035576c925cc6753d2f0d3e0e082f0b020beb962e20fe4952d0723ba75dac0dc

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Size

5.9MB
MD5

47b4c6909ea7ebce5dd941330c7c71fd
SHA1

cffc9e1dd3d86482859afacd273c5a803e8b774a
SHA256

035576c925cc6753d2f0d3e0e082f0b020beb962e20fe4952d0723ba75dac0dc
SHA512

f8324e9ddf6ff738046085f5b28350cfb664e2e7d4bc7d09a28b5995315d4709ae451da4802d1d1aa2ce1d9398e05601bdeddcdc49d857602be33825cfbadd9e
SSDEEP

1536:AOhiB+gx9dAVvu4+ZC4pKcCOLad2IK1LLLT6yAMxhgnc9YFIlBW+Rkha2yK25g66:R

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uC72N75WnQhQ53n.exe"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_1183fd0f13045f2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oadgillnaiknnacf.bmp"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\MedTile.scale-125.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-150_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-125.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-30_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-36_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7db.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-200_contrast-white.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-400.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot_2x.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-24_altform-lightunplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-256_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\cs-CZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-96_altform-unplated_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-250.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-40.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\circle_2x.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark-2x.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-125.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\BlankImage.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-125.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-150_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-300.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xecd1.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_home.targetsize-48.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\SmallTile.scale-125.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square310x310Logo.scale-100.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-40_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-400.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-16_altform-lightunplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-system-user-service_31bf3856ad364e35_10.0.19041.264_none_6939ea74d1de0715\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e8f9d8505e6f575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoAdmin.html	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_77cac4ce775d7451\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.19041.1_de-de_9d6118cc93a4ee54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..on-authui-component_31bf3856ad364e35_10.0.19041.906_none_c5508380a2e74b53\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-panmap_31bf3856ad364e35_10.0.19041.1_none_1f4d61bfbe82b01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_fbdb676ded02e3a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Assets\Splashscreen.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\forbidframingedge.htm	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_uiautomationprovider_31bf3856ad364e35_4.0.15805.110_none_68faf6a38ed9209d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wdmaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6ffcf870c8c07e72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1081_none_07a08c6e805601ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_10.0.19041.546_none_226fb48607847890\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\media\oobe-bookend-cortanain.gif	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-penimc_v0400_b03f5f7f11d50a3a_4.0.15805.110_none_da6424e1f39182ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.610_none_4de00292c72b6af0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_ea08537360506afe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e2070f8240ab764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appx-alluserstore_31bf3856ad364e35_10.0.19041.153_none_0c1682a78b2f084d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_10.0.19041.746_none_c44b2d48ea3fab3d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\24.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..ileserver.resources_31bf3856ad364e35_10.0.19041.1_de-de_b91c4f4ee7cf74e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_10.0.19041.1_es-es_cb96784fdbd78862\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..t-onecore.resources_31bf3856ad364e35_10.0.19041.1_en-us_9459bc7bcfac64cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_25aabb3ed2d329df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pdc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0405e40a4f440e27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_dad4a37f491cefd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netirda.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_26c6a0be0c6a2b72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ecomponent-binaries_31bf3856ad364e35_10.0.19041.1_none_06f57ffc931fc8de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-pickerplatform_31bf3856ad364e35_10.0.19041.746_none_eee6f2fb559f805a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..to-dssenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_80cf8fc70ddcd703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-japanese-lmprofile_31bf3856ad364e35_10.0.19041.844_none_26577970b5a6f858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare150x150Logo.scale-125_contrast-black.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_42d8e7001244e285\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-ux.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a0a776c8f29e300d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\DeviceCenter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_10.0.19041.1_de-de_2ffb5e38bff1e08e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shutdownux_31bf3856ad364e35_10.0.19041.906_none_baed02aa000b06ee\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_vmconnect6.2.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_dd1a2dd45a8387bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-48_altform-unplated_contrast-white.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_extension.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_76b8b0b860e4cb52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-embeddedmodesvc_31bf3856ad364e35_10.0.19041.1_none_d6324eaf35709488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-alg_31bf3856ad364e35_10.0.19041.1_none_5eda5fa3fa7c0fb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1202_none_fa14df42dc2de4f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..on-tokenbrokermodal_31bf3856ad364e35_10.0.19041.746_none_b7f9af5731258e18\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_3d62a57d3b12dcf1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..-policies.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f3bd5c8582775922\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-60_altform-unplated.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_10.0.19041.1_it-it_5db54213d20e313c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.targetsize-80.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tion-relaytransport_31bf3856ad364e35_10.0.19041.746_none_1ad1c2967b0d8382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.services.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_10.0.19041.1_es-es_5a833e6a9610bb60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_tsprint.inf_31bf3856ad364e35_10.0.19041.153_none_356ebfa943b1edf9\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\saturationColorBar.png	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_de-de_0052639388a73fbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-settingsynccore_31bf3856ad364e35_10.0.19041.264_none_5754081f862908dc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-foundation-..stics-tracing-winrt_31bf3856ad364e35_10.0.19041.1_none_3104d2b243bea32e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualization.client.settings_31bf3856ad364e35_10.0.19041.1_none_a5a5850b5fe77c2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-mfc40.resources_31bf3856ad364e35_10.0.19041.1_de-de_280950d4b13ed409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9c60ec3d616ad26f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmspdmoe_31bf3856ad364e35_10.0.19041.508_none_d84b86e6ce925ebb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "SUJJAWIPRFTXWUY"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\DefaultIcon	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\shell\open	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\ = "CRYPTED!"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uC72N75WnQhQ53n.exe,0"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\shell\open\command	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\shell	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SUJJAWIPRFTXWUY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\uC72N75WnQhQ53n.exe"	47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\47b4c6909ea7ebce5dd941330c7c71fd_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
5778068b5e280407b56597093e5b1850

SHA1
175b1a70bc5bf0440bc2187e23db875d5468cedc

SHA256
4bb0da4f17ea3f90fb1fb7d9897d68518285167bdf5bc89ac99bf918b2411aef

SHA512
0beb13b92e802a06f9630549254b9ba300307bd41f3824526138bf4f87d50f14a619322811396ff0223654cf70792be7e1cc3537f048b22297d5d87378c2a808

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
365bfbfe6663f1b250646e09db0914c4

SHA1
bcaf3e9bf33135423a0f3238ea1f0a61e008e702

SHA256
33bd9b3900a97ca557b8c9b37343906886dc98692fa146877bb232dadd45ac2d

SHA512
0a6e69a5ab378d491d0b8ffed1bfcaa37b79297c058be9eaff584ddf2ea50204b1d112e9189e91aa531fd7f26c8fba1268ef01408ab6ba7fdbb3b180b924584c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
cab1124811eae9aadbd4cd4138cc5e7c

SHA1
9afade00b6fcf2446b1a2983ae30128cf18d166f

SHA256
bc1abc44dcb0f73628981bb80b3150329a50253cb235b5e405075310335d78c1

SHA512
e7848723c188fb8ff87b6c85852ccbff023fe75ada4c7c61458450abbaec6b23a373a854ae767dad57295833ded8945008f60f7ec951c4106f1b9774a13a2c28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
8e350fabd92bc74e55d6eb7dd083b756

SHA1
360ec385bd526309bb85dcc9dd98249852d491b3

SHA256
ee053f836c378998114e807c432e7b63e0f390043a42f5692407490225235c45

SHA512
48809f2cdc5c3432956c430168986b9a1cc9731d2b3a66b4c287f2eda31ad74efa7a30a1d10832154cf4923fabb46a2f4aa2f05933563986d726db00bf067083

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ab1e91ffffa2ce442a809426491b3307

SHA1
5a6bc550a7e102bf316c77eec06e2249442e0b7e

SHA256
84570ed60700a63cc47d9a3291b5cb9f33c0c0541ac0427cbc06a6d3d0b1e6f0

SHA512
9a41a35251281746684d6aff247330c23470015672f6e9423cb5cdfc2041c467985c45312a681e3d0425428fe454d1c797176e3603f9c8a71dde6a040125cd1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
34a94b2a00a6e11d54e9de3eb975a714

SHA1
e7f34f12cf4dc31b43549e99154d99e20d7a1eaf

SHA256
e29e5fcf691a95144af85052789b16b45bf199f2673d183a224ae3bbcbc26ae4

SHA512
b112a49cb2e70cae3fe179119f05907b27e9c393c4d9a42bf118c486f455202062306422353a9384efb2d7133bba777a01edf6a12d6886b8670e1907c0534e02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
613183cbb46e08145b21c3fde9fa4773

SHA1
a96cf1ee9175d6e8472cb57daffc29a8117702a6

SHA256
beb13120dfb085aa118f948f1eb5da6b32220f5abd0cf01020cf1598706d397e

SHA512
b8e680e5d54701c3e21ee8a323e390c0440430d765fce56b971cb2d1491c08078d5f530f75e6258bd69d907973e1168caf95f45632621b49ea697d30791adfde

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
32e3c7687a18faf2bafbc0a31e363a91

