68e435a73a402af1331787

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
830ba4a9133bc9d57432ea361fa92734

SHA1
2ebf3bec2a06fa5da3d97345b4f3ec43772953c4

SHA256
6ad48d6bda72cee242b8a4938765a90da04f9622cc82b4c6f9e4d96a3c012b84

SHA512
b3d7d6d55cebacecc7a61efbde8662c2cc95f1b0f9818562f75e5a2a02ea2b4787481031ba8637797dad8e235c564da3307c11121a18c14cd8e6f9ef77a26f50

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
e5f08241c5874748003f09bef88402b5

SHA1
a0ec9d3a2789ea32d1d8e0ca0ed5f245a46bfc14

SHA256
fd87276c92ec5f97964248f9c48f4b2c90c31f66702500cf90a19bb13c08dd86

SHA512
c74ecb1c02eb7c91e31e2525235979604e59cca19d710538a1ecb009e5d71bd9434095d10e5593643ee341ab0fb23f1c8eed0d7d716aeefe811fce7046354886

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
21928b485968656df8789a92df50a94c

SHA1
d4dd35083f187b698de4278f7771a94b9c5a3fb5

SHA256
741168329da026d00a87a5d5e42ba6cb0dff5e176849e4df355de8954a7dbb71

SHA512
7257c0b02eb82235eba9136cbd8c7828a199e565e02733e5daa81f108f1040e53ad48df3ed31fc579452607d456ad63e6b1e78425ddee0abbec6f23f5b72e386

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
a0baca360b44778551ad29b211c80fb3

SHA1
58e83746ef69e0b64d5f8de7dadc0dd5094ae731

SHA256
0b2f46c148bb83b7bc4b272d7ff21a050732cb311788b3891dfdcee08e52ff23

SHA512
e6690f65884258aa861c65786fb144be9205a2c5883d22fb00c72b5f0874d80dd6907f3b8ad84300d340660e44f5af9b090a779b4a7e47e35baeea75937446f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
f18619451b49991626fa99034da81ea7

SHA1
334f53c8786dfdc9038e6a4cc3a8fe1e05740fdc

SHA256
6ba1e3a1e9b3f4c79bfa15a2df2f1044968213afbb279f0b22c79761d0c42f49

SHA512
d42f72816a2209c24f412def357f509e5192b58a8505a8c254c96af5038a5cfcdd9a7487a35622b9962a1fd754db1e473a404ce188e610a47820fd0be7f1fbf5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f6096223b3bcec904ca25c9639198803

SHA1
7ff2a3dc057bb101249828afb7c5dc241e688889

SHA256
d62037844e461108dbba112d1cad9d664e54c4ab4e8dad9122ab1242819feef9

SHA512
20a3e12ac9ef96a64afeed85033c379946d08ebd376c684f9eeb8296a063d8999aa89d6e4478fc101e590d17d8992ad01fb8137cdff01fb5413bfd38af171c6a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
ff01db01b7295cb54eb9f19ddbbc411a

SHA1
19ca94b59cdbcc6c61a0c6d35723225bf689cda7

SHA256
7461cd11fdab69a197839a726707197da7657625790fd7df3cab188070217880

SHA512
2a2b8a420291202bd2c7e8984b6a4a592adafa8c4efe99bf5804c56a4046ab1afa91fa13450ca47427791f6aad729062a5901513725e4b2f98a71e6a1d723ec5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
579a7a13841a7aff49413b005f6f0bce

SHA1
32c3bee4d17da3ac5411788d8dd518c4d5278613

SHA256
f8b08cc4f60e240a4cba99d9bb2f11638abb1a3d3b7143db0a007257e0daeb0b

SHA512
090cb31e74c5f08551e1c1db6522881eace108b44c99fc1287ba75c6158892cd297f92bb6ec8fd71d3107cbc53b0ac787d010c485f7efc1b012a05e7e27f1c3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
087aec4effc2562045b3f2c32fdff193

SHA1
2529c94cddd715771b23230eeb4e67be9cce9c95

SHA256
2b5eba7436cfd02f14da37e89cbc3b2fd767a92a9763977a530d3dc2838ed6d5

SHA512
cbd22abc8059655e0a44d70cae224beab64841ad767f42ebe1fece4163ba92291319a839f5c0bc139664c669a5f51ece30a7101dd42e42a9b12ef0973ffd62a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
82bd8a472cbdc3246e30736bc852a8cd

SHA1
a6c5aedfa896fe6363a5e1ccad51f89302ef5b2e

SHA256
47088619f381193e3a917107596abdafb01107b6375079850f83502c3c06e095

SHA512
12baa9d625ddc40ab1996f9eac5bbe42b78ab2396f408bc321e6052068c71f8bcc328db56a0dfe1eee4fe2036c89f4f8d85b2de6a652700bc6f7ed8de292760e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
833105ad2ba028608a049608b6a4acbc

SHA1
b972b6db25dec4efd73ef8e328295a279e5e9caa

SHA256
974b7ac0aefa2fb903ef1e6cce661bc545e1925b1acc24fd7613a5b645c008da

SHA512
4086ff2c9c3808c023c151e6eafe655f7d077d758cdf4d03b3ecbd8e9b41b7b75e5c97034df25424841cc3c929bc323e27c3907e5ea061d06a22deccbcf2e6c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
c067e6343b0a25246096f17f5a0f13bf

SHA1
aaff54a2bd2a6f94b0ed4cc7090498aed9f66b11

SHA256
01f8dc6471daee60a9787e2958a3ce23908d3c115aef6e03c74c704fb0fabeea

SHA512
1624e01bbb6c6fad5b1c3d8fa24bad5b49b0224f5323c6a3156cb44c79d1124dd513bbc3a1dc8f727d30a29d9d71b798016940e5d3b2599f6e912b51bda9fb51

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
12f70614eebe97609dfcae010584a55a

SHA1
323ff4d9fbee32aac6672df94b54cb4bd419a377

SHA256
e51ce9bbc30e308adbc1f05b72bf2e13f707be7ef2d6df8f467d1e3522b8c060

SHA512
e772ba1619456f90b6fbb6ca2539b6f1045c78036c1004d2099a989cabef41f930bd294178514fc10cb2a523bd2028836c98e0b9c3ea9820568b8c8946e4da9d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
e35b6073f395ca902d56af873cfc7b62

