xorist | e6acd52fed1ec9c49673348d152d9b84a2f06614ca75b20feb2939804f04a521

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Size

69KB
MD5

6afc9ef212bace7ccafe1832cb1cc812
SHA1

1d8b9093a70e37233d71f31d6787edf8324d475f
SHA256

e6acd52fed1ec9c49673348d152d9b84a2f06614ca75b20feb2939804f04a521
SHA512

2809b78ce5115573ea8a9f6b23547723f55b4c672ceae4d0353081d5bcd05d6061e51df814e0366f9435bebbb0f10a8a4e3a567ee86a6ff7c3cf122a64703647
SSDEEP

1536:5r4/tfLJmXzHPl9DqBLP2cY2z2MOjpsh:5rG6r42Mq

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3556-5339-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-5335-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-9850-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-10880-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-11199-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-11218-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-11223-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist
behavioral2/memory/3556-11224-0x0000000000400000-0x000000000042A000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3FYu5Ng3u0d0Q9B.exe"	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_timesync.inf_amd64_aa4bfe1897922114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@EnrollmentToastIcon.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_a0634dcf2da1127e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3556-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-5339-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-5335-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-9850-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-10880-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-11199-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-11218-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-11223-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3556-11224-0x0000000000400000-0x000000000042A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-100.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-24.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNG	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-125.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-16.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\kb-locked.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-100.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-32_altform-unplated.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_20x20x32.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleMedTile.scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-125.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_altform-unplated_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-high.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon_hover.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96_altform-unplated.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_OwlEye.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyVideoProjectCreations_LightTheme.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_altform-unplated.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-200_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-150_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-400.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected]	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-200.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe805.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-30_altform-unplated.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20_altform-unplated.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_altform-unplated_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-200_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-48_contrast-white.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated_contrast-high.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..d-dialogblockerproc_31bf3856ad364e35_10.0.19041.844_none_0dd643eb35c33ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-maintenanceui_31bf3856ad364e35_10.0.19041.1_none_aade233709aa6d12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wusa_31bf3856ad364e35_10.0.19041.1_none_62f19f00b7fa61a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-white_scale-125.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-redist_config_files_b03f5f7f11d50a3a_10.0.19041.1_none_f4641c404ba4172b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-onecore-bluetooth-hfp_31bf3856ad364e35_10.0.19041.264_none_df2cf124910a07d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.546_none_749638bb0a6efc61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.data.enti..ild.tasks.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_f3abeb05939d4c90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_msgpiowin32.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_aac7473ee40faded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-dmusic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bae4dccd863573dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_it-it_b6a048ec05d6a6df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-softpub-dll_31bf3856ad364e35_10.0.19041.1_none_998514c21e4acb23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ilter-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c23d893339114a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_10.0.19041.1_none_8f3a372b5909de8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..atahelper.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8d839b37a8278fcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.workflow.compiler.resources_31bf3856ad364e35_4.0.15805.0_it-it_9785c4d4a0f1bdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e02f8b2d2fc6f3d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cmisetup_31bf3856ad364e35_10.0.19041.84_none_125723f9866d9ace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.662_none_ab9d8e21d144461c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..ibinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_43acb68f53938348\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_product-onecore__mi..sport.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f980d1844e6ea31b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.web.confi..eprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c526372455fb75bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_6e29d327f335e261\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_adaptivecards-xamlcardrenderer_31bf3856ad364e35_10.0.19041.1_none_90c50996bdb60a3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-400.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme2_31bf3856ad364e35_10.0.19041.1_none_8ccaf9c8444b9274\img11.jpg	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_61cc0da1046fb5e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3dce3bd0291d4d7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_circlass.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3db8c4a4e50c3de2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..platform2.resources_31bf3856ad364e35_11.0.19041.1_de-de_5b4d261f26a1cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.19041.1_none_d0dfb9642de0d432\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-display.resources_31bf3856ad364e35_10.0.19041.1_it-it_de143b7d37ad0fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-photoacquire.resources_31bf3856ad364e35_10.0.19041.1_it-it_c8b69cfab86bd47d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-eventlogmessages_dll_b03f5f7f11d50a3a_4.0.15805.0_none_3a3a222ba9bf72fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.19041.1_none_2b015b7b1054dfc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\NearShare.contrast-white_scale-150.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a5b2be9d971779f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_it-it_f0794264024d6496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_93adcfb5ace23a89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_es-es_869a1f4b30bfc19f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_2365c813f36ac3fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directx-warp10_31bf3856ad364e35_10.0.19041.546_none_d2b19536e9dc6af3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Shutdown.wav	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-uimanagerbroker_31bf3856ad364e35_10.0.19041.388_none_57e235d809a12c5b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_en-us_78dfc47123c58895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_10.0.19041.1_en-us_abc51ab5123ae09d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..server-provider-dll_31bf3856ad364e35_10.0.19041.1_none_1aea434d2556bd83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ntication.resources_31bf3856ad364e35_10.0.19041.867_en-us_81576777c631aa40\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_10.0.19041.1_de-de_32f4f055121bc93d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpdui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5e5dbda77a710cba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-lockappbroker-winrt_31bf3856ad364e35_10.0.19041.844_none_75caad18319b4efb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wdmaudio.inf_31bf3856ad364e35_10.0.19041.746_none_8cc50abfaa861487\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_10.0.19041.1_it-it_1bb78609733e2d13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mmsys.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_eb009a437ef1bd29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bth.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3885ee2b472f8de7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..mitigations-acwinrt_31bf3856ad364e35_10.0.19041.1023_none_a575670e358d5f8f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.19041.1151_none_9cf376ee9c2c46c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfplat.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5d502155c89e5f1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wfdsconmgr_31bf3856ad364e35_10.0.19041.1202_none_89fa1a547447059b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.1_none_6d4030e42c3aa8a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-foundation-..stics-tracing-winrt_31bf3856ad364e35_10.0.19041.746_none_6361ba4d37912373\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-100_contrast-black.png	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\ = "CRYPTED!"	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\shell	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\shell\open	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3FYu5Ng3u0d0Q9B.exe"	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "RVNPSAEHKPFHSJJ"	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\DefaultIcon	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3FYu5Ng3u0d0Q9B.exe,0"	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RVNPSAEHKPFHSJJ\shell\open\command	6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6afc9ef212bace7ccafe1832cb1cc812_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
73f0be114220532334e51bd15b052904

SHA1
8e37b89c8a93698006e4d5f0b5b4a39c6177dc9a

SHA256
9f4c2e440c4cf986ad78c0e321fc49aa81b1e1d8a3db6d33ece9239e333832e8

SHA512
4d5d1da44042d0fdab687e8d954aa04d3095fe4a391d655fe0eb189463199f907b60e4bfb0332a3a758996db9557875f7a2b66d3f1cfdfd097a34c98ef7bd834

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
1d6eb6614d8e2da6b04b906b4c77e12e

SHA1
415c0747f5f2e63ad99f528b01b18be6b965bc6f

SHA256
5b78e0a57fd55d2e38ee02cc68dfcccf94221d74c96b9befac04a60289a887bd

SHA512
cb4fcb51526f2aee40c067f9beea034cdf7b29ee2347df8224bc0742a8e7991b33afbeb47d839516377a9f5884137ff53a0ffc59b0a50f9760a7a924fcdb8c78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
e25e277351f0439647fde8f99eb54fb8

SHA1
a52623d63283d5f3922c6cdd5acced1df490540c

SHA256
86e4be85c65915127d18c015a071d1667a50bc090cea69f54869bf7231fddbd2

SHA512
61451dc126cf16b0b9043343d169e9da143e095327f70066dc087a298b0e9ad60691f320b75ce4ed128c27609fcb552cbbbbf99439c8663e9d2818e20dc70d33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
c10b7b7cc59e5247406ffff61c90b0e3