SHA1
e08d7408dc92ca288c5e892bf847c01e9efde475

SHA256
492c9e0ec62284751dd26db5b728f5ef64912adfd143e400fdc6e1b57f4cbfd3

SHA512
4d840587afc92d970ff360bc5df8dd9f42cf45f1926d143e310e65b3207a5aa49c91ff0c06e7deda5ab8b1d9336cee2d8d30b793bdc6e0505955f5a596774801

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
59f6aa1a7a42a6c23ba8091099d900a3

SHA1
0ee9818fba5698acd089273657bcd8ff4473e45f

SHA256
67903ee0cc77c02093c46625a89ca8450170dba4ae799946d54c4d48962a2443

SHA512
a20e78d542890c32cf153102dab038c368163f61fa5be3430c682cbdc78d686bdcfefc57143177008c05a607cb1ef1c03e9a909073bbfc1e2fdf07f1a4b44d64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
0ea5c50fc62943bd9180499d4dca9d30

SHA1
4e675076bb31d55c392525dccb69ce04fcc835e1

SHA256
d4158e7b0895a6be6d693b5a5a541510fa8263dba415a3710b27a96037f6fa33

SHA512
ce942237df7aed80d7c80b8152b5c09c7d792b07371beaa07c6e18cca4920bb2e4c9563a5ddb571484b0b4c3e44e2393f164847a074bc21bd0cc77ba809ea5a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
3be0ca0580638521e61c663c4293ca6e

SHA1
7d453693c177b0ebb4d9152e453474bcf24c7f0b

SHA256
68ca8646cbdb8610fcd0396d64dc7eb1205fa1d5e937c68468685d1b579b32f4

SHA512
4f49a3736a75ab0e2f2e250dbe3fbe86403437b2b1ef68f828d3606cd41dd807710db58a1c972164c6384c3cc60a5419e698c24fece103b1070d2f04937a195c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
97ff4f9bbf9e3d441350fcc87ba098f6

SHA1
6501a089cca95f0aecc0a496b7721fb2519d17ef

SHA256
ab36d46004ca3ae17eb2088beaf01f92cfdc959ba39707bb3327745c83b44085

SHA512
8f3bb7a7288ecbd5412ed8564155e793b64c0a8fea5005783b0654d1648be8353fdfcc7926f1dee2e797bfc8525db196b77f81768837917a7e383a323b4bae30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ea13d5ddedc3408bc0ba32ddc54baa87

SHA1
20fa8c84c0bf4e440fd10d92f767c5be7eaec963

SHA256
9547386c9989d2a0e3af7d1652f92e75a732615d82d9e4d47a4f0565716b8d26

SHA512
d8755c22cd7a2bdfc49f07b4579926469df3f874613eb5f216a2d0163163aa21f946f0a21adebff2b18bca8b0cce1c4711b6856578fd6172e6d931b6a77c7ecd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
57abd5073b33d95d37bcdde456ea297c

SHA1
c09a6e971b274fe0d4c1d06f13f3bc114d8c0abd

SHA256
00922a2146c98e02d1aea0a2eac6e570e58839a4d43774d4113c0d4050f47823

SHA512
31b0c998ee2f2dbfd21e0adee109ec389c7f887dd36b467436c1e03736aa116f7ba3d397d2aec288ed4681f82c6ef4f0843c93414e943e3eb188dbfa0d18387a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a85e582521b4f0c358dcab989a7a3950

SHA1
c76cbcba676c940539f5cca12920225f5a705cf5

SHA256
f549cd273096456bff945750374b35505a8d264076fd0281776e471f6e494184

SHA512
364e8cd363a1a6257d786468b5913275c15638587dc74ee6afaee834bb812535961cbb1ec97da3b0ad09af6481606020efd4eb76c06add03f0a1125cf00f1892

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
4421d8bb838f50bf6558ebd05e2a6e3f

SHA1
070792ac960b204e6fd7d4fd5cd6c5b5892b5f77

SHA256
0e64d4aa001b67136050051585cda023774f3a58986433995afecf18485c0bfe

SHA512
d46c4ca9519b9f4db93d39d58225c0d643ba9bd34121b0756e1ce56ea7ffe09e638edc831ec2e5b2c2057f56aaf438e5d39c697b27ac1ad9067572a16bc91440

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
e89f78c600dca877baf309b2555ec4a3

SHA1
497b4cad40870473d6f41109230efedd8c610066

SHA256
e98a0203144354b5b9817bf7f6dde4c846c980525eedd493a28f59b2ae216369

SHA512
f06ac9dd4c26fd049a7c2e78166add3a13c2b2be3ef3a41ff19e13e8d32c00868f3d08e2284f58fc0aa778df68fb5fd52b043ce5a20c54cfec88c3c554ca2df5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
6d88fe2ec6d2bf6997409aa200b483fd

SHA1
366e2e5d1cde8a44e42960c2894f86cc68b19df6

SHA256
198029944f2a13137b7e3bcd38bcec1ce8554ae6741e68a30112b4e939e01230

SHA512
889095f5b45fdf4d0b53bc970bfc8dccd43205fec10cb2885b8b3fabbc0a84599579b64116711cb7ff668a45a8dc111a0ae802bc6ca02089fb0ab4b60c35237a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
0f816a957a1d33f7314cf16333063f50

SHA1
73531ad5e3bd17016d8c7b96bf0fea2b919d496a

SHA256
67c0e53a8b4285798accbcfde9f28da4a105a249805cc6a2fe77ec585ca4b15d

SHA512
c3ff0fc0d6c5fdc33091e68468572aec193f660192e1a73b2f0494b6ba6079a837b482a14e5a658bfd5ed0561663c8561f66cabe2b89d16d54e273c417565318

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
6b06bbb026586ee2c87924aa7bdd5ac5

SHA1
066c4e6c74eb8d78f895e427b1752ec65f574c11

SHA256
b4d6244d1c6344b6b667106da0844484e5ca6966d9fe7a69017cd35a94eb712c

SHA512
1ce86fbe3a8578e52914afbbbc3865ea71a606a32425948b585d4ec011a8373152d20d957d95bd2139ebce0519288003476da0fc223d752b6ce687293064b77c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
080190d1860b430811c2a24a6759734f

SHA1
50bd6393fb0b71ce85b59a575e41a6979bfa492c

SHA256
4b596ccc2bff839eaddcfb4a5b22a712680cfecc32e3ee0131be8de7957dbd63

SHA512
19703f623ac31efa9995af6c91cb89c69c1b47f1eccd0615f95902523e2549f414842b976f47853e776c1eb473d5b58fb1a4df8dd73eae02d607da355cc19754

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
3afef15403e1c4eb1feb3686aa3d228f

SHA1
3e2f8406b494d07f74ec5d07e74f49e793c1b5a3

SHA256
ccf18834cfef0e5c5413ae9e0f88b2d8487815e0d9ad47c7c776953aa4ce17c7

SHA512
27c8a181b931ce9fd79311b399e36160167e6a90e2629a36fd20a762ed80332ac0d66ead7e5bb62c9b7e5538b20abf408dd161b98ec8eb865c019f4c10af448c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3e44c33c9d9d05733f7fa6b993543d67

SHA1
d9e24d392ce542b0c74e80233becd6fa1355afee

SHA256
c4e1c63e9eb57457e850644863e591f912d7dec72c95bbb9329f05d444fe8099

SHA512
d29fe378bf34ff5b61d64ce1de5ce10a02283fb529c9b4f9077c84d07100840d86cfdc402a9757bea1b7ad5d335ad0be243882398dc7edfdf4ce92a7073f1dbd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9712354c2af9ad360f3b733ecc037bf1

SHA1
851291cc7dfed7d253063a1177bdaefca8e6c4d5

SHA256
c5115ebed403032aca928978d95b93c2821ac5293a943a55f5fe9862b7b7f498

SHA512
d4e95074a1bd41a03a92da11188cbbecf6c01d806528bbffc9d00421fadec4e8d51929af9a575893b2620c092b83ff8d10881f847dd571f1c7ca90b8e345b1e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
7d50d0ddb7e8f91774c7ce81ad9a567f

SHA1
36136e16c29b58d2ee48279bb9f74941a7de9612

SHA256
1b8384c91164b420aaa473c1e32b8095ff5a2269daef065bf8243a47141405e0

SHA512
75dc610a9f8a40e86631a177ad06ffdddd233d5aa2cdcfc772dd10075f9c3ac46e5b710aa995def329bbf8f44098feb43c038a93f2d45201258ebb689daa3a79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
33a16faaa56f71da0a87663c89f70590

SHA1
aac2d339a4b9d171e9032b81bfdf38a82af7aba6

SHA256
87d821717a1143c3ba4995c63ce8767f798f9dd564f6ddb487423bd0799e47a8

SHA512
8c534e510ee1785136e04726f8b13af7e4b7f637d2f35474743969c553f3c563304d8f20ee68bc4f40fd2b260da20a05f56bb082bc5a45fd71e488067521c851

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4d625fb31d8cecea867ec57f20e17980