SHA1
da54901b2e55f2b97cf07f1292fa550e38765b4d

SHA256
c310dfe4433341427cd988034b3171501ef2dc82c9f218f5346c9253bbe68d0c

SHA512
099d0681af16f33d677447c52ddfa62e646d20642db159af86ef8f65f88fb3f316c3df0b89a75d039e44ce21260295502c8bd8347d76a4108a851574c07e45f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
37bb2fe3e7a25c5eb947effa4ade80bc

SHA1
7d176bbaa219ed15f4c6f8e60252ef5b197c5b00

SHA256
48e83950d34251088bbba407a6d7eb1950dceb86c62425896e9aa61ed830902b

SHA512
da2ae08328d6fd5e4c6d418044c8c69fe17922f744a512f43606b85aadb1f49745e3f74e1c589fa49a69f64b1180c560aca51c259fd50ac71f0d494843aecf0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
d21e30cfff30bc5a2ca313df97babf3e

SHA1
258c31cea6116a57ddf1974b04c4a0eeb015d532

SHA256
6f19d00f2711b3337390c7f15f7b201a37c47d301b8cfbb7d344f837e949ce59

SHA512
0fdedb911320ce259d12936d4894f4e08f32a95817b71275a634699b032e45db964bcf83d60d47c2e90f7e06dffa6e865b92a93608856a01fc4951fbb88967a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
78918c7e80100a8a8f64b4418fe20344

SHA1
dc261d179780d33e81e8fe71be6005c66dd60023

SHA256
b086e5e15cadc518168a23f00b8fda769288e096d38deb3565c501eb0be61e91

SHA512
3f58430a6bea33deb29726896c9340926f77540b3065491029990a170f026c45ea85b04d71ae2bb305a9bbec324c315b665299413ecd39d07a59000c65ab6b62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
3f25004c5f63a93e0e58b07f6d474213

SHA1
c4802ac77f6772ccc71bb5292d8b919ba178f129

SHA256
d93d67287c0f7da191fa639466c52cfcec148ffaa6c1859aff4ba97c33976a61

SHA512
26b48a723feb9ba389a762faf32a098f30841c2d2a3cdafe0b8a4121ba838e98e58ef6773767a8b3b8eadf17ee73dbc94c12ef4185a10670e9d287b7f9403b04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
a58fdc983b930f47d1f3dfb2d8445e22

SHA1
a9a6a407da90d77e8d493de94fe50d7e032039b7

SHA256
c35696d2b895aa5ba79a1b185ed73252f40412b0b29f6a77794906fa0fa6840f

SHA512
e78bb1163144508a87a9acbbd72418927f370467c1e02af33c96f9019680b413daca8c3a704f92d623b1a7fd14f3aa812c92b080a65c3078ff2997045b6638e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
2ee1ae9ed5a95eaf4cc91a5a6fde0ccc

SHA1
7b0e7b80407ab570246822b9acd8346e4b9dd5bb

SHA256
98ac5d46b1058b565db8269b5b5bf165e68ec9f9e935c436dd79bc5eb047d8a9

SHA512
f21ed4c0b11e11231dc52203f5f3610909fe7586c40c839a3e1467e86ff60b886b00e363fcb6b974367694a0edc3cb475a682038060d7c13302bb7680eca8a37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
32163a7dfd6879f80909e4d74a139a0e

SHA1
cff5db2b1ab83764ec1aeb6c982a5320c120d7fc

SHA256
8e85edc27a90ee5d30c2553d4ad790d4b3c706f578c122265fac7f86e0a5f721

SHA512
45ef10c743923ff106da19d3a42ca8f8f704e85e567757ad47531179b451372b000b52470a07b2df6541e692719fd615c4b01ee91395231b378d6b3d2e0dab5c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
dd7fa1b146492ab918cf0a7b8fc7ed9d

SHA1
fcdf969b7eee5c8bcabddf87662a1407a8990461

SHA256
7b91d59e12f45bd529d4ba9961ffb7e80c49756c876f58f43b3046e9046f7b21

SHA512
6f9d364d87efea7e03b921babc25407c5fad099e4977d3e09b8b148f421dff05565b972f09a55fb335439d30bf2b6eda072360662ee9aeb1f2d1358a66a4e827

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ec60da4f3171261301ff1f008475a3d1

SHA1
effc954e539baefea14bf5fa8498bca7bad5f1f0

SHA256
d2413a9bcebb50de4aaadeb972fab00fff774f96e690d8973047e4bd706f0074

SHA512
6d3af71101727f1c3c9ff0a7cf06bd6edb3d2dd7280a1890c4f4a18405b9043266081e0e6921c09cbe9a01c0601da9b26daccf6a3ee6e368f704aae54289a253

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
97159f55db20ef92744306c08cff1c0c

SHA1
76edc19171d303c5685dbe435802ac92d39a4f25

SHA256
a433bb458998dff192c237cad40b928e0d7b36342c4b911c034f061936781540

SHA512
93d00567ea7528c09b9d947494fc4a3ebd90b32429ba7d305baed8bc0b0e03d1c7c73fb8d405c769d6b73e1a9f2f17c8cf1dc5599b13bbc7b5e5d2b9e1824a0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e35ebd27a1509174192c9bddf26911c5

SHA1
5f6231be6d55bf109e8aa2a4486d7ba3b1477f51

SHA256
9057943bba8df28e832311ec6c14377d747f8fac610015c9eca718646ca7df74

SHA512
dadbd47f41f1ed9d5989ee0000a8d3bcdd7282de3e969e9f5307a0e4f101edfa716d979df143a8ff259866b45f2280dda1edf6d7e4df620c07aaf6c4062f5292

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
f8e45fe6adb9ee981751508a62887685

SHA1
422170a6731939170fbadd14fc99ea0184e66f8b

SHA256
47a6ee3f9dcdfe663014183e2b62ceef57f230c72d5a20f0d5fcc8ff80720823

SHA512
d1d67a01ca58deec4d5122cdceae382563bad0fa4c5ae00d552eec10ea99ebc103b1630f85ee3a76308914cdd39e58f62be531b839466a4db2d38c7a1fc523a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
273e4baac0126f085cbbcf0a52e9cb67

SHA1
27ec87c8d10d368a5b7aca0ffbe3ebcd191c64e9

SHA256
389a4ef5a1cbab435ab7f2c4836b88d4f15dad879ee4911195cfc6119f689fdc

SHA512
75a471744b5b5709d747c626dcaf15c086e170b05783fad45206ec2c5e81f22f3080f3f473a30b5ec223f9a577a43c1d8fac8e4504fe2d70464b4f8730031c65