SHA1
69766173e02a39ad8a3fd65bc456e0c7d5624944

SHA256
63f88043cceaf07b34de495a0f6bdacd8c9cc9ba9b10ad4b939a668e245ee779

SHA512
a7807b34213341d423c32f37eb71e2593eb3f7cc9569e9dda31f471016d34e48ffd2f6783e595f26bb22103dcbecefea1381ec920e29bd9fd5df023b6fc711cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
60cef498cd9c4413275d51326e5534b6

SHA1
be1ab8b2def5649a4271fa23498d9707f7e79b39

SHA256
8c413741cb12b3e9b016749cdb8d65fb79e488f246dd758b3cf76b385bdf2010

SHA512
5713d118eb72b91ca8fb577caa179fc1f6f28b8ffa2078bca94e741a504f9ff5d24fe987fd70fe63391cbc687a56e8d68aca351ca6f0384113769554328fdd48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
5cd64198e18d3be657b5b940f2226dac

SHA1
b64925d7dc51e27e0552a2aaedbec4ed0f92fb2d

SHA256
f2144845831052e08749c8d37688ee6b7fc2b2a1c613f77c9d25e830fecad66b

SHA512
499154562de0d62b677a48f8d6407bd342a35b2e218aab8acbb2b98295c1be4427d28d0c21799737da0a44b4e45622f0f10c87da3b3a5a26ba48a71eb0981674

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8b80518c8a5f50b4c63bd9fd9e544a3f

SHA1
02a5557d6f5f6afcaee881fce60d18c4e9bd8ddd

SHA256
19c52fa770a8db218798c9619c5786f4d747c59aab188089afc1f594526b498b

SHA512
ad84870b813bd31f6143f0958b0df1c061e79009d6c543b1eb48281d4b31c2b3b02becd95c1c6f1292cb580103c729f89759f84a33ecc3d9366c3947c8d5cfbc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
ac90e07906e4b1a002f50a167891c644

SHA1
22cc784387888692e11098c2694e7900ee0dd1bc

SHA256
0e0eab324579d11dec2bd53430f8fce25ba369b3a44e0a82d9a700958739bbef

SHA512
43550fe4b7be6133974893ef2d1e381f378e0478280589dbb3b45242a66e280bb52f8faa0bb4b11da3261c3fb69f84107078eb3a51fec082893198cbf900cb05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
cac5ceec619097e80439d15a3d5eb7cf

SHA1
fafa24fde212e5d44dd2a3f15ee6f7798fc3a74f

SHA256
ce2c0f2b6d7d7366f3a2841365d75b6433b3cd18d005f40a52436ae474c2ae27

SHA512
722e73f7c2dec5b07904dfe47e3cfad33ba576d7ea41bb63c17136af2a4c93ad4212fd637c43bff45c55270e69d4266c06fda8bdd2ab02c8db95428e98cafaa2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
bd7ce06d54829a8bc786749f029669aa

SHA1
f53f4bc979515290f5678d0d6e98f6b756147616

SHA256
3f932119f3642912dc7608cfd0d099349110b41e3606faf941fc1c3e176af1aa

SHA512
a606120f7d4ac563be5a11adee5c39683a8c917071d18743a89129fedaf32af82011a402c32ebfc524fa7f5dc1ea413730b85980024d4d5f0db9277e451b0563

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
0e86e76dd74847d89121aab09aa5260e

SHA1
1f19a13928a885591f12a2daa069fad3a2312786

SHA256
781a3fb160f5ff31831d09bfe9f77d430d7719303ec0f993602a049bd19a7609

SHA512
18074cee214be000ca5fbf9386143e8f99137a0298a9be42105279aaf18095738dc37975e92afadd69a94e2fbcd62c160e84d52d08020c29f21d1905e079bf02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
c0afffe98724e1611c2e5094c9bcd0f2

SHA1
73f354a58b6abe874177513e12c55dfe0a57b348

SHA256
be4c4703fd56ba10292ec53989690710809ae8eb613d9f8349078bc73f39b61e

SHA512
849a1c1a081438da9859b6251bbd744afb0cb885231581cf34f091086a00d21ac80cf9f7e588df1529fa610e50077e839d0a262125a0b74c7f6f43c0f3015864

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
7fa25f1dd18ade702c8eff9051b66371

SHA1
d35c3e335636b908fd8fe71520a6134dcd4f2e4a

SHA256
b6f85dd241573afb9fb5036d98f4299a3f848eb5ff8da4cfbc5f00c569d01039

SHA512
303ef645c369e78d19c0b6aebe5b63b18db638ea3000cab8e25b74492c6df475b85083cb41a388b08b243f71e622fe37b5c89ee1288b4ec28f150480168b41a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
9625923c76fccc8cb223440e3ce80508

SHA1
7ed6328b258764a82881031f1f7cfda8fb7de79b

SHA256
dd178ece4766cf532e09a99a75c7900cbb8fc350684124021e60632afba9d785

SHA512
eb4a51263f81735a88572b0832c0ede06448bde465eb1ee20031b0a1363815e97e64c4b77ebcf48792b0da05e8ca47b9e62442f3774d7225e2caff4f5cc08a1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
4e58278fee2b8c5403529e4813300ffc

SHA1
7c840d86866da86c66a7192cf04a2067b77644d8

SHA256
8b26c63dac6570e5456b879792898c74e1a293d934e7e6a6e2f72e775ba483d2

SHA512
899824a9f78b4fe3f6c4357073cf774695ab979f8a3adfd1e775fd7d3d0399d554b0b40bc2440a9521895ab5b0356d0f65cc7885e10095f554c3d0026356608a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
71f2a37184330a9eba05b5dafb7dea6c

SHA1
39c82511ba68f02694e2cf104ccbb4adbfbeabf3

SHA256
cafb6fe701be1b3853a4ffae01351739ab654601cc7d346cbecb8977f96bdfe8

SHA512
f5d5d858d902c57ff8d836aeceff3324387ec249195b136f92ba50c287c6c045208f23c532614ae7296b945ca8f6d3706ba9e1fbd7196153c9688590ff13c317

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
c5c8f34eaf91dca155618b4fbfdc38a2

SHA1
6df0a759ce16d8ad542d51be8b419d7b589faf97

SHA256
13d1130cdf73ddc30e050d6c9d19420b747efa4c640bf5b12bf3e76d36306a59

SHA512
17c3e0508a84a451c5c9cc76693cd2553e56fef3ac410dad82aeee16e4d3acfd4d398ad8541ce502c74d490d820a7d39b6458f642daf389c654737614eb89cb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
250e1b5afb22a6c2ce32642ee80b4eb8

SHA1
5dc188fc770489bf68458f337e221ff945c2ffa1

SHA256
9f9058c7272b2fd693cfbfaac4d17510122302aa487a28f646b2c824968db61b

SHA512
997b5203ff45f59fd1f57165ed4359ff42c17f9553aa9c4403030089d5f9a4facee65ddb1c7ccaeb7771558df1ba9aac77b4d87239aacd263a0148ad9eab77c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
1afc3049f82cd89e45c80a13b5c5a918

SHA1
98b91743473b4c2af21a473d209212b4af539cea

SHA256
8cf3bd121d75409508be09a046b21636dc66cd33611ffce7f44e64b7d23427e5

SHA512
9abbdb594ded25a05be16896cf895de8e6e3a83ef7f72e99519b91f82133270757f8ec62f9abb8b9e1ed047909618b9cf6ba5801df890cdf9a7320947d9132dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8a75450b8ae3efd63c13a29ca247b1e7

SHA1
ce89a04e49e8ad1bf3473b064ef01232fbfc2c67

SHA256
1d0b2509eda7a17d9c14e0a8a39f0201b22554a0edd23645ae587df92d2ccf2f

SHA512
64919f8827503d5aa8bf229d7251049839e0d5bea40f0718f48527de01366036dfe610f3e92f9043f55667e2c5bb3d6036445f7c809bcd2d3ddb1c5fe2cae984