SHA1
ec41c4b37110353105bb869f9fcb570ad835a72d

SHA256
bc84f478178de2f1931e75b0bb28bd551b1956c5546dfe55060936418489f7f2

SHA512
74c4da411aafb2470b0161a4a730e7c8eb44c07cb3175e5ff00cd3a34e829b0e122815adafce9e43e0cafbf04939a2472eec1c14406b34e2fc4842817d0d51ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
2cdd89a5ef53d169af54dd9fc1a9f0aa

SHA1
97abafe77c99d7eb9775315a629fc583fbb8603b

SHA256
8009ea99b6204c7f7c8600162dbf7f6b555bcdbb4f36f734aef459ea5a05bb92

SHA512
18ff55995a237bafe389e3baffe0ffd7cafbb2e5094d56122bcb532086029688e2889275eb4624196d09d952da81c47c0a68ce96bebd759b8e4ea82bc0d9f07a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
9aece25fb2e8d6acefb0974db543b8c0

SHA1
3f759e91938eead6b83f7a4614547399f2336d7c

SHA256
dcf288c209b0b77bce260aa5d54d3f2d321bd560d6a750c9042f84d54378dd9f

SHA512
ec8438c4ae007e757dc676476528c2bb7c639f2a518f68ea47c6199b5bc03bf41215291e60647d5e1c7d2f79a9aced762f6dc35ebfd9726c063bc0249f74cd82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b76017edd3fd3dcff6a0093f0554e639

SHA1
214f7bc622437800dbd58ea9b0502e08cf7931da

SHA256
e461c9c02d1c91284b0c274e4b1bfc418c918e72bdc85aa67a8b6c90eef241a2

SHA512
37d8bedd16c6de436a8c3343e505bf4449f5655b3407ad0915e9200cadcf16fc5971b10fadb30e6b05433b22076547cba4b9e8265707964ef508e35469a65bda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
e1760e71c6ac594f564812c2b91838d8

SHA1
3518ec86956b379d844206c417214c78a354d678

SHA256
ae63024cb386657f96b37d1b5fc46f8a6f5496e2e4b76de0f1b9c1105ba55ee7

SHA512
796a60302c1c1bcec8e779204d31ffbc8850c8ef56b85a8116991828bbcb6c1af3e7c4a86bc1ebcf135a2a850a4442577d1854b09753500a0ab9e7c85200fafb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
bb3189eeb2e2acc831a9cc7c1843ba57

SHA1
bfaab733619f672ba2691f707e05af905fae29b8

SHA256
452e19c9db127b28828e195a3fd8226bf09d1e0c64eaffe1560ec8d831286597

SHA512
ada970759641d761600d941278cbb9b45e260ec082cd358080f7f3858f6d887ff1de1a22bc3523de1b240e25cbc2e8e6eadd5d5d96c25f83f3d19c3382bb5380

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
255ce1c5e2f2700a8f3d8d93e2b265ec

SHA1
14e7f84347dadbf7205af05b36d82bf848749f80

SHA256
391d4c7f32322573e53384e2124dd9147324e91391eee166a48af3557697e149

SHA512
1252ba348b13a7dc5f7573fca3a5197203e5cd074c61a1bdfc532f1ace0244e4e1ef181c151dc7a6c6d7895eab61030008b7e7fced87cd7116a15cb774c7fcaf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
556ae180f80c5232b983ba40854eb3fd

SHA1
882bd6727b3c991ad315c3ae099896342576680e

SHA256
f983d1b644ba85e46713e5b0bffcdb7af061261f313b226ef8220f9f0133a94e

SHA512
acf8480828a8eb6f11dbe9e1858701bec70c63e0c1a65e9768072277a0cc3785a5706e744c0111fc23029de63e6205eccb986f709a1220ec88a5cb91462c9527

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
96a3230ce76ed37c96519a1f3297864e

SHA1
ac80623bc67ae9ae70c0888ec98a7125b0b90d17

SHA256
98e8b4dcd0fc041a7dd517cd953b394e6111b0e0621be00c6219f0d20b6336e2

SHA512
00f4b106eca1abe83d323483aee50ba0f0ee02f2369f550ba4b32015160761c1681864858fda26a5db2470d08a13532bf3cad531ad627ae114cf92a326fa978f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
e423e2f8d4d24f931946d84a0495ada4

SHA1
80e029f7133745b2cd0639d800c52d70d2b9777c

SHA256
ab7596f0b48e7089cbfaaa1601c0afb03922aa19ad0bf35e4d6f7db61133f99c

SHA512
7639d2e279bc645a92e9f0964d2079a866df0ddab4fbe668c38e8ee24bce0393c7b570967e3830a2c8bbd1c98aadbf690749b83ec238bde1532d837f3769dcec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
19eaba5e945dbbf6ca161df295d67bbd

SHA1
10e2544af0f65284a308476e1b72dd4a16d44656

SHA256
b0b6c221697dba6b3cad901d3fe60e0c88728b0b56a18db5516692aaa1c44a1f

SHA512
f53ed50794e602ad840aa018f9664bc135e080d4e5bb148e2a85766bc891d3e177b06597624f2cce770664f0201ea5b1ff314f7d442cbd02633fab4ea4de398a

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
e887a84c6d28551973c1581620c11f05

SHA1
9e4697d3fa4e3188778f0211619a87e2c65669c8

SHA256
db282ad438576189d43e89f5b977c8bffaea4999b74030fed4a8760e3323f883

SHA512
e2edd91a0cf4fd84f7bd349be304a26db31882c1f21a02d7ea3eee0822caf0c7a0afef329f2fa1d761dab649c69dc36e1397c339a62df0965b9fd699d2346890

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
314B

MD5
e0c385a1ae89c994721afeef39d106e5

SHA1
140ea8805f6ba381d121601e8e7448de3a7e3050

SHA256
f6c79cdbb8d10c2419ae64bd98f837da80acd9b30a5f58dc902238309d914849

SHA512
05d586abeebe98cd0c89013d939dbb0e33687b85004809c66f8bdc7a5b094093d71362050d277645833d7f515ef075a1849b1ac26af27f32156c1088f7e2db30

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
b1d26bb60b14c01f0ba08f33ddb54776

SHA1
afe278d8f1cac050af2f535e3ce2cf49c7d6463b

SHA256
1ff10901bf6f7c286efd5388abbd18fa6e8241666422777b057da1e19d69f2e7

SHA512
6051f18ed2126f5c19903b73d132e1bf7c7ff3de080b232bc222b0814f64c9a59512cbe345321cdebe81ead17544467be64b2a54f604257beb3c36bc54717752

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
312126a52e0bb6e7e074541e2cb60407

SHA1
55502d887cfac662811b50e3e8264a918722b51d

SHA256
4ac197407f50ac7b15c1011540d9d5f620153db2c90fa530e5f22061c4b6dce4

SHA512
4a9f3ede465a50a828618bc2ca25791320c29d003dfa7f08d17043253c0b0529823ceb49a5d6b48b88d2f6534eb1d73b4d72f0b655ce81de4b4be3f708c62a4e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
b5d929f245af08e0d56663532ca7496b

SHA1
a816e9f824a72b7d45c5df730a8f0d3c3ee50c93

SHA256
04d2b726335e9acd77fcafa20aba296022896671c1192e1dc9bc923e106c0562

SHA512
b25046aa3b59d3514d51cbba3f47372237259353d93b9ec6f427890a4b0a29dcb01d7a6ac5a16607b58a99ebc915d2bb8283bdc90fb38bac711a5bc229b2490b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
3cc0949b1660cef7059468ce33c4a589

SHA1
35973e9c37410ef8f3bf47046154f1565d905d07

SHA256
f46a8164807d57ccde668c50414c2195c978343dbf4bcb55969ffe9e5ca0ba9c

SHA512
5353115cd1444592e5bb074c98749d604acd2c885489e4a8f8c3d3190b5b0aea4829006bbdd602ff43fdc1e5b770538619201679e2f4fe58a75dff4e543ec8bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a7643b7953ac8e67e603fe040930d3a4

SHA1
f6e3c1c1601fad2f6bc56ba40ad9ced11ae10a47

SHA256
724fb2b17698081de7c46b79b908275ac0b2f3bc4dc3c75fb47638883bef20b6

SHA512
d5fc0e0f5f40c22302214b8155b6d13dcd187e8627d21d5ec173e59e7454c6433e942242cf2dd84422e95d1b3a43c86acc58e5638efe623ae5d2d4e40f2c391e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
f537a2dbfe66a46f39380b19cb574399

SHA1
0cfae39f7683467ec7eceaf96ccb00cea5d21215

SHA256
b921f576ed285473fe8032855b813c2738bdf291c6c95f2ad1aa436e4c1154b6

SHA512
cbb9f09d0093c1ce6239c7578f408451020e6cb9e60a4e8938348e023716abae6b7d49c286cd21dc8dd59a0e924433c62c4aba7ebc9b8600a746eefb991341fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
9535578075660e352a3c726599cd1e25