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
c0bee552ef99b5603c2aeeac5b1ae3c1

SHA1
dde6d14660fb9b8b1717c6e7ca63ff5c93d16ec6

SHA256
af5ece8ec0b4ce96cba84ac74a959160d305ae4932b55ad4102d3a12a0fc715d

SHA512
70fd477c7b7fec492042f9d449ebfa8556ef6d9ef560a955677bf376b6f9127a55e25b01e0f1450d6e891387a5455eb37a79bfed9e432e420046961744c63742

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
621339e9a9b610d72bcaba9f0b8b7bb7

SHA1
95636d8cff23e84c85da701814137d6738c3e08b

SHA256
358685ea7ea9b26309b93658ddcd39caccf93c03d523972228834e8f313ff34c

SHA512
c849a9d8ffc5fce41f5181081ff457778a2fdaa9578bcd99b6b51bb8ef4b2e2687f93d0158c551722975c84280aab482857a3e4c0d3203eea00e1c77c6b00f57

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
c5c28d4976db3d8ef210028a48b2a818

SHA1
043c43f22f5b623886abde0e1cc274c01c68a044

SHA256
0b867c213a7b69c90549c940db6a0ae69b0806b69b4a6aa85160dd4a19aba7f0

SHA512
d3a8edca0cb11a999e2e4edf2904ee3ea94730e948089a54eebc9966c534c7a0a1ebbb425f9ff6e5a3d3d9c5f90fb8a7ed96abf164b0e850626a1cd492989d85

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
dd3cae33f7428249c9dd15b3f398b011

SHA1
06a77434a7664fde1fadaa48ddeb5eec6575e930

SHA256
93939b9a09d5ccadbdde36d56e5a763ffc0fee5ee297bbc802fcc10918b11fe0

SHA512
a8d415bccb0e7334ad540ccf21535a3d5627120910c3bbf5ce5c44894d824d77d1e1c558eda44f342080dbf84c19b80fbac573cbe96bd13b049823883fac1542

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
53e12306b4a13f1e0320e9cc894c7466

SHA1
bad5b0f114f3c920dac91edaf2c1ae46ae3c9d96

SHA256
a6451f9a2accd342c93de2998478028b843c51d4620319d0ae74fce5fc6a84c0

SHA512
4131101f58b7cfd124e3641dea4a4966e958881c6aadffee3eb48fa033d4e79bb716f4989cb0cc9c5b3e2ece86d3146ca94316c23b5bc37971f0aa9cb6448424

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
33943b88931e60e4bc6724edb9efde23

SHA1
2dbd74e31bd845db15722d1dbf60f808b3db133e

SHA256
169aabda0908c61ce5f124e51ce7bf4c8d65509d9e95ece8c386d99f6de636b0

SHA512
1f7c2d73ce2c73c7175b044a87d00d43270b227cb5870f64364a8c39d0715913da6539c7707469cc58ce0314a6100f23fb07b99da5008d7837496f2a6f04fef4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
52dc4e259b0d26d0c2a5dc27eff5796d

SHA1
69572bec0c62e74c97b2340b9eb7e4781157c14d

SHA256
9e26511a5c0d4a08227969383e9613bfcd2af180c0b5602b40084885c4550148

SHA512
d196f32fea0140f729a196d128d8715d0dbe45218dae26855e779bb350b37cdd6386a8084e1795f546c23273380cff31495f7b813ce8a23d69f38101b7844b03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
2d62362fc477163110d4ae00c7ad8b77

SHA1
22d4b6642a2ef997429e48a265d1f407dd41ba00

SHA256
2b3156cd8784f4b108b131f479cafd7e83580c88b62362a0a953401a870be968

SHA512
19e26b0a37567f79d8fe3de8e8c2f99660d57ce02b98df17823d5eed0ba5e6e4a3fffef5dddccc5ac4231b1bc1df1b7a288ab2bf84b96b35bf640bf064d23402

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
9a802f2488baf29fb382bc4f9a3e5d8d

SHA1
14c1d8528c5b7364e9839fd85bac820f710cd2e8

SHA256
7285c95e569d2ac55bff4a8541eaa0fd65acd3eba212d669462a9348c28d51a4

SHA512
07df270b0f5451bf2dccc2df898c26dc54305cfc5a4638b1da00bab28a04cf1fead0679fb4ca6ec8918e6e1c8919bc9ba14f8dd8aada5c784700f4b2cb27abdc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
415c17dc6994bb825077698eca9839bb

SHA1
b6b2b3aab19085fbfcc90bd191f533120eeda2a8

SHA256
b84b1270b182965e625cbf0c30024e96a62a4268035a173fb7717526a3afbc34

SHA512
e15ad23eb137bf8cfebe4760c5f5da37b8ec77ad70a4bc0635972bcc65f314fd53d4f484c51be571501dde9aba11a42a3988accb585ea4b0241606808c1746cb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
06d7dbd4e53f33721947db4c1302f7a6

SHA1
bf0036831fff9101288dfb89417381f16c55349d

SHA256
7dcbb17579fbe504a55a34221acbbfc379e4dcc586873917ca4cbc9e4fc617bc

SHA512
1ab95d21d51dc8fcd8f97f28b8836168c82bedefd75bd2d5f3114cec8b7d3eb4c3d29b3f29e14f50a237458a02b1fdca0dd5890c50a093a3bf8e3adbd74e366b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
5c1bdd263c6b58b7f26163f85b3d83ab

SHA1
99339b023269825af644f21f9e58084271acb856

SHA256
e58cbfb6be1b6eb2b536e90f87009ee88a30f587701a7e38ed3bc12a03611757

SHA512
56deb9ecb39d2500b7e2e903c51cdb7c0b94cf4c6f61d3c9c0d7d0e4399b22619249ee1241fe9ea966db543528851faf47587c3a28a8c5804ed46bedcda8cb6a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
33b4f4e5e398457accea0c250e00afd9

SHA1
37b323301a3cf1067ea9a8823ee0ca83115bf197

SHA256
c7f10d9d8821eb7d61575d313bf368ac7abdf3d4ed2c8c2088ae67e933b8c6b6

SHA512
7f062276eac3b6345c2c07765b33ca4c6b400cf4dba4262bd8cc00cfa7c19721fcced93570b9ca20368fe0a8e49be3a71800d9033f4c6d02a3fc736198f9e565