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
d4b6e3227614d862a0c1cf0c6f9e17a5

SHA1
5e5af0ba935d13d8d0066cdaf0064f86f711703f

SHA256
79f42e101f60f15e0ab5b815d4518a6eb33f35d2dacf848a826f84729710418e

SHA512
a946c6adf31e9183eb7bb34cdbf48f2bfdf7e29231f9122af406d213124f481f52eb399db142b88bd1d61fa716e24d70d38978eb1640f0b69f0efcef80936671

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
0965c4ab91fadb81100325a471437965

SHA1
1d0628727e441ab8074a27e3abc1e83fbf77ebbd

SHA256
5afdc9bdbf8dbea3c4563422be4735730f01cc28db9d447303ee2e2b798435b6

SHA512
6836dc8514a30a604783b2bbb9ba1caff9fe8bd64e571e311ab86b963f2bcaff9f5605ebb2985a017d9a3193267c26825f06d7bbf90a6521fe528694c410e2d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
33311fba137bf0a8dc952f7a97e03894

SHA1
7d43bcdaa3b60d760d23325396ce9646d921cffc

SHA256
a1cd20fe2f64348bc8fc6f5eafb6040468cff459805955de409513bcf8b79502

SHA512
f0ad37d51d03c75ee0b072b1824cb4ce78022c480259379a57b3288b23332a0bfacda6d11c94fd9622789c1604111d06f09bcd87c2d870523c1565fe022d2a4a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
edc13cb62c09cf75b3c963b7c43c14b7

SHA1
4fb7c1e615b2a42b8f45c85478dc88d32f399b14

SHA256
444298f3283836baea0b9b562ed3635b9c774ffa95aa5a1e663aa8f26e1c972d

SHA512
8217e08f6ac6c8315b894d4433738ff8fea09eb54963991df3f61275409433b5eb50a282ac6cd15bac2109932961c672e161ef5dbfa0f060be3f92d1a0d7588f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c46fd6163f399d43e0023366fd1a6421

SHA1
51baae5ceaf1ce0b2c1533b2aaee288775b16a7c

SHA256
b29484bca5aea72bb5199f3352babbd4a482cbc8029fde8217a3fa49c85dd419

SHA512
cb292b9e6e70fc6d185412a32125fc4bc82d9be66481d55fc203859fcb9fc9383c82545be7ca6ad368f2ddea8b40316ac25db85b6350b0b7bcee7486b54c6b77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
6a1c2dcd3a73eb742d7a6e80ca241d14

SHA1
99744339b4b6d8479c402ba788aa3905aae85c65

SHA256
e0dc5bb4111eaba3c51915ddda0162c5a9f6c36a86adb8374038413241eb2f85

SHA512
04791f69ae8a4b28c5b447aa122d29f402ed5612bd1caebf8ca3c0527bcf1d6c8563e4b3cb275c8602d552f3dd5e5dc37fafbbc0ad9bb04e9950a75859c7d479

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e29431efe7ec3a19fcec4b21886c015a

SHA1
4756a9411f70b977b1e503c66d16a4360cf683b0

SHA256
0d17fe0096b44a6aba5c8c1a330b0b0a4446b76284bae726b267bae9da988b4a

SHA512
aafd90ef16df882106d3d43db736148e1d2014b23761601cf19e35c25c9fbcda51dc7f0413678046978750d08e222258a6b921401f710e37f0a05489587c3c0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
d641db82657653233cee4a542b73a72f

SHA1
3f354518118a78b82f76bdcf35787c94dd46a683

SHA256
2df2de5b5e803ea1b1b31337abe41de3a6ed81a09b666397f2e8c8d7911a0336

SHA512
8285534ddf0784fe3f4d271487d5df9606181a0ec4b6bd4ec1e3f26b4c769aa37290523717cf1a0db62869383d0942c297862c87b6ae73c31ffb8e2772c1a5ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
e53475b58bea1af9dac85aac1ed02124

SHA1
4565e0a31050295f249c2c0cf1b85abcc5accd07

SHA256
4157a5633a6ca8ca5060cb729bc619d65ba1714d8a4ea70c4254fbcf2e6fe138

SHA512
532c03032f02068cd9737a7d7553b0649867c4fac93f15b9983eca499fad55f1ae9efe6f5afe576a87735377cb5fd746f1530022c51ac00e79dab6698cf1d9a8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
db82de1eee9657752f9692a6b755e3f9

SHA1
0fc7ae84e9749edaa10302e99a579b370978c641

SHA256
771b2f6a311f4b7a48d30b059cce38c7790b4f3f29eca73d6dd8d8fa20f58a96

SHA512
92021f7dad8943d323af9296a0338096034011dadadb87ba3273fc8edf1527af3f0b394647590e1ac60a8999f2446226bc0fd2d29341d7ac1b488897763908bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
2f04292edd56b49a1e2c136f0a556f4e

SHA1
4920ad86bb7aaf8c7501f53f6afc28e23e662778

SHA256
8d50538dcf33fb05a34d16ca0dfa1891eee71ff09fff17ec15a3af6e7c4f9695

SHA512
9f5c0f6f0df54a5994823944e30298d0f85afe2fe493d416428d0d130ee935258f48ec248770fa99c464200cbfa1b6ab400a4e8b70f60f289ef12e3aee047702

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
3593834d61a1d006a38f98270bfcf527

SHA1
48085e0fbdc4beb53357f7ce5ccc4b669359aac0

SHA256
f7a2d44e2162d00fe4e72664f949ec6faba5c9d91525c5d63e0afc54445962d9

SHA512
26e7efd06ed7929c3cd9adb6b9914233cdcdc54c514d4dfefa5f468e8c2371fa99ef1cb4c144ee2a731bc3322a9aa889916dbe22bcb1f43ac130a32879885ab1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
a91460a3d3818dd948f7695938992ecb

SHA1
d7e977918f210d9ec534bca9de9f1f759c18e59f

SHA256
8e12ae6ad35190e0d63350ae6a19db2ddb8a8bc33990f65b9219e43183ed7af5

SHA512
778a29af6078017c8d4c44cd93902a61f85b0af7616b3b1eaacb4f84a5999782cc7f732d19d4b651dc7c090462390855c611c41e159c0a46e03e49359f8718c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
94e5b1e9dc5667553fb6ce29dfb0a1e5

SHA1
5561c17852876b93fcc3dacec78cfe60cfeeff3f

SHA256
4f9cf62955caed34b44e229902f1a3f5b5ef6f6387886ccf66daee35694cc92b

SHA512
7e4c5e267f3a23a79d16c4c0c9cef8066a31303fa1405a4fad42ad59cab02b925d466070a229620abae6fd652bedf1e486ca0f61fc75d08771ed3a0b8458f1ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
c5cc4656f49014f0ec4b8b139c0633c7

SHA1
832cd398c831482b22a9da2d65c6c146674ad06a

SHA256
69ac71f9a8d1cf641141209d83df6ce05601208962202b2d2f884b1d359f6881

SHA512
2590893a1438bca9413755df74a7084e4725f5b2f33f6a70bd35d77ccdd1a9d531d10a95de962e96b6481afb21614319bd104bc99c778ae488f6aa89609e9840

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
1dcf18f7f43bc0c012b7f858de7e94e3

SHA1
ae8ea2129c9e27bc81a5616588e028371281bdec

SHA256
c9e97c4e5e63c2dd67181178a56b511d37377d44c7060ec1b677300df69fd0f4

SHA512
b8f459f1f2bb966cdf02a349457d717a5319e7e8aefd2fd34eb9eab8eac0f762743c4b5aadc198fa18a90cdc02f36ea1780f0b22b3525dbe915774138e16dd40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
d97a157a96d5ca41b855c11e7e6e5929