SHA1
21d057607a5bd46654fb152a360e91e52e89dd19

SHA256
7fc68854dd304c5f1490bd7854fa94d22110f9746bdd34c703d88dece4f78909

SHA512
a65045d0192a5c3d8c96b6d64ef99268b4e0d580c86bdf010fca30c70f68a465f8190eca320aa61b3fe036a560ea379b29691cfec18b13fa0993dda648c55eef

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
af6c252ef5bdbbb13fed9b7b968e5252

SHA1
56a88cd39aacf6a4618ac4df382717d8c8a62eda

SHA256
384ec3123a200a4b2286f06580160f7d1830994c986004aab54d6ebe76a20255

SHA512
f2e7310f9a17b7af4f45c19eecbaf2ee258bbfd6858b062b75d0b037dcf6f2cfe1b940a06080e641ea32bec1e08fc4385a97d720ba780151a222b2bfaa711435

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
e14c899854637bfd4395477e2809d843

SHA1
eed7c3c4c957b29ed5c0ee95badac8edc1e3fdbf

SHA256
2c8b73c8ea52ac84a1909343ad1dfd09318c8384598c1d1493fa8429a7f5c2dd

SHA512
cc3c3b07df23ef2b7a890fae18c77546a7c2225b1dfdfac51654ad539998ae5f3c4adfc5510d260cf50e50993793eedfb04832a106644964d93aff79bbdbc52c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
9403e5e22502c22c9e5d3db466fbd4c2

SHA1
de579eaa62e52d662f1d7fb033d0fbbb40d2c204

SHA256
2f38b9549d5ae2b1c3b1dd6271fcc52af76ef804a0117013278dcafc99d887a8

SHA512
91b2592f8c05a0565a9ad5eb0911b27c83dad99bd8e7b9a81e695a7a264f144ad039dce75a68ad7658626f2e8d1c47d981fc02c2c4b23a183b43d855c63a257c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
84079548fae1156d154b149265a9faea

SHA1
372d66051683760837cc0cd96a8897777cecfe57

SHA256
e3e3ad6614df5a3d7912bd52c281e9555ebe8b8c42841fa81999ee864c47cba0

SHA512
d9952443a642a7c4a53720452656d7d02568a802651d80a2750c29e7f55d4f9634a1e6aab5ae55ad369d98a6e576cf111bee8d9aecfbe6067473907d22f02c86

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
81f4b11dec4e26c1eca3a9bde2d8228a

SHA1
4c63c57ebaf6f8add118bf70093525ab6b225333

SHA256
c9aa7aac4b8ff8d9266bb1858a323b84e2dd5cd8f04f9ee5fc439fa3346163b6

SHA512
0b91cfe784aa6806794c381a6766394da75a43e41aaed3861b0e5ae37a844e05328749ef3338c30dc6912b97a3ccb569aca7033841121d38c188fbf2c9712be2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
9d364a3fd5244d069d83e49ae8a43cf3

SHA1
6a83effba8ad4d3ede698b000b61a8b160aadccd

SHA256
777aa7d7f617d99a460bcc985bdc051a777e4375b3daecf51da3ca0e3a1d80a5

SHA512
cc29ca0e2b7b29671683229e85617c2d15bd685aec8e29b39c9f1cd5887f7f0685694cae48f8a9da0d57617e0df1d5a517678598baf8baeac6ec0b3dabb532d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
2a6c7a688d1b29390d30120ccb68bea7

SHA1
5dac917de4de1a7e668e1d86ebdfdea795d2ef72

SHA256
3b8b0181ca4cc6df2888cdf3bf3dec1211aa6112624b734710e7467f5960ad60

SHA512
5b2b0f7d6020b2ff41abeef34767acf315dc9bcfb319637de01202ca4544903e1cd07c53c566db73078428c921c6764303cd4a8d7d6ed99d479e33c81583870f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
69aa0d0ce869d7fbd4241df0ee70bc12

SHA1
952bb17435213db2fe10d56412d4ae1572b3ab67

SHA256
dffe65f608c26458751b8f8f97ade74787b1fc29e6a523bb8282c14c7ff27559

SHA512
8ccca21f2cebee3e5e60fbb87b9f52f9a95bad84159e5d61e26639a95827b2b1531a4557fb8258f3eac02b01d0e77e160196f7186380637d38d128727ed7709c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
c17830e2db60377204440fd2543d17d0

SHA1
c9fa1dfbeea4fe1a517a9900966f266abbbfbdbe

SHA256
ce050e154e1ae06e609f4ef0225e863a131733e8e065777c02c76e5faf9f39b4

SHA512
30128bcbb94219faee515358278abfad1ef771de21ad0ba8961469898647789f6d97225ce4753a54e5b1b1e94f1022935f2f0c3b88fee19a19bc17e7b399ac69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
ce053714bd6c5da69a5841523ba644ea

SHA1
f29f9cff14200c5365d862958397eb60bdd7fb1a

SHA256
b8eecc6b557ffae0037aae0f5d62bb6e5e2863c58ea3fd80459bbfe545446153

SHA512
ed6c622bcb302ccbd1595956f26ce4073b10d3be11ca0f95ba4ed006800c1ff45949f118cbd49df00eccf6f79cb0bd31a0cfa2afd5379caaab6e64ec98fe5d70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
57f0d128b49d91be8eb4a88459e7d6bb

SHA1
9cd7581507a62f0c84c3ecf14a74405c42fb123e

SHA256
b4a7a011d74ca8e2dbd3dd2d0f0679bd7d52634694a18778341dae338688717f

SHA512
429069871f63d6aafef563ef7170d04519cac212cad87b7c6bf448d28cafb02e44136bb063ecd22628e9073b02f76049d12e4070e1d29a6682acd07b6388205e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
76afd8048d4d74a9d8bddd90a63ef28d

SHA1
2f8f1934472a14e80789cc8fea5baf643093fd53

SHA256
0429fde56ec301bd8db4945bfb9aa84fd55d3e1e2a47585ed5281eb03093cf77

SHA512
2c24340a5a61916a65bf237914fed6f4ae1c3e48ad0c141c227fabd7e07c6fd26259577ffe68c2e3d3d9b60112145dc2513acf1af2e2d7f50c803a3f665b26e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
acdf3edee365a5b94ebd508f928bbbb3

SHA1
c9d54874651c3b09c08dd73d7316f3e4494e6f96

SHA256
5d3a6777e3e04319f308de72a9fab5ff12ad511d2de47eae6e3a8a58196bd25d

SHA512
545fff4f12d1cfcaf06c3c3db0f4662638b6f869145155db17c7d98c53b6ff789574c42f6d4f46cfc3e500aeae6e015aa884c41b63b9fcc85947c6f5b9a059a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
3d442917b385184bb1a8defb73a1e0c2

SHA1
481aec3bdc4d8dd6d030855ebe9a0cc21e763808

SHA256
063ac82e3636d3fcdd07228dbe3d9f2f51c6ae2e7bc591cac26be8694b94488c

SHA512
b3cefc1a4fcc3abccc278d43929ef000a5866d806697309cacf3a00c357a5479401974ef97990a52a54d4f04884ed5635945ff0e3a4ebe859f3cee0d472430be

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8de64606d49a34fa2cb6ad63e672dabd

SHA1
c9a1a90734d8fa2b0d51f9e1f0c6b2e9c0b93a41

SHA256
9146bebf603e81c5f05c026c1116d77512ad8a2903a74c9addfdd419ee540a54

SHA512
86bc6ac77ddf2547d55df6e0da57a0aefff3d09f3f0363db8259e16857e7ce772ce4dcd1586601d2e7bc02ea1ca2d95de48d63c29b77517b16da54ed05e0f4e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
aa4fa863e56b58687a4ff84e4900c1fd

SHA1
0dc82721668783c9ccf2878aaa7d4e6b7fae198c

SHA256
48d432244d2beca4d18ce6930b88522a21e02da88a0fc0ce0355b14262d1dc61

SHA512
1fcd33e77d517a5da3d5469e9f9fffce25da77ab23a7f7b849327ef663064b04b924dfbb1eea8568bff2398e1548b14490bb7e26e57f2ed72b13cc4461107f87

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
3579ec6f44b86c109f203a48dfc91374

SHA1
fdbd8b920246c983c4829ecaa2f9ae7b2acec60b

SHA256
b5ee6e80e809285a73225cfc60989a061ed04eea5aa04a9ebbfb7517987238c5

SHA512
60f35eafb433cc90f7ebd2173e1296686105d645298ee889c4d65e3c8fc8d0f5103cfceee6c932cec730e46b6d2f2dbb4ae0dbd16d2c825236ce216a49e8eb3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
6eb0c9bc6f541d8601eda68d0deb4fbd

SHA1
89622da662381d39334a5dfbf6b651524ba90665

SHA256
8f20065a7cfa93d5c917a9c240531c0fd4da8339863ba072ff761da7391801e9

SHA512
c02f7342580aac5167a060bc86228a029eaf3f6c45ea77ce4324d584061f7a368f3abb59ed9400ea5ad24030d0b9217ca536d765e15179f15feb8ac4698f4a8c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
3b183ccc179e50a87bc9e9a6c29b8005