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6e2de90931a1072a0abdba66a3e1cbcb

SHA1
fde06de427204a01ceb5158fcc4c0acc55ac33c8

SHA256
94815f92c0618fdd512f2a05edf0308ee3b4c0653b1dd5013a1fb225e189c0ef

SHA512
fcc55915a58bf7a6fa91e12a8c57c13a9e9779009675770cf54d0a028505343932c4fc32e5ef1f08ee6a1e58bdbe5f55be16ce67aba35c489938c626f1437bf1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
0811e7b17bc9c5fd056a243df5f2e43e

SHA1
d558066fa2b86a2c18d904404ad149f58d8624ea

SHA256
98d52f0706fbaa6c61df7842039dc8404c768f422e60ae29b97c1a4ec9d80114

SHA512
4ed177280b6a6bb5917c1a0a0d4cc2a3c4b35c3a5513e7f3352503dbab5d5fea00482d0a752f016f89a50285fc6717ce0d946cd7954c489fdb2349300be36bba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

Filesize
77KB

MD5
71baef781da30f99283b6cf43a03e7d7

SHA1
479ab70c505181edcd23a49f395d33d3618afa4b

SHA256
bf3dd9252eb895ef6ada87ec2f9681d8775916c93cb08a1312dc5acb7355aa21

SHA512
c89a569c52c8a8ccc7b318bf77090166e8ce1e1d2aa28092f8a9acff8b816eeddec8dbf4ac29499d055a3ac6ed120f5314d42c7a18443266ca9d3c2a96a13041

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

Filesize
48KB

MD5
5682923152279212386485a5d266cf02

SHA1
6a1d051b50ba645f22bfea32242c7a10ae1bb10d

SHA256
d1159b5cbf0dd272dd4decbf723b6e34849640d03691c56fa78d8c13d8554bcb

SHA512
15727fc3dc903a3dfa2e4d1a0e70d04f9ff8ea2309ffeb19b0828b1231b16d21c946a7cc84e9df10168f3294a3166a2ea22dddf0b6a2336779b4ae49f2310419

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

Filesize
64KB

MD5
7cedd92402daf4e25c76e38e603f1dd7

SHA1
3810312cd0860b6529f7fe73c223f5b78988de91

SHA256
73fbfe84990fa9a5a8be2e3d9885c0b9e68a2bc6ea52dab6aaeb753d774b36a1

SHA512
1ef6ce31d388eecf378dd7b696557a40cd99b52da8a4a2df6f06ade415e52e7acee8892eb9afb3f33dee53a40e245cfcc095836612a3422d5621c2dfa8ffe4d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

Filesize
75KB

MD5
c301ccb9f5a706bf3bb1e2c1d9373a15

SHA1
4f994e266255123d20ef3c423dc171eac3e83557

SHA256
19b674a30ff5322522873943cba3a23b487df089c944f177061d331e463c1640

SHA512
798bd78ad61fc852f1f6a544f5173578388d7502bdd95f4a8e82518f1610f77f674b8ca41ca19385513a78d96b062c3c392e53c59fe641b88e88b3de9237061b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
62ce0da5ac80892fe539ec83fc545e05

SHA1
c0840f31b410286112ff3d63d2ff6ae49f099977

SHA256
3dd4095bde67466020172405c09a81cfb6635ee52abe2e1c43775e1d8d83c91f

SHA512
4e77ea23211aaa0287fdf3c32585c58c079cdad9cd931a0b7c74b0ed8afb49a579bb2fff2dd2a4944a83bde676adc2fc4549cc51db50c4f62131b3b820d4ba02

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
81fbb7ab23f23787af40ead269c0eb51

SHA1
8ccee06de90cf3011688bb7d4d311035463fbf71

SHA256
a400c4588a7113b503cf1ae8eb38af5f389d2843e8353acbab03dd79886128e3

SHA512
3d3fbd67aee7f4c0509535a74fe059ea15b636586a600d9476727ae37a0001515ccc9ed926e7c457b1f784c3c46b8b628fd3697e819b1e944e679f43fa44c010

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif.EnCiPhErEd

Filesize
1KB

MD5
4eb60fd541155290a5bc17dc9224f3d8

SHA1
0f3825bc33467b3d933356d329a3310edf408e43

SHA256
2046b7881b9f2e18d5660277ae6428a197ee03b3e06de8a0dae2ad06585b1127

SHA512
102b01b17fd15e695ad1004a71b08cf03143068f2e97f8821cc2497ee0ad4e804b42cca2274eaf6bb248c60a19a928d2c7b1e971623f168396a2a83f4b2b30f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
68459f615df8e7d7248a9a073b76cab8

SHA1
2ed8f590362685f0d7320f40c7470b2f20585227

SHA256
6808ba0eb7cfdc1780bc7f48ef0846ff26f057afde67af59aa8ab96d7abb6b9f

SHA512
5d93f7e0f771a618fd8f8fe8b74d48594e30f082c927cb5a7b69400f69e6d051d8b376fee41e18a5b527892c0d4bb6f0823761e7a6c9ffdb20963d77e0a2bce3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
248211beb5f455bc1b066ee277ebd404

SHA1
f8ded7d351fad489665d76a921641571a73f86dc

SHA256
d3ba0df6ebd25e00d445e8041b95841de790361e4b42c46514e3bbf878c873ea

SHA512
5550948cc70bd57ef0258b3d9bf6602a6a53c813ebe5380e615e77a87f31facde5f502a1349e35ff773094acc416bbfa6eac7a004d6c72524c65a36de4006b1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
5ff770b8c59c83ed2cd519009edb3179

SHA1
d91039836463da40761ab33461295ee6c4547c2e

SHA256
a638c49b97cf53089efa5a4d369ad83dec00becb8240b8aa0bfbf156ecb61960

SHA512
1025b8e110fab999ddb8a43188aa7c367d4178280db91a8209971b48df388f3bf9c557a385858950cac6bac688878a9615fd5d53b32639fc07839f48f1e5a734

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
0fd2a8adae74e716aea7e8d219be7ef3