SHA1
7c1ad8199cd2c82b405418139e0437c0d0d41e6b

SHA256
c72b13729be5c105bed568fd2f9122d15dee32d78e1f3cc273ab1240a4f00cab

SHA512
6df798119ef5e069b0e2e4251b15d8d8db370ce74e530eba7b7bb54dd7e36afc75dcf494c97dadbce2b10b34fda9759146bb727a7c5a314f842ba16dcf63e18c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
f532007306ae75b1989286ca12fbf0d0

SHA1
33dbf5edbc9cfdc55bc0443adb94a82f599df592

SHA256
cc8bfc678af0b0080a438c5d0cb0f8100db749678f9c11aac062ac665dd7174c

SHA512
cab25f3e769c42b763a8f6f2853fc58e48e4d0c8e6fec97c06c7c77e5d6ec78b952ddcf88f37f6135e9e1de9c9262392d51dc01b27391b6e86fcbde20518ba87

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
461B

MD5
3906ad032abd920d98c9028b12df882b

SHA1
7b95f2d900381a37a54055bee6e0e2fba729a21a

SHA256
29f0ac8b3b5a180c991015cdbb8c5986a70bf35ed8f3773b28bb7971e2b0fd79

SHA512
d6afcc82a85a2876a50cff0ef43c1bda2fb72b857aa9c88ebbf880b10fe6a5f4fc88a13419000961a8d608480485bca6209909b52c2db68d00eebba322cd8945

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
38eb0dc87f6e5c34c0d3eb0be415ec77

SHA1
e9a488cb54992d5def91b9c91ccce27205a97714

SHA256
5b912336c3e14e6fe56c9f87db13e1dd51fa60d0759cd83ff75e1a6dfb45f8e1

SHA512
2bd4b589f0209134cf2236788af4f46c17c303987b2727465038c1e4407d5ea87d3be89d4680ae6ca9259f0a83c518035701c8aedbb5f9d05bfbcdcb7af32e63

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
de7e3754d6587aea9bee50d800c6275a

SHA1
1560d5c0f6c30d9002323580428cb4d4858b96b5

SHA256
3d4c6067f02fb7ed85afafd8d0ae6699f90dba30ba87566a2e6c16d1e9dab1a9

SHA512
c8e8bccdda022928632389b9a83f0271793805a74d4bacf17c90d1c659fa617ec70da136b497b8a7950c55c360c06be8dd26ad5447c9b4fc16a6ba87ae4b4b18

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
eb145b8fe1f748ca16c1dbec8cd3ae11

SHA1
495f49fe19598a90bcffe4c63445898d54208328

SHA256
38657599e497276d2abd2a1cbb9d61779692598a72c2bc7e8cfe81d7a9071402

SHA512
77443f508f66ee35dfb2275c67b622db5e8b5b1bd88494ef65b01a1125f3d698d043f90c761d173c2d8c2aa5af9da8e17c00d30cf0090d8ad664b62b50048c2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
69e06448c42c564bdd21b3fcc1eb0cb5

SHA1
29c9ae24a8d71fe70da66ae80f95670293a38f8e

SHA256
a693aeba5dc144f88d70403d9c5970ab6f0782ede812911c72e4af0e59c3e7d2

SHA512
3cc2bd38fd1f7e3f31a4fd6ff04c60d6362d47308f0e2b26aead0cf07a096333c4578874d645f6fca675563a6b53803bc44ec0977acfddb8aa02f0803ee1eeb1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a20d08462d6260fb56a2f0987e08b010

SHA1
57176e1121fda0e1b9126f44050d2d60e89ef841

SHA256
7ab85420eef9f8cd354a08f8393d3617913fea8839bd25d8296fef683ebe964a

SHA512
22c034809826c032e21de22f5942173f4f9d2f144a9243915a07be674f3b7101f28f3ffedde3b719ccf9bfe0ac2936195221a6d9510525e33c3ff27fbfa62dfc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
4787cfbba306459b4720bacccf9e8179

SHA1
4efa67d9bcd456ab5abb5228781bce7bcca2b3dd

SHA256
57f7338e8b9c0488a3d1a733b9dd29cf94f478457995fbfb11997f20dbd2eb8e

SHA512
bd4a957b6505f1ab8cfbe19a3fb507f3439cae314f6ae7dafca9a12a576cb98a737b1e6659b70298253f29dd76cc0b25a487741174b435776429436c2feb51a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
8da1b7704f3182ac95f6fc1d38a2a22b

SHA1
021e09cb9b0d67b6e3a835213eed8d1034ad681b

SHA256
1c58a88b5c81bef6e8fd4d7990cd84187acf64f8a97b12374f8dc80a2eed2c2d

SHA512
34259f536227007cbdcdec6b34f92efc5ca5d89ad9c6d9b2f2a16655b91502a1fe1e7ef279667b1e070a93c89f359f8517821b453d1dfb949b2474eaf2e4199b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
121cc9b43b75a5f35a062edcef78b377

SHA1
ef7d38ae37d170511ae6d07469a417800af764bb

SHA256
8443592c7f0d3d2bc572d05155288e5bba563a63ce08ed7c3185f16b57ee8457

SHA512
f8eba6d1cde376b5d3f74a5badca3d8f492708d3af9772278f93c5cfb900ab153d859b64ac50c1a4e7408b26aafea2ef8cb863297eec465c7ce17275e5b67211

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
00d08ced303c9687017202309577eee3

SHA1
f87822798a179aa362b6880b0ec8d37e06dac6fe

SHA256
7e57ba2763fea9df78792b453cf69b384bfcbe11dfae39e9c4b50d8adc73119a

SHA512
f29103432af38a680c57974f55d82d7eb012a24956cb934326b946ce714e0300000db14f210e4861870df162e2796f06b1f9261364d77a49e361d20b2374fa55

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
9bc74c866cf43d5c29544a3eec60f8ea

SHA1
4b255b3568f73535d0c5f79b7fe0e0e01be14c54

SHA256
2b520fe9e8600a313af881e07892e320596a0a4dce838c6c89bd1f1e3b01d02f

SHA512
6776a89489cb6b655fe853362031e1d9469b3ce5a30d2fdd3518adc3910dfde2fd339ba642be90c97ad1e135da45d881e5c7208a91f856c813bcca09a615e318

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
82cad172ff43512ee27f2580a25fc9b7

SHA1
bb8a4d7176561b846c8e3e52265b7edd4168ed93

SHA256
1ac77548a27b2d41aae0f2e79b92fb85d6c57aa0d2891ad5d18abe1520339197

SHA512
1be8c4ecd71ff35b08ec0485a18f5a964778adc3534784e941f91beb30800a65fd3564793dd035f3d033803c71368010c40db707815786c45041afca72cf30c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
e92fe38307a37a23b575c39cffc6ec1e

SHA1
b5f86b252ff67b4e56cb31906933300dbecb6dae

SHA256
e1d1f9f15a6764c87a5cca4c17cb34ea35593f574ae62d56098c8d1f07989e47

SHA512
506cf950973e924fd302054f8c97eb85f3c05acbfd2473759810237888cd571f460bbdd575f3bba3d5f716a5d453808fac96cb8213a964ecea034b69e5e2fa0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
a96ec07ebf76f4ee802c54c8913b49ce

SHA1
330a2bb1e730f39892af06ff6e846f321c9de45d

SHA256
1fac2098943ece70d3d7cd5fa266e485b2de9a1d8952c32a97acf4ac1348a15f

SHA512
0bea652a8199f2acf32dc2263d1edb1cd531d7f160d4249cb8286fd71ed2014786c3b784260c828de601a63bf396a900b178059aefdfe145f63cf78a2232f5e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
afba6d4b6f5eec6e95f1e0781809b114

SHA1
fcae3f32040373f9caa3bf2e940f367444d65c9f

SHA256
dda3480160484e6d02de683e49d43bcaee923bf011385e3a901267e2e0774795

SHA512
8e2de5298ab676cf390e1fc17b57d56952aa51b452486bac25c5153e48df40f52e98327e1238ca1e7008853a8095ac9dc7c58603e2928dd8c98ba693c459e5c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
963adaf8d118946f95a1637412bf3164