SHA1
049e9657a6600fc0664188b08c8a08273754c668

SHA256
3b7606a565b86523681d2dd48538db4c1d571f78de512c3755910debec7f6822

SHA512
86df27160c40352a8be1386704ee1ec323504306567ed2d8d3cef4327aaea52e3523a03728783ec5fe66dba51eebce59388e9dc64a21a0491e4d613aafb5d034

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f1d3183d0e1311a940d372f79f8eb347

SHA1
452d1668cb2a8e4d6d497f281b5696d4408ddc08

SHA256
e80caf657133de565324338fc31be9fa9cae63eea9caea1283db93ded5c479d3

SHA512
0c6013ebec4c6b84e9728a7083f307b9881431ff2e1e7a9f4a5cf6acfbfbfed005e679253a07829229769f830e97f62d493db1447a2fd11713da3832edb98ce5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
306b3b8fde00e28635cf6f99f0c1e3b3

SHA1
f3a65fe4b13ddc5ccad97d7d8c89ce77dc923e44

SHA256
bf557915d312979662e221eb711f4198b78c28a57656cad56f9c4f0dd18eb32a

SHA512
02175eb1f7ce515a9ebd4f70e2bd36f42e1ea0ef45fcd8f6e2a7c40ce3823397771d868a48a4540038fe3f01d20408e64926fb935be4b46958680fbaf2c82d27

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
2d573dee6e210dd179f6c47c1f879c96

SHA1
25d9bea7dd7890182b7b834eda0e2798fb37b63b

SHA256
7d1337ceb7be689a550367ccec8b0902a8232a88df910fd6def6ba36c6d13c31

SHA512
65175f71e9dc1c17e99c9a02eb4dc10bc73c206ca573f478d592c12af55bbeb0cff254476b84ba9f0d9dd96ac6e0d30258644281ed51b15ec29cd7fad67e1383

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
2fabd2d58d95b00118fecac31fa0be96

SHA1
0db0c90cc868b73b559667a3586a5c459a185cd9

SHA256
fbd2bf5f57f91caa0582474823db1150b866cc5d2fa6504373e14eb409c3aa31

SHA512
759c7fdcc43f44a43802118f0f2fca447968b8a6f227153641a31dbb83c91886c90542a1281081d5817e9381b9eba2d8e1d4100186fcdb52c3c92cc435830e79

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
cac43777d7e17fa31c10a4780b501142

SHA1
5ee18da2c697e3aa4d20ba4583f21efa8e78a865

SHA256
ce697216b36e9e77a2693d1878cc84cefe3cd991faacd9feb7f3d5424ca85f41

SHA512
ac9ac115d9a872e7ef4499fded8321445f2449f654ff1016111332120eff694b7db936534a636e7b93ca80a6190b587350e24809c4a00d97a0fdb18eb2f27e11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
af8fd2a03a0e8bf9da1cc7b398ef0630

SHA1
7954f94ba78a0467cb5594ee038c2020fb784e48

SHA256
8e6b1a998750d20e0bb03da5631c0abe9846b2a9777308431b80ab13ee980902

SHA512
5241a5c9375a0f64c67dff08b5d962e678dac68b3a1b0feab5aad1cdd8059e00e565fd367c6fa7ccbde083cf7598454ad85794acd1f0631226926eda21c94eaa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
a63036427bb218d97dea11edcc3a33fe

SHA1
1fa69a5a137859b95b7dd0775e9c2ca64a001fa3

SHA256
eb257c1cee6f86a395c4795cf3cb3b1f2ad6b601336c6a57c44338cf712d3f1a

SHA512
d297608d59659542b14473e12f5e2f29c2a55209fb605606c6629784b101ebe33f623a73bfe1fedd70d1627ba89a9c8aa40c7d3002e1700e541dc1195f1bdc27

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
ef283a7a39d5aabb18432585ca98dff3

SHA1
238c49df89d5b84c32795b3f24ba6ae48b971814

SHA256
035451ba4006bc3de1e5860eaf27ab4ae6ec123581ca0ee3ca93c25bd84b5089

SHA512
42d96660de5c0f9cee1dc5cb8804e79f9adae686842906c2d26ee2eec96f79dfcf25275ebc4e83b4df6051311a23a33382ca6342e76ff7efab393efad82fd3ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
99466bc939530abbc31621f426462865

SHA1
98108461fec2c3c04adc8d6d84f44cc26683469c

SHA256
e42da20a910797169ce0814d28f02fcd98fc5e8b8e758def6903467740288180

SHA512
704c9adbd455d4ead6b7b311b04093392abd0bb67c5c5eb02a064551c9aea6abadac93ce040064d6a7985e6ab9c76585ae571b8687ae4db298d4fdab0b01d975

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
da6f60ee603a8887cc21f6c24cdaad8c

SHA1
ccabf013000c56c33daf8ab6c5c0c15059d37385

SHA256
831f50493955cdff387c875bce1229b4924227f3fd706dbc9e97ee143bbc11c0

SHA512
ace0f4f7be6bef7c51c5200bf0e7940664d4be9fd22a6d848dc60a2f6d574a34c9dcf030251da29674b690918ee6faf82b724f8c6d886e2fc9972fc5ab459ae7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
c4d5e53b6d0daf2ae1e6f01bfd4ab2fb

SHA1
79de1646db916d0a6b333ae0da37bbc57477a42c

SHA256
76501fbf8bf39150c39ea88ef62fefd048e774e53860f2a3f8316cca45711033

SHA512
49f788e27ddbaec4d52a714e31d6260119fffa9c9ec91b2d6e10fd8b3df1d3782f7db8893447fbaccdc1a37982350819abf40bad79fb3d2da6736e37e6f697e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
562bb942cb75dfa3372c5ec7fa5c56dc

SHA1
1f12bb5c2d975088342feddb603f159893dc3909

SHA256
4e5a477a2786eff40cce9fca7f284c5d722028cd48e01d65c731c77d2ddc553d

SHA512
d9ccd1195527c1d390519af8866a8b6c32ab5dd20050107ada2ceebf7cad415dcf38364c89a88bd6777d5d66c5e08d8effe5216eb8b6d90a563d9b3e32df354b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
f9629a053ee730107325b2c2ef44d574

SHA1
03c35f50760f48f64547a7538ebcd67b4dac3546

SHA256
51250ca96c4eeb699851dc74b72103f2dcda10a6fead70e030042e19d58da7f0

SHA512
e3efc1855df8d2082b181360c39e17d7a890095d71b5045a05c4214449d47a76692f61e0184127146fd02e7b7eddaba0204635f2cf7814a5f7114c790ecaefb6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
f3e2a5c9992658e807dc283b604b4694

SHA1
6227060cbdedc41b6f56ba0cb934d2b2295a3e27

SHA256
86de264f50df8d353f2f5b7ddaf5e08322ca401b6171ad08a542ece35c446788

SHA512
acfec9b77d98764529329c6058e1e609af6abfcd0de233e330a19c3e587c7612a74c0a4f9ef41ec32e5399a832701ce2499837b1f8838d8f66da9df953ed2ef1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2b02ca66530bf262b2d6ecd1a25d04ff

SHA1
384e6fcf28fae5dd3043e06f6ef9a2249ad13910

SHA256
3d0a46fb098cf87656c2926480db173e33722a9e970c7b8e8ae398ae67d3623a

SHA512
8b180906868ec3308b775121ca97e79f97571d8ad5a4f4e8da4c651158c331b6eab59f091d01f879fcf3bc955e7a26088c09dc17eef9b3a479925a0a15566885

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
aad121f7bd68f899f72f2b8f3f667a13

SHA1
fc57dc6668d7f4935207cc3b69aad8407cd24b3c

SHA256
5fdcf323df3afc7fd8949d1cc7d982848e5f20cc59b6e4139018102b35ab8d6f

SHA512
80041b1f9be6b1fc9698a58e47aa8feb3ed9c3c1a95c22a2eb0a43f8310e710bc9593d8d4d5f717cccf06f83d31fc7264f3af621d00d078be4b2573371587043

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
3e279cd22c363eadac500fd9f7e48472

SHA1
8e915ec7291b3a67606bc0dc6ef0001f212cb4e7

SHA256
d295a51f1997b19eb500ed210b525eec6125e4f4df110b4eea63e82f90ceaee4

SHA512
9d1dc5010ac43b755ffa9ceaecc90b25575c849c62df1356bdf86973da7406a55091870cbe358c9adcd1f2a1690c2b3054b383f496c7bdf27901f1944c6f8a32

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
95abdd17331c323a046e5f36d1db2947

SHA1
51cfc52ccfe86ec712ce8bfc47ab392ba17736bd

SHA256
61579b185b75712cae6febdbc1ad93d3bc9ec98ffb3202d9be9f09ad7fb92313

SHA512
19dc5beba148e3833a5a4bfde54e0d426372b4069cc7c187787ff3b008f1c0a2fd17834c99e39a74814abf18c01f78d609a268d0efcdd720e4c6456cedbf5042

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
200840b89a6b9478fe1a758763a37fc4