SHA1
2bdc02e5bff0177a8ff74870cdb60fd37ef8d29a

SHA256
ace53d3c502902ff6cb2846c1e2fe3d5bd24c98a63d451d17651f2f4556c7259

SHA512
e399cdd6fd92b7448ad912cdd6c16a675ca883b06b72492887638e4f7a759ddd6eace3741f533e0b3a5773ca5eefa752773235415ad8637c5de61e18262eea88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
b0e4b86bf068ef42a00d15f61301d2a3

SHA1
8f321a35872b44aee7fb4cbdb958f8bd1d9f433d

SHA256
b080aa328f6360ba3c80507d1b5677d6cf0aa0c18352a4e48a7fba54f5819a5f

SHA512
d81c65f9c99b1815c035a38c8ba06b21f138c92d9e591fe6303dacc4478f8b03a9ed71a53dc10d2b75ee7bd91e2f6a117d446ae587f7986b74004f47c15e030a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
838faba3686168db638b1e744574a4c7

SHA1
46936b483487bd7e77c2d67a79c371ef736bcf11

SHA256
e836215e54eb22e0da4fa3c563e930f6f54eac3a8fce93acdd10a4974d6054db

SHA512
2f735fb2a9a41a9301fbe911aa14ee07cfc68f57e3951649198ed292fd93dd14955727284144b1fef533f8effc27b5ec2395f61f5abcec3c146ee0b6c2b39704

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
f6670bc357f96471468f6ef962415971

SHA1
f6ebbbe0954b336ab0355b3c386640ab81f0e786

SHA256
a9ec85172e3edf677e000880a485814f52ebee81042db5b727c5596fe8fe4386

SHA512
add49018a4019ece500ced0ea770edc28874e429d172157d7f58bd7cf9deaf780bff720993208d17e38091bc22cfcfb8c823b0658a0e81082131b2b20480b28e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
d37b559e4a3661c0cd2907a05e7ce89c

SHA1
5d41ebe3b67a2e9137c1f35ad5ac7448c0b301b9

SHA256
fbefd7f40f9248bff08b490ad467ee986949714dbe13ec1eb366a39639bbc8db

SHA512
9f2e8d2d081638651b9000472e944f878259faf64a9cc27472ad802f9a3ba8ac6035ddca40befb46aa59ac2a552ea566e8fa34dc8008d291aeffbfefec2a5e20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
87dab104115f5f444537b4b7974ea0c6

SHA1
48707878c873aa5c9dad94a98e65642456056bc0

SHA256
0238ec18e261836dfa8c03e5aa9221c547b661730e8e9648a9e21840238dec9f

SHA512
fb6699a719cd681c132759254fceb41923ff6e227df92b55eaff6c82ebe3232b86047a655151fe2c1d228830072dc3b7168179c81fb1081b43d6a53eebb5067b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
23d8f7aa77e0edff4ea6d2b854527c4c

SHA1
06319903dd4331d7ec5a783f9ff442172abbd79c

SHA256
390b0af89b8704508b671dc191a9b0aed67ca5c4fb4af720b7c60e74606fdb0d

SHA512
8728abe4f1e392e9ba33132fb8806a4df38e64bf137fac9213a238915602c7127f1cc5bfb5458efdd5e3f13e6b9df8d27ec1e5d8c2bae4881e9c090e9d7aa715

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
d14ba34d3b9c06d486d9d68eb0f8a29a

SHA1
dbf6752a44cd30d4edd3f71a87fc91c18cf6868e

SHA256
4fe3258600bb20ede72a13ec635bf4b5ad1ad2d2c664390dbfd66bac2da43bc1

SHA512
0883f02a822a5554a7ebe94444f99b26d3cbe8f1972b7cda61aa57f93759b76647072a9e5b7d932635ac967d5847c3a95711bb49414c176d947a946d82a3bfda

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
03ceed9f9648969a54a5e792cad9590f

SHA1
050d69154078e5857588e1042018c63ce2072d32

SHA256
f6beb5d78bfbe3a5abe136e1da7574411c266d35e86b437354ac4a2e79bfee55

SHA512
91140bb32f00fb15b1a2b438dd700075f49cdfd4065cd600f1e00c5135d1dd9b485fd2aeb71a0cf6fd972f4cce671e1a86cc2c7be4f3254cb3dae4d0f12b9162

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bf0c7437e245106e3434b40f02cd718a

SHA1
86593cb9fa4a8791a4dd9038319f05736ed4fe7e

SHA256
e781d39d15d7e529a72737614b0939a9d2846d19353084f4bc37f017a9168fbc

SHA512
3f0cdc539a1d10acae476b69f3f320af0522f0c0aa60931aa0597aafc04bcd57e74671985317dddaeb04d3742658b277089448c5312e410feae97ffb2a49b560

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
00e1a724bf3835992e0d802d4292fc63

SHA1
a71b96984e5cc115bc503aba9b0ee4e946ea19de

SHA256
7cdd058c3c7cb5e441ac5aed15814d8c938d6d7527cef40c6dcc10799347539f

SHA512
de00456f7f55daa3bb8863abb38d053f580699a59778ee35de1061254a25ea78fcd3f331e5b88eb933c54561338a57e1105d6cb4fb8bab9a153971837612eb45

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0733951ee3c9b0420096ac0fde5184e6

SHA1
a9aac94b99520ef6b48dd485fcf7add70ceb56d7

SHA256
1d7ba1f1fd6c0cd1f5d8fe77446167ffba1b477133d83b9176f122394e6ea7e9

SHA512
2c8c1f5ac318da5395a05ffc8a6bee86cb8566969901eb1f32b59afea55270483d17cd7f965a80141607f28fd18b1de32ab23546e0d07ecaf15ba68e10ef7c70

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
86b12c51c40b4fd7d5032b150b029bd0

SHA1
3cdbeb1ad4e27eaffcaaeeca41ab89b02822f492

SHA256
df762539f37ea111be7013546a37ce8fb577b4fe470e72500f7c2f358f0d201a

SHA512
c11e12ea7d8222d10ace491dde1b402bf3e09bfab77a619701076f6d96a839d68924c8780469daf100f63038edbaaa3c0ade1fc9346f011acefce1fb1d6bb685

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b1b9c0811c2c1f90b491d086373c87ac

SHA1
ec64b5d3b43d0a5839307828fa01627be08e51e5

SHA256
2438e14178df83b0ac1b811cc921f20500733a25adbfb06460739eb2c2fbb4bd

SHA512
7a7935c8124e16fe81ab04834c8ddf6567dc90e050e798e3b0cc0a5f49e5126f91e7fab44c1db57be491072476ebfeff09a8b666501f363a828d3253ab013ded