SHA1
feb5b4cf8ee060c02d66c8db635c2d5d990ac3d4

SHA256
69fd2abbe17acf4382a534312fe34848db0d5d307f6847d3b50da2344e05f581

SHA512
0985c504140c7763f1b1a1f325e89b4ef53c1d7da9b95b15fe78a1aa056f6020e8b71b44277e8888898a752cf15e5af5e133541069f0a9c486b6f6051a321f4d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
916d2d14a55f1fee9cc75e785e864ed2

SHA1
66ad4fefb704388889e75218183f57f34ad3ff0d

SHA256
bce86b70ef34159bb158f07fb2548e0e56da888fa0f6a55b574621b06cae3fa5

SHA512
c1e1a8746a1a5f51b8a5d2588d36246abfffc6faf3f0572a5d37433b18d3b4c3f86e63f664dfc19f3552a19299f5fd81829df08cca4859ab54961f083dd32fe3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
65e3a37e6b2b7b2b1793f5c71eb003db

SHA1
3f024e9f47204f2449729ebb0419156229853618

SHA256
8d06b3657e7e4d499c64f233de3d5dea14482a5b709e41d96de56f5f05f8960b

SHA512
0e8f7a021daf51b40b37ac93051be5a01178b5bec257d6048cc6ffc06c497e116d357202b20ae7bf3258801183898c3643ce8658a394d51938306f17a39e6c62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
25c0185884e92605f3691d2812e05dc0

SHA1
2ce0bd1334c9210e5efc3f561a5125823e5fff31

SHA256
78056ed24a0e8657798a14dbe9ffa3895c85a65bcd13a992f9ec7fbb2a602fce

SHA512
64ba8817798718542d822be058934d91dd9b6471cb11e8c289b1e1b6e417876edc50883d6c2f9ae0cf00d2a15897ccc95fadf48c6fab401cf245638a6abc2306

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3b6b72ef2c7e582b0d532d2d2368b21d

SHA1
0734f6284e069ddf51d56b8453d14d3611bfe39a

SHA256
53d2e1b5faf3ec59c615f29ed957fc2d5a245434ec9cd0a85aa332d2ee92aa93

SHA512
306c5efd8ad65387ec5f4e829f71e53f6defdb5e18141bec05533bac7ad3741a06e43a307dd240a5cacf038db64b7297437a82e38ea0c0a3f00de9f1876c8b33

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
fbffc42c2b1b9c6cabdb32d5ffd088ce

SHA1
6bd363cbd4461d5b0d5291bee0802d2ed6278e9c

SHA256
6f46d6856d1fd7349bd654ca46d1b50ea9dc0b564aa9b68a47fb87036cecfd1c

SHA512
e0a04c618e79944b7fe01bcc3a4dcb7b791af17592ba0465e3db1e4b30c0f28340adb63a406a4762bd810c34bb12c51d9000b278c3901baf4a96dbdd441db8c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
b4813c58c1afd881c69f53184f974b38

SHA1
d7607130c2c257227329103031aa2ea29a71c876

SHA256
9931d14f5db7778d33298f82b47f7e67e6e9e152cfb1def82fa8ccdfdb56a627

SHA512
2a0f5905d5357d90bab25d14406dd175d31cbf923edaaccd64688d0debf76d33d2fb9effbafca25069171e30cfdcb3c9ab66ae89db5628c2cc82beda19bfc5f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
714334c3664dc0887386149a2f487c2a

SHA1
7da67d7503f9db0c73d97866291e435ced7b95aa

SHA256
a0fe545ee4e5b20bdaf50eb41227a7d89ca2e68cf9e89d3951e399a0963e9169

SHA512
d49c1999d7671573d381e434b1777e3c1946dded827da8e23580546fc8e3616c34e4e8293b5063cefabe5442418cd2d56bafa41c5c732db325a1000ef952cd2e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
4b45633f42c3e512b4d544dfbfe90b83

SHA1
3ce94c3460c732278ed2d75720a40ad265b97d46

SHA256
a84db2ef73a13c881a0220417f664a4ae7d411c1a0898eb013e705add58313db

SHA512
ae331c9982a29328936b8440fbc55baea96d1f70e509249b6e58ed8e39b4b470d789d2a97d591a86dbf36c3160f492278be250a7c913f69a96e456e0d5bb30f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
0f38b1858b6d3dac824477ec1fcef09b

SHA1
9614e1f2cfe89b1fcb544f8b2603ecd0cf2a873b

SHA256
dc185873c31c52f4b045c55e506103858318969170939a88cb2abef31bfdbdcc

SHA512
034b3b734e96ddb790783690d9df51802dc115549fad97272419de58a2fa398321f63e62767e8a01f950ae3e35ae3681e18a2f637203217c98c6b587c95b09fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
1a02ec440cbd45dbd861b755eb56e5fa

SHA1
1d05849391b60591ad6427dd5a06dca5b06fc684

SHA256
889f7deb1a2781ce73ce438a1e3f14929e07f94d630657f909feb2ae6ddc5e39

SHA512
cd5cd5025ce131ddcfcd2135b0771f2d82c57f31a1f9e1dced7d2420faef5636807a0dc33fee38559d496690316544260ec4e37db39a5c536e3ab956ad6417a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
37d9b847b3585a25bf66d84161694efb

SHA1
c7254f448619b222e02880881421b43766738dba

SHA256
54cf99319ed9d117b25b01247e172a35b93caf498c11f8b1c5d5d5c151e0690b

SHA512
bc6b33ca88c05efabe7bde261480c705e7be45584345dfc6ead95f937fa05708d73320228782d31c108c46f038893b0fb2e556c07ad6c472bdc7eae1ace643de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f4475606e68fe000b45d6333f25f42fd

SHA1
58750a9b151f896c0200acba90fd7ee6a1239163

SHA256
482bd9990712cff6431d58d769026a835c40a379bc32126ee30f9611c23d3f53

SHA512
27701d902522a4bb8742e918f4bd67716a125243fd9efce21b5a48f26a683b3e66dce9f12de1188541c07cf623d150a673c7b0b9d15ce3cc61ebe4a03e970a33

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
21f0eb4fadb2ea31cde34ed5350581be

SHA1
75db6a88d33d43467667d9e95900625c1a31aad8

SHA256
7fc39d3a610cd8a89cb04d81f00559c9f1233a799efa87268f9b57b11c73ebae

SHA512
90fd965c5944e565b6931140432e931b6aed16ddbd7606b16097cd61312ac5079a11be69d0b137811b470b4a5e5ad17776f079cf7cfc2bf026f0a54303c6a2ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
28a4ffe5c097f8323751925e5750be90

SHA1
cfd19c4eb89ac34f38e11e2c9e86591de42cce39

SHA256
0eb14e7d02e118313f2d088ab88a5cbfc140bef755cf2900a0f3376b6c358948

SHA512
ff026a446ea2fdb5dcc6aba7211cc7f482a357410797c0062cdb0850913a5d748f8336c9f43fb55ce2c26f2e514244b2a9b31ae5fe683e1a9de3625144363c7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
a6b4d8778b8f4806b425afb495ea0233

SHA1
fea193da193bd3366c2bb53e327d5613392cf7ac

SHA256
ef43a79ac8a15e6d16880cbeedd936f4f7fe076f6f92b34e12e7a28beb686c2a

SHA512
d8d25248a40e43c64582f5daebb82c9b9eb01698a0a94aaafaa0b632854899295ada6949ba7e9d5c96f4b780d244126261fee47eebe0073aa58968bf88a4db93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8e45fd4c41266688ccd7202ffa41506d