SHA1
19919f9b5f6e90bad15e69f9f1f8c1009ee54a7b

SHA256
251cd4f6ec087a5228f1f54bc8b7dc5f90d91da38c54a10dbd06436748e448d3

SHA512
49276c4476ad4dba23f804e0658aecdae2c9fa04829905dc02d7d6c1cc210c9a33cf994fe9afca43e0cb6f885bc51bbe6ec8f46cf59585036808256d3adcc69e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
f9c0ef0d3b44e82912e130f5161aca53

SHA1
c0538a3a5898595a559767cf01edaef5fff616d0

SHA256
88063a82741ff7b9ba31329764252ab6d07564e1d8a3ad3c9eaa5f6e45b17273

SHA512
e21a615693c2d81121b2702261953b2080191bf1b8a09b637c14525a8ee729031fed3bfcc966663b7369683e055e81748997926cc46cfb6bbd6082b65c7af0ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
1ff41ccb4d546c9941f3a6d008e755d9

SHA1
d9981125aded3191df8eb808f977466356aa404c

SHA256
ebffd129ddcdaf6f101f181ac6677419091c541695ad9086ac583dd3d499e1b5

SHA512
afa922295d8be6f8c7d97024911f09be7bc083f8bd8c4a8ed57acedfdec59a3452a69440491d2c3eb741af55a4e35597aba0ce3b375b6b29905f2e8adf3cdafd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
bfaf82d183faa08cc36da3090e2e453a

SHA1
3b35d4610b9ebf297bb59f231392c9833be23d42

SHA256
37d0c76fce83fd988c6ddb426b2048a0f172f0426cd1392d5ef51abe3a08a89f

SHA512
0b79aa416cfcc4904cffda560edd58f81d09bb0873eb0776dc9847195a5fdcdba6cba45e51382f190adf9764a29494cae7c4dffa25b3736698532657291671d6

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
326775528605543e53215ccd437320f9

SHA1
0d6a3918961f8df589e4ae79abc1aaae055e7f80

SHA256
0a8f385a05dbf72198e205afae2334cb19e8d65d1be1aa17303c6cde718711a5

SHA512
0772d7f25e27a55e1a83b5ff8b3bc2602f843f46b11882847d03fca1059dacaf4c405cb308008bd13cfd562628e1758cf79fe94357f3addc6e8173606e8f472a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a90098bcde06bded1e5863cf6f4f4143

SHA1
f2589c8bfb92529a9c21863d03937746c294dd42

SHA256
545335675c2ec6816dc01057f35af96fd0da4e5dc6df99c5e7110e053fc6827a

SHA512
8a68b960f9b8d3999ec729566acec7f92eb8d22fe12ff911a76ff87903193c4faed3db9783eaf1b5e9ca6d355dd148c10f2ce2c0e786bba84ccc36355a3943af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
b405e089ec3a58e84fd121aa8a0027ce

SHA1
8af599a9540475e75cf532d0114a331678a5e223

SHA256
176098cbcf167c8cdc883dbe06e9336baf3eec461e08d39f634e6fe345111cec

SHA512
8ffa99ea2bfc297869f140ab98951726dc3fb4ea9535e86d7d40b218dbb5b5ea0d8f1778ab6016f64569fbc24ae455911a82646551d0560a99c653013fb09840

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5c37fa32c504777b8f679a8985109c64

SHA1
cb88ffbfc707d3bec3f81719338b7b17fb0257b9

SHA256
31f1e5823886caf5b9d83767be6e97189af56ca4a35d75b4b4bcbb643e6da82f

SHA512
9b88d2cee50c1d03872ee0fd5130b3bea037a34f4bf543864693b3a05dc8ab7e7cc3478e5294e3e20bd84f196f2bdcdf5b32152f352371bba11a308d3c628de7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
1db47354d135ccec25d967a6ce47bfd9

SHA1
995ab713757a7e5ebeeba761fff4390b86dacb98

SHA256
1ca5285e3d68e65e723d9289d592d4c8fb3b8351dbea1df554f4613b6074da2a

SHA512
291ad3bc1ae316fa2bde0ea32254ad0fdff8970cdae5430c8f3f372024a55237f02005be1afde66e2d1e454aecd04cdd84f2823008beb4f8192ba1416b463318

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
71a9993b15a3cba2d7255f6cfe5dd596

SHA1
ee6c306005dde8896468f2889c7361b080c2e2d0

SHA256
261d6d6c0204370feaa21815410a1e751a937d4af09b19cf68cd5bce3c52881a

SHA512
5cc03bcf1cb0c4d443dab323613c70f3c870c17d2d6a0463fda4cdc2739b57535b4356e7dc267422a8e34fdce5fb14797e01eafc2fb58a23744629288ea73c66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
cfcdebc7e9766a4c444ef4c77f6d27b4

SHA1
adf9a2d15156380a1b70ef0f6d446cede8016324

SHA256
e5a603fb89021ccb8c1d41fbd770204c8b362e1831de60e5d55802f5aed3f843

SHA512
9037777bf5574befafcf9953183afe735c75ce03159a58626ac9f9f78016bb8e43e54cb6fdee2c10bc30ffb05f2798afe46a62ce5d7c38cbc8c9274655e399c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
28d69aa91b065f653c65fdcc141f0ba9

SHA1
2d252d5d2234686e3afb769d8c006630a99ca7a8

SHA256
057bdb4cf3f646d101da79ad3f60b1a07b785c88aa9b2f886acb722264c55011

SHA512
7f31852959cfd148a46c36145c75b01ccc931977b30fc95f255383d070c11d741c611bf5d9a4e7b57225436c5de08da88406f2c67a2dba91bbac64c333e3d26e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
37a4683e689a130e24b0a2f20281f5e7

SHA1
2cae5f4dd6380a0c82f1b5f79579bbf65cfc13d5

SHA256
43a8301b4c6e30b34f0cf20c1a1d3d537b8ab9b9cdedc8a0c3985b564279c199

SHA512
2d114cb1babe784af32cc46d123996cb84e681f51cd9ba1c1da00b3ff36a16cf943ba1de1f862ff7295995e8f06ca86f5470631c2316ce1b41c3a8b275ce10f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a3f4b1c6734335dbdf2e6e9001c1c7ce

SHA1
e2cc5b832688d10e47fd1f9de0b3b2a06be193a4

SHA256
b7d9ac60367e0f7e5f489fac7025d27ebe3f0751618e00799f86fa309437c742

SHA512
4f8b3e38e70b1869abf87b7e11acd079d43c3a1386b6ce76d9a6b0e056e2762c52bc5b037b56c1f327f0d5062f4613a8dc58c1d10d01fe44dc8cdd802df966f0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
f25383a1a58c133c26b244088e5a7d11

SHA1
e8546e6f0959673d54a19f10067285fc452b4597

SHA256
31fdc240d40a0a9881d0bafacb2336677e6d60ce3f7c5fe0d86d70ae5493dd6b

SHA512
4db4e16249e8a75b16c6be7037802de5c8f2b5dfe345b8d29d76caf801ace6bfa8edb0df21d98703e2fb11240e1c504a0f7d5006facb5a9b755a7ba79079e76a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
ca6a01877aece0ab5fb449c7707b9313

SHA1
d7c320984c534d9f8371523752ff2cd1887e5ba5

SHA256
ad5ff56152838fe0978295cebbe44a593f61aeaa77679d6c13a5a3e00e438606

SHA512
194885890e825ba82964ab42c2f15d7281244c93d033119847f0417c7483f53cb8a19457a23b0dd74fa3e83022e88a3ab8fd2d0b89f34d727f33dd6b1d89e497

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
6d98c73b0375c214152161ea98f3feca

SHA1
d1102d12c13f45b51b4d3c9d2e82d9333c60b00f

SHA256
846a8a750f4d96daae6e5335a64dfd81463cc0e119148cd673499ff726706669

SHA512
085041dce39c7c383e0f1c387779fd16153764ff44583ac88e0bd8aa28b6fdaa50dcafb82f002d58fdae45a0f2a7a43edf1b0521329643746bfdde2bb3cd1429

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
b2d0b743bccfc611cfea5c6910284218

SHA1
dcc5b1e3f8a28b3c3669563b82c11d44a6174724

SHA256
d80c7cbc11b2e3f5d9b31206dd94fe01069d0f550bc39bd5a89cbbfe989b5f8d

SHA512
6b97fab70b8527db89aa4b4c48ae0605a8e4c473ebcea7e7b75158245abe3e614c1a5d51f0f6ff254d210cf4318d3cf3ee7824d4a6a8b395946894aca421daad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
e324e9e00593b0f5ee6631ee5f9463c1

SHA1
02d3a078c49322e226a9760cdcdf8d4e9f007ba6

SHA256
82c2e8efdbf099d35e9ed3003da0ba13672a7495efef733dd7b8a370b0aa0b63

SHA512
66897d5ed8c0b9a6088fe9127009011ff913f99233c9b56e753f026e220de62f7b04f208ba4288a3ffbfa0d34e747b2ac3d78cc78c71159c4b47067b2bce557b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
933fea165d97d730d8b88a19e447db00