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
52e8c0eca33f8d7554a4a8457f6e6f42

SHA1
cc7feb528fd378bb6f347bf469be37f2d1aa2aee

SHA256
18c1a6c742f022b99efe631de63c70f84b6a2c57554cb3afe5672b57a11ff345

SHA512
45ee4a5364e4efc96772bdea3726abe78905c6ffe5ebad0029a50114489b4e81b246c4429704a357671ce18066afe42fa77bc3b62c4375f960c304449cc496f6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
c2fd1092163a154d29c0779de5a4b1f3

SHA1
fed02bbddefd365e84b657f4537c2d825e93b640

SHA256
14a1b849c3b1690013aca4bf24f881710df7691e9629a3e2228b52797fd0a123

SHA512
a4c3c79f13fcc78920c53955ec96bc4adc3a30bda69b711033df2a92524256609498678f3475e742152626124afe96e275d832ee7c12fd42da97eaff68019119

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
dad3de0edb747b996c1d07c02143d8bd

SHA1
8eb3899cce1df55dcf51b61177c5699e2a11521d

SHA256
c82fc7d1c270b1975f39cf7d3d9725c0c74cb1b2e8a31718a0c3c3b97a9f148f

SHA512
7849c7cb8e973838de870387eca3213af0c3e23de8aa7c8457e36e80d8848a4c78473d3818674e313224a5e7bcc4ecb664412366d7986ae370c8cdb7b8fbce95

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
75be49804e2856f221380d6b489e32d6

SHA1
17c8cb67d689a9f2979b7f2683cf7aaa641919e8

SHA256
b1313c71a6633252faa1e33d64dbe43f80523d5777e216a1b2d7937d28c9c0a5

SHA512
d32b14cc92ebeb8b8f6f0ce318b811551d4438aaa157e1fe6ecd6ea9fa33e19b9449f7293c34d3f4cfc7fb99e5e87018ae304e68195d7b4e2aa30906b6ddbb92

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ddbf4ad2989a38f83089b2d1fe557b71

SHA1
2c35ba7f86c2502162b7645f516b197d5c5d8043

SHA256
9fef7a1ef37ceec3e3a8285cfb1ca7d58db5a1efaec36beae047dcb21d52d56a

SHA512
d27ba4969cc84bad9bc9e4dbbfbdd3f72a7d1c66ec831c6872a7bc2b27501779e9248e357d1decee46392664a1225c9c37b884e1ca1b0990d055779cf587e558

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
7c21d58024b36a406abdfb93a42d1a08

SHA1
5f68570e5ccaf791d7a5bc77fceb90b39988d286

SHA256
f9c6dc1b1db96fd88a9c0d4830ba4c28ed2702d4eb757fb3c9e2be4897031515

SHA512
f1b7a4b78e8dd2d21d86ea9ea60c28707a219dde5d024a57c5a279843902c7711ecc11ad4d91aca36a78f641c28cfacc7703d938915e67f1dce12a79821e93be

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
da844b738d20ad30bdec2690c6ec8cda

SHA1
0d2f2d2595a88565e539314e41767e19013c2e51

SHA256
211dde4a46b18235082fc9dd1ea67040a24beef9b6ece8244bedd1533d235596

SHA512
c525b2c62f590a0a7c773dbf749fd82ff37f52d91a4ae55a55a5947e033be5bdda0be9b2597b8ec4e062cc55b053c5546c0c1a938c1af4f3ad8e777dae0fc0a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
f54214c3f1fe5b40d7a0b42bbba88e74

SHA1
515f24448f75a694e7af247dfa292b8205764af1

SHA256
2cb2650f47672690af425f155839bbc21bfdc2b5e1c69a0942d0ae125278b6a2

SHA512
744f460802d2761dcdd8d8b928e8b23b86c2e04a78006413be52c0e8820104d828dbf2a472cd39cb7523b0ef044ad855faf8acd605ac6b82809543ecf578a153

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
10cc5aeae9ce05513d280961293c5358

SHA1
9ffd465e985246aa61b8697eca12a974bfbbf759

SHA256
44d6d183e9d6e74e5aa9b75447ba24590c5ba148521177912d95a721ec78c739

SHA512
cd8ab94d4a16efa0f743db7e5c9936de9c56fb0001345937fc6492e8ee6902620d8c6fcf2337cc71c7118461b1e207a8a572ce48e9b9e23554e270177c789037

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
b25476d1b0af0f479573c3fa3ce09b74

SHA1
680b3508f2a77f92fd940acee97c31011db5a7d0

SHA256
524ba7dee90aad4c5cfa914d0c128bcb3c84070c5d7da104036ebc0903bbe773

SHA512
608246e72a73764411a922afffbce928f44b775580850615b6b6f3b19088e0b7a6eb42fed62325c7dd322c4b3a99efbb720f3b4ed6833e473f5d6180bb84c02a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
f420511ab5f3fd9123fc1545aa5e4e77

SHA1
044af1c6e883dfe9545e46f2763b5647dde8a9a0

SHA256
7b3577af6bcc32041452e67b3b9134c1afff9ae670ffe4a6a5eadcd6c4337997

SHA512
59b8596a7eefc3d80644616301aaffda7c27e0054e48e250ca9effbb938fb63a2fba2e96cdbeae81af9736597a5ced054bd4056974367413121e342c332e0d10

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
638f6c336d8bc2d4e52eb5e0dd1d64b5

SHA1
6b610a511ff26136a9589e5cb98b023b9a3f15eb

SHA256
2279cb61755dc2016f274d8349131df91fdf8c525924e7ab22a7b57351b7168c

SHA512
618e9e1f6858a73bff47290ccafbeaa97220b8f04fcf09235fbc98769277c93ea6a5fd15a7a227e7a5490edb854aa3bc4357799db8d944e2d7a4945c17f8c2da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
8cd293f5055a51d45fa854f2e1037645

SHA1
8b4b250b74af6442b8c123b2a2de0e6acb1ba961

SHA256
0e006300e4a35e625cec111ff55b27ca561a60e16ad02ae0f8247f9cd5dd2cc8

SHA512
58be088fc00835d7faad5f375620367ca4eaf5f27b1c4a6b7a75d54c868c42e377b7c4e3e124893b7d2ce60796df3a97b4918162f6d6687f9af2acc8c25ccbdc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
7c02412065899b78c4092bcac3de79da