SHA1
af7aea9d38b1abbe40539a9686e7ea3cd60e97f6

SHA256
91473a89d4e40e6e6ce6592735e6caa0cc74afea3a3b4640f6d3899888d9a1dd

SHA512
dd7b6bcf7607b8eb110c0a193648a278ad8682a3da638666d073cdf8c1076ffa2e0dd953d08f6ac806b16755dca35622a7c2d251cc23391e5192a6a3e44b336f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c2652d7a4ccb27a81fb599347281d9e5

SHA1
fc25fbd26acb84e9492b29a21c59550f9baf20cd

SHA256
8eedec94298abc9be2ca27eb08795670ef7339e2bf4cb4c17c5a6c9f674c017f

SHA512
33b4619e2048e530a53ac484aef08d4e361c628c417d75144c2e7fcec4dfce85a2113c34713388dc78aa8364beb021f319008e2a2578385c30650f83eec0fc67

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
39298944ff2afc21cb6fcd5ce8ef4588

SHA1
41e06f088ce52fbf25a258f17736ba20810b37b0

SHA256
b695fdb8966d656ffe8e2566c353dfa9d57861254480de6781a3220c5b73aa6d

SHA512
2fde4a473f0536d505094705f722f3c764d19d1ad9bc0043220b642cb8e4e491cc34fae1001b0a28b1e97ad362ab97bc6929eb6fbc346089ebfa9998bfeee2c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
fe1f944865b59f9f0a072d3e9f05a127

SHA1
0c941d59f572433afc5ea755090c631802269300

SHA256
54694667a26e53e29f923b8bfd9939dc1b483749f2af35e32eddc9341c16a915

SHA512
f033919778e8b3ea710aa2ddd35e4688310161cf4098060c3e0e8f344c53a3edcff50bc0729333c2866c21578d98c9e54068f606639449b765cfed59763271f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8cdd1a51364189e68516463effa72ac2

SHA1
5541c071c6c407d50177b6c2e8f8d42ef2919e33

SHA256
7a9d3b0bc7b23c34bf3d6a7ada8ce125f428fd31f5b5323db202fbc50810d3b1

SHA512
223811b9405e256e570c393944605b8cea05b5ceb285cc9b72e96a4cf13e21b9d2f3f017df8be6bb37f36881d2457be23f851cf947525d7f60f4c2ad5c52487c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
7710c8e4325563ae55dbc69b61afd775

SHA1
b9aa318b8a42992d3458d03d7528b2df5c1a86e7

SHA256
f646689ca23182271783df726c57f3f05fee41f66cf9f16e78c9ae99e9832b05

SHA512
15540f7254ec12b6fc378b9cd183c623b3d1c27b76eece7c664e4b84b97e20c48feb08b540162fe7e61a103c624db7c3432a49a72428cc92b1f274b8afcdf5cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
6898cb3ab94255a0caebb1c1e2b9c3e6

SHA1
6af23b737bcb16aaf4529366081e4375410f4965

SHA256
181a5c2331ce2d3b3d421f14f3a1597e7ea0d89d5e4c72aaf0dc835438cf3283

SHA512
893401e4629bd396817e94dcb64599c739ca878592621a6c6983cc07c94c0c610d739b5a62a619271fc8e00f0064c92400ba75ba4933ce0815d876574f952677

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
670202811a19c8e15132305eb5ed7e4c

SHA1
27b42bf85fe423d5de0213d93a55f7fbd6b9a854

SHA256
119fd8c02d11984ef0bd1f9643880a12e850f16a36ca964b8f70e185066fcbd8

SHA512
b9187faac697b592c124c7584ec62b5112b98bd4013b3137e4fbf7664fe5989caa3576ecedbbcb5c4f65ee36ffc3fb4b199a58ba8859b4bc5a87294316de0a31

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
31960379993f312a96d1603fa4ba89b5

SHA1
1184ab0c15c5778b7aa4794863d28ebd9f682672

SHA256
6b45102ff25747e0db06ab37f89d1c9323b800fbca6f6687419ab896e1b25388

SHA512
de0ab810b4fe50308946621e23f351df57dcf417ae9e09f8ec432cbb84714002b830db715815f7c93bf1f2be75033011b97f8e825fa1cc3765af87f72fada881

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
93c896d1e99b07eb68fa5fa7c2ab9406

SHA1
6b364ea274908cf31f1732b390b08b7003974f30

SHA256
5d50a6e0420d318c61b34aa70d2e22c508ef8a0317c42b7cb413ad02ebae1ff9

SHA512
9468d8833d210b6fa81576bb01dee859d1054330602c6cb5115f91d934186afc8d5f6056de1259106c78e8840534c3fda6473a19731490ce7de5e7d6d5accf91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
35e3bef37b532e7ebae9285c7a84207f

SHA1
8fa1c1a44ecf1b8725aa8b22ddc9f773f427c85a

SHA256
9ae8f24fe4330ec631777d17c4c74bb9bc46a634d7650c553054376f7c7b4514

SHA512
3ca7fa5d93088e9041961b441d4767dcabc2a57aa75dc7df185224b427dbf17fc882ca683b817b71b4416843884bf59209f175b92b0ed74c5eb26e7edc0c7992

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
fb2173676040539bd8af199142340756

SHA1
619b29959c24bb98c0ee396834be4671729092ba

SHA256
18817670d92158f09bfa10fa52806b8ab0d896a17a8fbe34e4dc135087a22a68

SHA512
edb69681d4d762f2749f6c0735eec18301af38d878b1f4e804ed127153d393cc1e5b77280049488b70ae075271c49566cbcaef85eafeb6c5830e5b649922ff93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
daaa65e11b19c071aea3fe10f1aaff73

SHA1
95ccf75bf115d106ef5a3a1e84c0ecfe12a0b210

SHA256
d38d5dea59ba989b5701f2213c47c9ed8b795625ae132f6a65165919831b3759

SHA512
dbd793653c3554afdfc9d47778eaaac44341be86081f99f5f6a24b12828763f71fb1a7bef66262fcbfd8d373656b63dd3c173bae12a7e3058aa90a337bd90d42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
9752b1ced6ca8d87bcfc5e8ebd04541f

SHA1
930bb26c69b42f0fb16efb4ed4712ac90de844d4

SHA256
b4fc6ea81d0e541b0132f3512d44dab9441855e5d7f9028b54a30326c777a060

SHA512
7d0179d0e3cd25199e6dc2064f0edbfdb96ec88f672599d4dec15e8b0a515885e7344c8b756ae8087e2c9e61402af442b1e7b30320f236bb643204181f2562b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

Filesize
77KB

MD5
f36ded4535722eed1b100f75b42bd586

SHA1
1294da25e4cb430cd3a66884d4a24e169d4950b9

SHA256
2342b508b7223fdcb1ea9ce627cecfabea8181bd09df4c4a91c41118a0fbd5ba

SHA512
d447f3e04ad90c0832cd045ffb0ea088929678e1c32b8bffc4cdd8a4e6dd610d68fa771ec7998b8e9f526029859951f3eae8fbbadc56f1ed8ff7704cda403212

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

Filesize
47KB

MD5
227b3b1f068a2a7d4d26f5f9fc5e7411

SHA1
2733d924d89eaac51562dad07d09ed6dc603b96c

SHA256
4cda21d2abc87d01fb1868ccd627129fb18dd90b71a83dc1e848c140408890f6

SHA512
1f331fc7a6b806e0309044ef237e9f51491c685f427c2eaba12e8e100180c347324bd954d6bc7744abf1a69a4f2a72edd3ef796c88be1298a890e96be9422f6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

Filesize
63KB

MD5
ad4d3a70acd8651e8dce7e713ceeba45

SHA1
d140c583c94890e3bb701c6bff2d5d7f9e3bd735

SHA256
2247bc8efe0d0fc6986b6aa359b6d525855051088100bbea7a28c332cf8c5e92

SHA512
586d80b5a5f4de080979d476d07834a0f7d5bd86268f6ba68e0b2946e8f5b05061c0d5ee0a4cb26c7377c51f3dac3a39c238227b350eca808df7422c9fe04822