SHA1
d06150a1b11f7e77525674a9589082fde9befa76

SHA256
2ce92f2666a72e48eb347134c06b78f627db0a25ef035b1743a162c9f98007b5

SHA512
edc02b64601032728357e25d0948580a7455f7f9883d91f0a9665e82375efc9f311509e62e5840ba6268caa497eef26c109009632ecc6ec219607f60cf9327fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3be9a0d7c08e0eb7acab592944399267

SHA1
e97c1c6187c6d24e6b292bb7e273f02c661d7f34

SHA256
6fa799c08ebddeb697f950cfceae0b25f476678da5d9b83482ac87602abc6e0b

SHA512
a3ed562b6f056a8e126b4d17514b62ed190628b3e1233b376d0380253d458d716c1e0c46cb8b0a54a06fc153405d51673acdd824647db8fab15f8973bc47d094

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
cd43f10f293437ed98b69feed71d30ef

SHA1
16c84001f49586daab1eb7042bf2c74755c77183

SHA256
9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

SHA512
fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0bb6bc70fefb5d6ef27e28664b39b1dd

SHA1
511f31e41e564f6220b8a332654010bc96c4d5eb

SHA256
d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

SHA512
25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
ed7c5b7c3ce286204df6157d15d41a64

SHA1
ee53b265598015a0738198c0660220bd9f71b545

SHA256
290104551c371292c9862c77c8e1397ee5830825681ed7ed3635b2d5237f36b8

SHA512
8108493419797bbe53e48b10eb3bd6a16a313a181a615e850fd55d5a62950126ba5f963b756833491738b32d271dd696570236e6d38bc582a324f3f32aa9a1c3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
bc6379b7c4b58f7577143082d0ea77a2

SHA1
a2063a1b514cf0d0e9ce3504ed7c5a9f045abe76

SHA256
6c50cd71301f181a4541f4b56f3419be23c2e24c010b9f016ac55a6a6f908ec2

SHA512
8e2ce58d10da1b8d0f8b3944d623cd5de6f5bf30a6f03f4a129ffcd178f7a277b04d7873d9d0a70951369bc5bdeef66a11e8442ea4cededfe68a4437cc1481ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
bd5ec0a5ec68986ed25f4956f183b9d2

SHA1
ee6fb02ad616c9e114084bab35a6b4c50339764e

SHA256
9264aed6c24823e644d04ad184ffa4ebf07d8dda6a76750e842741aaf169aeb2

SHA512
33a744992113d8fae3789a86a8ae9719bb5a70e050a59f2d2d4aacbdad46c4a297a7440599d6db0c7c22c07b0436840b4304436717a24401b654f0a439583d97

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
81f78a2d6ce61a30262870a10f5d2de0

SHA1
703132b37696ccd36019ed57aa153787a11e1294

SHA256
29b28fb81bc0658f5e1b8662692b82e0417ab995ba287bbd7f0405ada6037a1d

SHA512
eaed77135cce1bc2ccc86380371395405aaf4f0168deb1521e1013343d9a7e3df8dea44b2b3b2f1fe5f7e22c88d90ef53805d66346cd1af0d1420e83d7129bfe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
fbbf0245a444c7888b31f2efd9891f31

SHA1
6eac9bdd1f4eb3acb64e972cdf1b12cb993b7153

SHA256
7e80214de4623321663ec1163812b41c6f5a661950397a23a8e8033d4e1581e3

SHA512
5063d4a8a69cfc0424bffb2248269910355efa31bff68d4ebfef26a178617cfa96977a8e808ffef7da17a971177639a55bc9281a095d6e9227393f94cb3a933b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
fde556d1e4b35d3e09dd4b5d9302d556

SHA1
7d21b95d577fe6e5c1cbce274f9c3b245f4e8cb2

SHA256
b038f01aa9eb7370e4d0f84b2ab14396d037a41e5c2df51450dfec4c03316563

SHA512
636cce7a447adfb9564f6c640db5290439b1d55fa43e6d4505721d67361069e380af3ca578a5f2b00fff59b47aa6b135e92e869e9937d7e44a0c85fa21f5e8ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
efc049b9fe0a0c12526a314bdcf54c5d

SHA1
7211e002066a3857b747b5e07547b896f6100f62

SHA256
4c54a39be03d6986f04400fc72463a80384143692f23d8f18bc7f205ff83ab94

SHA512
e2b7cfa18be5d12d8738a3e8806f34c1b5ba96c7853af97a38fbf61cf04ce4b40ebca756ea51622031fa5b929dd6e3dc08dfa83174de7214a43ebd6706581e6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6ad9412f124b5db69a4c96e3bfa299bc

SHA1
4d6efed9f931776d8f80d1fbdbe4039ac12f64c8

SHA256
61e756a9f96c4e88ad044fb883416cdf94dca05902d2f0a7c6fc97395057674a

SHA512
7900128f7e5f33e5827e17e301ec9735401de44cd7a1de19463df10405aa14641e4765f07292bd571b7685251e01cb556dea01b195bcd8f9eab03dcebcc5f167

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
7b029f12b69869ff1c01a9ebc1daa866

SHA1
7d0ddfc9e6107a5741006dc703cc9a4fa895faf6

SHA256
fd3e2f042966d067e23f67f4e26a68ea09c30a91f4951b823cf2df386612e31b

SHA512
d7091490a37388385dd76252bb2ab5777019dcfb933256eb73581cb249ff05fe4d451385f2224a365da8a98499b9309d93e48ad252df868ef454539896181731

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
d5df170ca258b5b1bb93ae4cdbfc67e3

SHA1
4d522994ef72fb036cdc0f89a6d8eb5922314d3f

SHA256
5f931563823072aaf103d25af75dd9891f863ecc73cdd90bf14181b9ab1dd38f

SHA512
7b459564358f06ca59593e1dccc765e88bd9ca3d414ebc713b9e2a4772535e5449d370ad163a08cfb8b126e3c64855727b7647aec1802a7e6a52ddd0f26be037

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
729963aa9046098f024390f8fd16ec0f

SHA1
8c8b52ca774491bb9cd6d436636c9d4dd8a760ba

SHA256
3921e1c208c651be3ad6e13a911f3b192212e93a6f589e49006f1ae98dc50100

SHA512
0ba899aae11f6b9ffd44c7b20b91de5dab166319ec0ecea2d2a6ac9af28af24cf37c56beafbc84c1baec789749021fce034bb3e87d5ad13b60dbdd9a1a792667

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
4a8988693c02a07507633e81fd2ae3e8

SHA1
0961304f3fd1d62b222f9bc3f61f2bd10273a415

SHA256
d4ea34e53a82f183be1cb47708ecd71f408e0956ad271693c803511d8f759082

SHA512
b746145f41420f65a2229724c10371dfc562c0982dfc22cd38f99e9e03f3e42bcb01b78bb576aebd31f6de6277ab21758d93087e800fdd51a32539c6bed42f37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
aebfa57b67bdcd1cda429eea62350524

SHA1
88dbde96feb673a9324d7e1bbe8af244cd96959e

SHA256
2db11eb4264e583a3770cfd3bdd5f0af11574fd9bfeedbcf3ab1deb595b3979a

SHA512
7e9c3f90e44e4b82291aa37c243ba586b9dcaab96eab809dd2ac3eea28f20125ae08bbf5deb979bad03080756694119830461133a9107e0d3125a86b948b6cb4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
502d8588688371fcea2d648be1a2cb84

SHA1
1c8201961d1ed30b1c1908dcafd748edff755a05

SHA256
e3604b742d7161c5d8a2cbae02df09489bf87f9a4d2c37c8f25e29b116bc13b7

SHA512
12028559c2d782c407ecf29ec75e79debc8b846ef7c083203c6be4390f8eb0d66357252af9e9a201ada268fec3f98bec2fdb9c93d1032e84254f59e306a2fbef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
50cf98f9e7583fb27ad8626f5470567f

SHA1
1f478d2e07e8f063eab496aa6c53ebb0b738edf8

SHA256
e5bb154e6302deaf4039b83aa75414324ee8eb8d79e7039dd1b43415f3037a11

SHA512
c3c797b6150fe7417d30d9c39d5a90397e0aaca117cc38b0057eacf84f84b1dfa82b6cab95798ce7fcab2146daf3a79cc3f58913f15c5db1d3bcf0a29eecb492

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
55fe437639f758af2f4acdec877054da

SHA1
ca7021050098bd441514be6b9a4608e9591098cf

SHA256
79540c4b2459445760be456c2761802c8977fdb71e60d0adf81d7f7ae66716dc

SHA512
11e80ac7cca3e87a07ec7a8ef5dc170e18656fb8fdb8a22b6b92d73dcd6ebb18ab66509c801d6b7fcb678d39653e19c2c217b975d1290e99cb416c974bea826b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
7273615a3ba84e7a5f9bf2136c06a5b1