SHA1
ce8b9cf18a52a184559d310ed42efb2030bbb5da

SHA256
84d6b3a2aa3fff8a9d60fb435797df83d7faf1b01a56e58bb0ffdc3f1711913a

SHA512
fa70e874526b126c55b88048a70682d92978c9388b768ed62bdcaafe35e8fdb881e70b9f85d3cf5b8209c51ebca930db29459fce5e7ea700896f54aba03ab747

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d449cf1a833f0273484b01ae4aacabb0

SHA1
5f39cc57596f43a92f7996e496fd6bddca14c468

SHA256
43fbab499af3c68d0756b5281355ee2603bfdc211d00fe31beadfa903dd09997

SHA512
fcc3ddcb2ccac0a4288c3f389b9e98cf488fa78d45571693cf12fbd913733ae221270c7c3226da2f47375a8004c8aaa212f647f7649a57b082a472f0648475df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
d4865edc049f13736d008ec522ebb457

SHA1
6f05ff8222d693e4787d9a29501b81eb50bb81a7

SHA256
91a4956db43f585377096ecbaedc7cd9834c60b3b06e14d742ffbe1d4f97ad79

SHA512
2e6b5e4fff83d64110744efe43baf32d4753e37f1793e67a98d1ada72dcd36690482d98124712a1453ecef1f29d9097477309a8f3987ff5eb5d7cd572d2cf4b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
4ac92ed52f3894ca43556dfecd43700f

SHA1
bbb562dda4addf009314e815ba6cadba13b58d5b

SHA256
bcd8e4b3b685bd55e15da5587e32b684f4bb8383cb755385acebd8b9ac92e51e

SHA512
1a9b5b536e15192ab28a34bbe3236eaad74189dc0ccfd7ae170ccc40253d57bc317f07157edaab24b856a8cef59ed8bf33d83e186887bc134b4471f045e40692

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
32c12060ba7d0091e7906cef2da1eb1b

SHA1
6d3654dc65d9fafb20496a3b6ac5a2383c696951

SHA256
8216d00cb027d2195104e6e693207bd015d1f095368962955c601deaa3e90f9b

SHA512
e942c86b482769cedf274255af3589a7ad2db53bdfe8083ea6e1b2572926673108417bca63b5b8b1024b644ce9d9fb9ff729364c7f99f81f1c85c33c42975b7c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
bf9d17f55a85901a699de914810f3962

SHA1
493bc2916f314fb256d282f60931de1ce2b970ee

SHA256
3406d600bd74a533d20b17344b780997ac2d8fa0563185e59a1c648dbb421376

SHA512
69f2b7d9aef56ed33953e8258151fc189d9aaa151765b379dd06e548b5222b4b166615d509e8ba5476e2410f7017ef4889ea3bf86a6c87e29a902c1272f84a55

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
da66d5422e92cfca9380bd1bde04ef4d

SHA1
0e2f1397e97424fc04b386a3d0ef5cc837cb8b82

SHA256
8af155b3e86c309b6d16470f4e45c8c886db0c3fbea526113470a837cf0bcaf8

SHA512
3f7731af30a01785d50e223dd017c95044f95a5d3652b4677d26c9def08d210a566f171990e730c14275b6f344d753a21c024d9e42b84bc9afdf0f77781327fa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
e23334db833ba431b6b404a13a0ce4e6

SHA1
3408483084214a26a3cce04edfee01dec6a0d699

SHA256
f7fa93b419ffd161b4a8db6aa47d837e694fd8f64c6c0e2c47debb72483b0a5c

SHA512
e90d4e6cbe38e4cb4b7a2c385e3ecaa908ff6fb6ce9fae6fd54842b89ec05ab4b7d4df643228f38c51ba507cbce5d1897cbaf1b9f9f83a64d567312e924cb8a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
5b0413d5dd3716eadd04784c9295bbc1

SHA1
c08a93c3eb5ebc2b2c1d84bea21e3049c8730d68

SHA256
dfd523eb06cd407d18103acb3adea3b8430e75e17a7297c09069d8f8390d427d

SHA512
b656969f1632202e7c8f7946a7a54f84c875b93e0cc717e7a3218d1396f88307a96ce6561d8998e3cd36ac9f50dcafe04eb946a7abb78385687cb9139b8d9868

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
43119bde3d518ff4274be1cfe2a4e703

SHA1
95dd26e41110af075a3ecd90b79c7423a3549e5f

SHA256
d07e63ce160c3dfd059fe1b85affa46bf09b77f37b6d7ead59d1b9a1f6009415

SHA512
7a16e66255fd944715dd747de2aa9a3fb1e767097566204817b3abd55b29674b6ad3c3d6f77162db6171843c62daa71bda14a2d8d91c1d60e63b5bf3b02fd800

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
43f87059d7fbbdf3352582e8f56ffdea

SHA1
ea4ebafa19d65fb586ebea00e27fcfec4b3a1d72

SHA256
392a1e5f22298c076227856a199b7325a5718d21a5af89e9f4ec10f541f4e690

SHA512
82c8a94cfa86097ce2552d3ce8b9c67b495a93de5a79cfa6c01b336ad3e3525a19f98eb4b87b2d52f721aba6dc8b1385a15a9294ed499e7c717345eff07fc1b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
b9295f44f341ab85071b0bee1dae6d0c

SHA1
c127d83ceffc54b928df5c8348cf64dfe865e54a

SHA256
be3778db85582a6a9ee1a0284cc20d35a9d2582bc498aa4283f9f50c2afb268c

SHA512
a239550d59f1c30bfe8fdb1a5130dc84494e1b9cfa9be0212cf393ebe55249181996bc49ae46b6e716c009dea2dc1ad964ce70eb0b69dca68fdc2668f2d14c0b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
6c00eeecb12371b6c3c780e564817057

SHA1
6dc19e0392866832738232153f60ae91aa2954b4

SHA256
63a4bb67cfe8f6c2ef1bccd82da5ddbe986ab7c5352221d97d9410c83d2229ae

SHA512
5f642a53d7d02f0ecb1955adcc685e23d1f51ba399e89bd82c264ebaee179972e06a1ccfe0c0ccf4e640f80d7b9aa2ec7688b66a5f1a520f0d2fd0f8aa3188a5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
3ef4dea7f2e85ed0c6747564eeffe02c