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

Filesize
74KB

MD5
e9303bfe0bb06e435f7ba61ae5a55aef

SHA1
9f277f7b6401e8881e7dfc9e7a29b0c79cc18c90

SHA256
d0c34d757d35505e5160563ae6f0bd643e8ec6bcd4c4af62c906ad26bd3acb54

SHA512
05a7cd20773c2fecd5551a0dc5ea8b1d6b3194e340c809c54a7318f87e5e24e5077698f0cfdb18fbb253c85a9d65edacf4aa447ea7d2cf5588f5a2da6ab2d9e3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
415d25fe0d141c35a15e1bf80a6671a1

SHA1
05e992306942d07a79fbdaff86c663632b92bfec

SHA256
78dbe4a78d74ba6a7f2e8588ca49c29b53f6983f98a3c12c2aff7c6ade4b3bfd

SHA512
c6de6a7af6bb60897a67b566030192286bdce1b72ee463872b28f875ced0cd12af3299da57a3957d8fddb03e2f954e2cf65db954927ecf7223ab14f4bfe02f60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
078dbad3884b7244d8fbaef0de0bb740

SHA1
5b4560cd6698a5746b3b3d06f9ffb19501a94ca6

SHA256
02222175fe6b773c294bae107695b0bfa7fc586dbdd1a58eea01f734463cae4d

SHA512
a90785a30c8499864fcd09089835e06a66cdaa7efd994934f782596573ad4ec848c97f902d3b291709468d4acf4cb030f9d2ee5985c780ba33476d1e3d687d22

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
58829f997e3124209e9975f3493e4ab9

SHA1
2b786a45e881095e15e15ded067e861fdc0be0cf

SHA256
695784deeef06a0b0385d68bd23c859401bcbe5e1b1ad754a4b02a8b752c7e72

SHA512
07f4c8a3e5bf236fe4c96443f933e280e30049270570858f92c28d4081fe2e10ac3a268f0816cf79e7a03e3859a33add6f7e527434d5c70749b2ab3a740136c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
2fe0322ee9d31036b46240e21ccf1fea

SHA1
82dcb38a21189e3533712a1cae650bf577fbf0e8

SHA256
e40c6bc5a7a8184543c752cb89033b941c01da8e9817b2aa925cc24deda38c46

SHA512
af7dbf2c21e22657c5022fe54643c228980969ed702203f3f1a549e8b7ba2bbd8c91fee0299f23f62a3257cf17af96b1576ecbd5a60b79733e447a78492a7871

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d403413f4962c5ce8b07b262198e59e4

SHA1
9dbdad856778c95dfceb43b11b3c81ff4da1d455

SHA256
c61f9ce56e6009c26f63571507f94c1587fa1df253924d18c8ec4b653524681f

SHA512
100a5947ffea4dd30a6a64e8a177f7343f01eb10e6f32403568b57f1a33df37fad2d475690120f9ead37212cfe8db4a0155f65791c276dcf667b2a674acbaf14

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
c1e929d3e7f650703c270b1eebf2d416

SHA1
89087cd3199cca6d79c0ec44189aa16f4c7aa439

SHA256
04a58248f4fe3574b0d146a4fd00a334a435911380dab533b9365bbb42844777

SHA512
b571b77f10ecafbc0d0f3b942b384dd856e920dca639b88cb63724adab2f18908f61fc41e14fe02a4e67065de2b3ceeb2885d10f5e1eec274f6fedb9a794f928

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
df6572f37696a8286b5b2f1d15536e9e

SHA1
9d59d52537892cc1778398d3db0eded31ac588f1

SHA256
6a5f3a666809d1418b213b07609b1a14331af008b14b4780115bc47771acec99

SHA512
bad7ab7324369fb6a565a8f615dd3c4dc501b9bf53e667e7b4461706486ffbfff52a0a7a6292678c8a2048233fd81d22bf3a5fe3006410697c58156b6461f7a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
dce087bc8c1d6893d1c4b072a4ea72af

SHA1
5b43cf93cb5c7b2ce3818cee27f37d65305ea244

SHA256
3ef6bc2a91ba941bc557408016af8cd960afe8844a3d9eafdc5f62061b2698e0

SHA512
839606c20d571ad07ecb76d2021e31a9a945a254460ac7f4b9ba641805190bfa83633835c367e672c3cc707e75b645ff6e9a47ea1b2ee4b458aff7735a8bed4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
671352d6938169b59a7bacca06b95ba8

SHA1
6cb6af59e9604b7c7ae2646ccc624c1e746b66f9

SHA256
ad497b9c3cf2cd294d4a9ecada6fad67a1f3370d9108272448e7d9eecd1da83e

SHA512
46da2fe103afc42b137bee1fb4b0519150f2d2d7d9df2c534c8a557f651ab76512284b100cbfec3ce29c2de0a1171f53d70dc099cdc4bd0a4bcea02f76966bd2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
b7dfa1928bf6c6f2b77ee807c5f10b80

SHA1
de797a81e32a8d63a4921fe30c0bbaaf1ce29115

SHA256
379f343acc3fa0663452826dc19d9f11bdc1bef33e8ec9e5d1b58cad75839c84

SHA512
44cc748874780979359fbe44a33447f0f51c6c9a186704126e98c19712750812d3fe822caa9adcb08a69f3260eaba20d42600b6981e184a400d58e27dc328b38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0493b851fb627ceaa26b45621f7717b5

SHA1
1be00547c2ff68099791b56676e51e051e2082b8

SHA256
916033a19131a934a9e131950a1faa4dd3df0fd491e1ce2df8ece2c7e72c0c37

SHA512
528cbde46641dfc798b4153f59190873c006d9549c717e0765aff85d0a0cbc4c6463229e946f28ffcb667339b866ff2414a97dd69b97f61e6225dd9924dd4e62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b522fcafdefad69c85eff5ad08ddef9c

SHA1
4a340acd7a97e53171994ba02dedd638d11c30ed

SHA256
9f26fd905980cd95926f90ebd0b3d664bdfdd1e3d5df997fc2a91a68e0bb7815

SHA512
eecbb71d253f537a03b4c0ccfa7fe250c0a9bc89ae5905660589d0160f14b3a8303d218284fe2b07794239012116925b6041c27cb7ee247bf1562c7bb258be89

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
b95c04950c40749c40d0fa4849cbb785

SHA1
07a301e8fbd484ea5af70873118fc28e4e71f89f

SHA256
f1c2d1c1f1d18c48bd8c626b781b6b25727a6b25907e64a23e52895b61cdeec4

SHA512
2ac0458ea5306676fdb6e5ae8e7863d58d11333fa18859f43f7e5208aa6a9bf8e3ab9ad99c3da70beedd3da94671915983e83efd99aaa8c56fd91037aedc0947

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
22aee700de59203ffb6e96db4cb9a0d4

SHA1
81489814b0da13267b82333b172024f6274a9987

SHA256
e044a6113f1520e3cacad4a70f7e33cefe50f8b7cffa291e04e23f4a21b21a5c

SHA512
dc190b76655c1fca4ce9f3c5121675008a904a209d6f4b5b904e17b8915fafb86a850f7fec3efc8e61a6db22435d71210bea9ff3e886a97fecbde9be96e0f0b1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bfcf7095fb3628dc86c4db9bbbcab72a

SHA1
50b6803c5a8f93de65f5757f1ce2422b90ea4a17

SHA256
af0230d6a0955b1255a2db32a98f71c62394dbea42faefc743a0870eb7a246d9

SHA512
4ffd0476803ad3f83157c60a1640c2d3ae49346695589dca5a43cb0f932f1b4d728e0c46669e08139a09527b23a3a3bfdee2be6805d3a95e244f87d672bd0cdb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
36daac26a4157ce93faff4030fe16ca3