SHA1
191375eef7475970da425458df7413e468b0295c

SHA256
f45a864650125cd57beb02759c267e1465489b21062e1817a6674feb2511e542

SHA512
a284fda873551f96bb9a8d03fc0f6739c4bee7fb35278e1294f99c06a4bc13ae2cad09addefe52147a3aff6ebd5e8a07d5d7dd6a8b3cd2bffd885cb959a8e0df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
0cd89d655443d803968d844e0ebbdc1f

SHA1
d4de00e7baa354a155a3896d87198bd1613b0be1

SHA256
61d1de03fc5b270e392964d004a985518c8c7d647d2c1537c7b6a0744a6245c4

SHA512
fb221aedd46b14dd710038d292697230a35ed9930c633220c6c3554c9c0131b28fd5ff48a711f29c362c15cf9131e498723468240f4a394f0f13e54025d0bfd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
fbfac3689e8c1c5193725e9d5a82f8db

SHA1
035cec9253edbff743c5fde0f110336961f66257

SHA256
3ef76a16efe93f02bc8aa903799510c1740a118fd35600537a88ce403ae92b15

SHA512
6e9a94bb4ffe98a8315bd3b9929d8757636befa02459c414489df4035754c95619d76f602d6bd2535af4df08eecb5fb678e66908e03fbaab3873f40e3e53025f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
c9aef5f4e5572fd09087548d032740c5

SHA1
c58759346b48cd7aa97e3e1cc254e6b71107231a

SHA256
a16a8a1cbf274b396cd239fae597abbe928525475b4ce55140227cb9535e02fc

SHA512
e7c1c5998158a25a43ea0288954f00fdf03468b8e8006d015c377d8406a21032d0567bec61e7ee01ef4e0e3ab9998afe9781604d81da401926bd2efeb4ca1d72

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
1652ede7415f6a066a043aa4ed13d88f

SHA1
8a2f64c1175c0281593b9492adacf63cfeba2142

SHA256
725c852e55cd007fcaf25897102226683739d84525b7a108011b796072916f12

SHA512
b38c1e348a0f0dc490d8f94d3401272ddd339e79c031694cb9934c5772954fadcccc6a2061dfcb7d8119134a366c189a3878974dc12eca47ef20128d277ea807

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
b7dea136ba62c4b173f86461996d670e

SHA1
316e5d4b97d005efc1a0ab8af1882ced31afab8a

SHA256
9b7b429ca979dbd7237466e87c3936522aa2f089817c3e18a369f3e02386948c

SHA512
ae223b7dd1d303b255ef60c2ca0704133dd0571211a6c4a3c9ebd6b8163f6115a327c9647a62338eead6782d71fbfc92650d7e0e28ac908eaffb6e5841defd1b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
fd5453ea577eefdc7e6b38d48ab0d0d2

SHA1
7d498c13e3120c2363e62ccb7feab99e44aab848

SHA256
c8ee9646ad49743784edd689aa9295f180420400f7c4809310b4dc1537be8438

SHA512
35068ee932e142ff942b80edf013d289405df25747c774223549df22116231740dc06c2b5f7f7dbaf05a08d9de6b66d24660bfa7c23a377f6061ba791688b7f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
8940e9031075778cfd84683d2c0dbc3d

SHA1
a422c8d17eb286f617b08249eab4e4ceca6ecd8a

SHA256
c7e9b4ab9c543b99ce53c65ba94641eba8e5830225b38395ac3eabba0ddb47dd

SHA512
ee821696d52d6c5330814baf9c5052e6ee55745307669183e8a5f30c294e27d99b0813e45bc59315f6c828a46e5f9731f4a1a6a8f206d355b5713e0ac953fad4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
84015e72cf9f440a4a27fbf69b6bf2f4

SHA1
579a2e31933231b75f4d3d19832792afd1671a34

SHA256
2643d23964cf6ed4edeed8c669f3df4a12797c5410967344bd8cb98a6a5ee608

SHA512
d9fc12d854ff5949d2ed3215c99b21b15eb2131e6b36122da7a861212000737b5314b3beb0ebbaf53dd423c26d8b9eb24cdb028a2de74e5853f026ff523195c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
b328d69ae089d20485914a74749420f1

SHA1
81553510c767b92619ce1fd0de09f30874371ad8

SHA256
5ed5fba68ec6fee219a60d937eec78d8976bacfa47856f5bf74ab142a8df6cd3

SHA512
44160af3498786a82a697ba51401eaf528a913bd5145d71de403ba03d8a0b10d820308492a6b164972cab9232f08a79f7b30c04aa6389c054110c704a7226734

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
d106bdc894b3e7277bdcbf9346c21bc6

SHA1
bf61151e17a516c8c9ba5f44a821f0155cb6df71

SHA256
7642bfa696534b0f75b739784f294c786c49b84b471738ba2d73de303bfd1e0a

SHA512
569b3bb9ec14cb1d6d1d51602fd6a8c95f947fbb95967cf515248063bf587b20cc29282c8fc02afbfb9afc287d52c77673e8e801ce3d8a0258c0a9464482b960

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
b0a3d25e272286db26d9c6cafa93fc86

SHA1
b746225087a3366afc507a1265368f380984f433

SHA256
6e787ad58acffb814bcbb28cf00ad2b69eec0c1d1b4050755992a3995ff81581

SHA512
e6010eea590f15a02240abdb1f24155d32837a498f69030bfc5436b21a3314c97ec5f510ca0967c3ca522e23484c780065771af11381cbd0b8b2dd6773eae22b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
2ff17e00506fefcfcb5953c29bda2834

SHA1
3f3db01e9eb0da9dee7128d647b53f7fadbc9898

SHA256
097c5a37b3f545ff34b94ae7741066e54b5e469eb08bcd6160f4eff6eaa30c39

SHA512
39847cd64aaac9caa8d91e4daa5dd3a77a00cb32a83307ec7166b6f2c9dbce7c231d30889fe4730f08a13b39a11b42ab83d73e2c67953a92d5945d3325fb728e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
6ea0ed33cada7e5554a8e1a0c642b162

SHA1
0f6c5d87ab80331bcf35b40967c930f9f115cb58

SHA256
5ecf00301b6ade17d3b9a26f54946a2a81a85f6672dc52276b2e0710ed30b108

SHA512
a4f85e28f1946408c6305245c971dcb5d663987db7ac52f932542ad8c09597b26374ef58a1a12457db5a48433e140279800bfe70a30a08f98e1b69d7d1a1e8ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
346689e3f20a261df1845bb2273aa642

SHA1
ca62f5d1f864a1a1978ba471fe3f082f22d464a9

SHA256
696888fb3e194e960b2999a3afce27ac533ddd394b54e417c04428de5a5e1b3a

SHA512
fbd3f7c7964f808d100c612428a2140591ab3b09ac42ba351c895a7b8318f3c12302b96dfd746eb1d3c126bfb8334da801671032aad5b085f272d6b47c4a5fd5

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
9d1d03200b46e8d8dfa921d8cdcdf400

SHA1
20cd1d434ae92432590c1b26fb45957e511454a4

SHA256
2d786ac6486c85a57197148bea66c36ae261902ece0f41f3799e13e2dabdd113

SHA512
86378a72d2b4e22dd8ce2ce819c93b19b66ecea80364980a74427ac84061d63d38afcdf91cb26bfa3ac8b7b2d293e7ee8d895d038c73957de3851f5269ac995d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ef7917abe4275179ed48559f67f148c7

SHA1
6bd6b40652feff884a417cce172df9b19b20c3fc

SHA256
f778198bb774e264420802f237d6be5f20fadc480182bd72c7527b37b4a80128

SHA512
8fa1aad05adee926875526b23ffa25a831a863e9872bb3b18875d2c5b3cd20ea7982b1fbdd16b90335be84fcc905246d772658c3577b56c6d57ff58c826adf27

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
224059513e916721917c9d6218f87f6a

SHA1
dbe6e4e8fc362ade8745e1f6bf2be4c358c02093

SHA256
816f5516d68a14431cb2758fbb1f1a91bb80cef81b5f21a05b89404e7e92b8cb

SHA512
073486327074dac43755b7b079b5fbf1266ed2f202d6e4beda8cdc728e555f2154bb88f105c6303f1e19378f9f10bd1a1a86b2ab046bef7f9b5ac11cef736f94

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ae490728e0d095519ee3866b15e134f1

SHA1
42228e29d76700a0470913a781c621c264b330ec

SHA256
c3a77c8a0b4e522713d5422fdf36fa166e14c1c707ad174b775b80e2f4c1124c

SHA512
1c32cb6bd6f6403aeada3b626d5c08d6cae4b83e2b983ec21f51357438191d8caa20c98f62bf7e9588eadeedb15928fefb74b3e99c451aa40255b0eac73ae934

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
c8882e9bbac305aca2e872ff5d171bd2

SHA1
a03174345470c8b46b3d03f833c8df4567244117

SHA256
d1658e066953638bf72e69bb324c64476ff5c887cd07cc46e833bdebcfb47138

SHA512
c514c42fa6731f219265e38ff86546c2db8b875c358e4c0ded81dc46ccbb675df49965097350cbdd2cabbc2c96b5055566a2bf3ec187527e2de5d8079cb231f6

Download Submit