SHA1
cdfe9d7fefc527b1b534a35cb7d729594f477032

SHA256
7ee24835cfa06e7db87174c6c2ad3fd4d6c572d6f77371945a2051e2a7b58b20

SHA512
f4e68c0bef3ec1969aa95514f087b7974f6350ec239c10613aaf6671ba3395372102b56e883f31ad9b4fa44c79511c686fd7a5e22479da8b0a83dfa334630509

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
91125bacab5bdb799e3a618ad5c91221

SHA1
a610e92fbcb1c81d72c6887e582c01942a508304

SHA256
584ea0835e2c81fc0c4cec7daaadf9f6e1d77fb59bff6b15b949237ae5960bc1

SHA512
0c089fbad0654965f99a8ad4214cc825d759e1d29f70ce8a69504d334e09c495f479c3211d2f61ba9e757a747e8dbe03fda47d264076707523f8b47488e2cf0b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
c353867921109d82749a060da50f9e48

SHA1
19fcb1dffdc48764b12865bb68484347a1852fcb

SHA256
e7ec7cd09a909c55ee35e1b4928e76131a09f892fc985c73c258afe9442d53af

SHA512
60e9e3ca5cd6d8efde8732a969a274f40691139677544c3432823813024dedcb335e1edce23696c7639f1f5f7aeb69cb4a3192fc6c34d2bd42caa163099df9b1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
6b095d059df0b9cd2485072c7e5f2805

SHA1
fa5d9fd5f441917ff9fb8eca884061da223d3116

SHA256
aca1f790107ee511e6223c1432dd3112f33fc176ca7b45281e87bd8b91de284d

SHA512
895968c2a3551263ece28aac31a9409e91e751c2af99325aafe9196660ab635fbf830895c9689ec543f646ee601f5a123e290aec640acdd81b5e4266da5c69d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
2e228f04ab80f0956c6fdba17f259050

SHA1
95e6020b4521631505a618a5fcbfa46404d6bb89

SHA256
ec21fe5a55544120a0d10ed86ee5dae13f4b00ad5e4710ede1e95ca9ade3cc26

SHA512
d6ea70d937b8de8ea32f9725137d34e6a6ea3eb2b0a90662cd2dda0d7640a2ba43ff9431a4142a8d0aa2fd8972c0472f9dcc38bdf0d71575dbb3961d4bfd8978

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
621656ea073087ab88df72c466859cfa

SHA1
58f9a460ca90f4727f641f9169b8669fde65797d

SHA256
a792beff305d2f63a36f948676ece512f6858d40a47fdedc68b0a9ba5df9028d

SHA512
dcb36b513afbe44ac7b015ccf612ddbd7c2bf9d9b7ca440ed9eb82ee07fc89a7eb51358e2ba68389bf354d3d81f533ef170357f959a901b979c7a66206dd9fb6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
b140bf2e57fbd1991cc3bd7c831a740a

SHA1
abb1a74fbf67df9ad49d06f79662ffe5630bdd5b

SHA256
4442e3cabeac97f057d80f1cadab7115a810b3f2d155634cada66a71d1243f77

SHA512
65985b234056de4cad59c49103649cf431b76c1a12ed8174d73646d1fd29844c1f530563928ed3a324f92dc4aac3b3925c86fba8b4cbf3e68f71cd2c8b763458

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
4771a53f3685b4d066db713dcaef2df4

SHA1
5c6b564541d9666e7ab611e517f8724a2bcb8e8b

SHA256
7bc8aa9ae280091f03bee8a3a2e5f1240cd274421e437ebf4a50b63df33897bc

SHA512
db3d9103fb9d6a5b64bee4c358c29b85d1ae27c2797efcb09a8657dc53db32fada76f87e0324fb462e30d782703471ffe5565f9f9045311a9ebcbc4fadfef890

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
b365208476a40a8366bd1c3fe2602b16

SHA1
fb347d4242722806edb542d4d6aa7b91a48cf928

SHA256
b4af462cf385d095a1001c5452fcd5c8d682a4d8a97e52be9014d44b6639dc1d

SHA512
a0e2f839ec41bbd5ec48ee5316f00df0734787c36cb8bc2530dc67cdcb59fd4e5d9d49dc89893acbc44be82b0347c0241a263b647ee3770844d291565c5a38c3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
db3ab06a0bb7d17d0d99abb041159d7c

SHA1
39d1495e057d99eb9dbb6d41d340a3b06bba0302

SHA256
67d0d4a34e10f80c587fad7922ef1face0cc10d0a269889403ef7714a3e64997

SHA512
7b87a2fa213c48f8cd6568bb3051b1d9e4c6b67b0ae5180059dfa29231e08f8f462a56b343aa6ed5d106714774fc3234d2bce9165c6074b83840b3906c7b36d2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c50c53d5a0471ea4b1771e9967fe441a

SHA1
a096345ff75b76d1faecfa2d754670971ddc8711

SHA256
7f124b2557b09d3d1c11fcb500f8f7828b02c0a8bc469e72bb11618b1d3d8351

SHA512
344650f4fa3a83c280cb7b540659f8d91548b7da7446b4b616d274f9ec2375eb88a84d12a45efb3a50eeaeaacf26e66d05d58874cbb90125e87d070936ec28c0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3c7c8e6e31ddbbbf1679e488a3fd69aa

SHA1
9bd0090793eac90253ea6f71047136305a3d7dd0

SHA256
0754a00de4a3d4a39aa526c476023bd4d1c39f19947e1c089309542929c447fd

SHA512
1987a5bc4373d3c0baa61f9833337c246600c7d73b670b62f73af401242e3069c140c47633d90c842542b0b1e8421f3d11527f6e5345b70086426d234236c1b4

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
5f63d6e9c1dc2f6fddfad3a3bcf74935

SHA1
7305aeb9ae05ac5c8671ced73183697fbcb3afeb

SHA256
f86df116da2ebf0281449708513bdafa9bb545e3cf5c8a48cbe9b1d27f6c8f0b

SHA512
c1bad11088509ccfb8196fb02e029db5506f866f4322c9aba35e090b7ff0b6865d08d34a2db3638f8545f6ecefab66d939cd24fde0a46cfa38d640da44baae8e

Download Submit
memory/1200-11003-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-10579-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-5968-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-5964-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-11336-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-11339-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1200-11342-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download