SHA1
e62dcfa896f34aa24f2d95348ae740ded9dcb022

SHA256
137dc28fc75062458a89ef44a185172cb22ff9f7dfd2e25e11ac40955e53353b

SHA512
a8d46184499b20b800a6074296045a1fd785e77d52cf6d7d506f4ecd8afddb22cdd6240a77b1ec167c54c0ff84cc31b1750b78cbfe72a15b41b92866b2a115da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
31d3167cd24c85efe986adbd6f49a7b1

SHA1
7e7e1e757e898540aa60776124e83f8d519fb7f4

SHA256
37b54d555e497d0ca0e823e9548f6afcf1761c4cdf710bca63f83cba48259d19

SHA512
3200dfb26b420fbd590b0508a72ede1b2a0e3f2f4ac93b43b4832acb9ab93974ca3c61b528ddff49e4bb03dae48bb07f0df2e1ca5174473b2520ec2f234d4ff7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
53bcc8a62d68d03c27ad319f9e06e818

SHA1
38821850188f3978178a1abcded64abe7137c65b

SHA256
aa85d2f28749972b49cbdec3a31b5bfd581b375512eee766c3be8451cde1c201

SHA512
eaef20047fc35d01919c78c95ff99d12cb1addf275b16b079df4fca199918b53f4460e2dc8d96488b0be77fcd7a4f22fb5b6e0b6ff5eae78c4fa74f2b77a2319

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
529880c44214105db357ab6c08c3e024

SHA1
11110210c8fab9dcbb8a672f97c82485ceab81a5

SHA256
2761cc902ffdeb1a40a794adeb853d626bfc538e0d514a20d95c4aa336c7b7c0

SHA512
839a23b45a9284f5d5ff8743368292a878e6633fef80388f51039a7678b1061d195d2e0b7d66a37f7d5573521af67962236543486dceb57d069f81f149e51e51

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
353a5fd1dedb658d1cc885ca5149e8d8

SHA1
0b787ae0015a79e55173cf92880b84d5dfd82dd2

SHA256
93175e4435422595bef6673e9d081bb90de9f469ff12a4cc74e46b334efab533

SHA512
d9edf49eed9dd5e412aa879e4eaca25c0b4c56cead427d7648617d2e128246518e087dcbf1237f8ad294bef1903140a56a11cd7057dc40b45cb9e5acae920bd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
34786a1649eeab754c9e3731fe32d2b1

SHA1
f9efb02ac2cbdf977716e5ed66917833f2383c05

SHA256
d4efa60f4f0ae1276ebf2347711badb44677dd3fb752268311e4431279992382

SHA512
9a11bec672800a18037530c02a4bb8cdea3def55830f016a5331c3650cb43eff19ed2beea7723f3fda1fe185ba209bf46d775ba1199dd3a79b04e6c5d174f6e1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
2dc68f63efe7001becfba9f10208f723

SHA1
d6d7d8dc9df5cb0a28b64faf3d63071eef954da0

SHA256
e7f3ea4554dfb3a977822908eebf748a31303d6d3ca9b964bff17d9223fda138

SHA512
357bb88f092adbfd69811dc7806b79b7b4ccc8a33cb9a20a0f09e37cdf4d697299cbfaa3de42d7e9c0880e628ed36e7d928630c4dca3177dd9184f29e9976f2c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
3df74845f0aa531d58d2c483002e6d52

SHA1
dc748bcd6b71d67c16c493fb998340612fcee56d

SHA256
4aa83d7dd2e436af58f198fe178ed7a4f53033f2b1fcad8aa8319ad00599e966

SHA512
f17a49de24242c2cd5a1e2b03f614f841bf8ceed199a1c197dfaf67e8212373fbeb449e5ca989804018c34fa543e65daefd5f7e0174338d3ab97615159c61eab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
55c4c2148047994b63a329568dcd4035

SHA1
d045cf2bac74238ed58c8f88e66f018a3d34b985

SHA256
71a50f00df7cf741d3b268c0c0ccf5554085ac0155956ff3c9f9d9de7285eb79

SHA512
1805537a92b61b7809ea9a5ddedb45df74dc255b718f6b4090460d2ff95a04eee50ccfd70906d3ce763c44fb8efe7bed72c2ee9b09bbec08c085c60424071e38

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
23e0fd3cc960da831a87ea9b6c4dbe68

SHA1
2970b1cc13e4aecae215100734ead5fba3982585

SHA256
1ad70b264e6ca2aa0102fd7e86d55cf6ad9460c45d92278eb66bb1f5ea66f176

SHA512
a0b63041ab6b6fb1b0364aaa3b71f53ced43020ca809c5d90dbe71bd04fe5cbbb74392f145e80f588f12ed6ac40e128eb374e724953f19af71df21d5c1bc5e49

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
ad3449571b85eed5c72b2be8bf346567

SHA1
e1eb3afb68f0f4e254d7132f9ab36e368054de02

SHA256
fcfefad50d2812e2cf44285af848ace1223d0a1d4ee454db9ab690691395a891

SHA512
e89ca31ab99c8f93bf38366109f356b5a7669fb127722a13f38868cad76bfe0bd8b11f0793095e681b792a811fcacdbc640bcc6f6e2cb8e92d7cffcf9f0c5a0a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
72f80c72a38d2d9cb86ee553b0d9df14

SHA1
b1aace7e419db60f0bb272475c7358bf673a2d05

SHA256
bdadeebc5dd45c999bacfda2e808c96718014e039f8677dec218dbf28434bc18

SHA512
c81fc5cfc92c00f52d64bc76ff68625f3689af4a8f78aefceb26aef19341c5d0ce4e95cc1d3622d36e3b2a74bf52bddf7c9cef1b51dac943105f2b9e9a34d8f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
0b67f30b9421017f6e0d2975595d497f

SHA1
1f6d94bc6d264f775b3fc1652b2c51d72aadb017

SHA256
3431864310d31505f87c72b78094969d16eae0ce02fd60485e081b073b70f29f

SHA512
a9487321ef7fbadbccf01c25ded648923a98305196711266a93661404a25d6f5a2c1abb741b7965e4147de72b4a3271f3d2338f34cfee3987080d78d4d26d736

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
260194619251906018445dc303959ec2

SHA1
5b9be9daae8f2e0bffb1190bb3be4bf69735815f

SHA256
d335305b2b80634b3f44805a4679f0c49678cb1c495314388fec2d678caafb48

SHA512
556f69e114e0aeaab90c6c2f395e9d7ca23ce3282f6758f06480e8dc0147d7ae61f28fcb3c7b7be54c5fa7ef66cdd7471ee7ef2c9a2673b286eb19795a02e01d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
3c2967207c71ce749ec07de7b0a35492

SHA1
1452d4e7d25a0feb57d0b4519addc743e11433f1

SHA256
8b3ee91a75b61285f4003087c8db53d3d5b380b33f400e3ef874cc163d5de52b

SHA512
5dbade57f51d0983485efbb34309a4c8e5ee6e931a0bc909fe0b58d876b0a373eeb3e697b0a631be8444d814a5f473535e2c3c54035b8a9f88c7eb9e47e5d6b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
844a1fcfb4baaaa1c12c828ba5606d7a

SHA1
8ce8a25ea52b6c5a420ee561fb2c726eab5faafd

SHA256
1a2c35231cb5f67e99bd6ff2afcd7d7f445ab5cd0df4f2a481205ddb6c0a8c87

SHA512
184735b38babb5350e6d9fc371115fbcc7b78ec93e584c6036a4b3eb60366262d62a987dde7e9e96f6aa103e07056d41a50eab2bd9fd3955bf71973dd7ec06ea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
ebec4d8816e0a5de5395d862e2a66691

SHA1
e1e8697f997789a15db923a49694c6e041ba8a42

SHA256
b5bbf9ba29c88105c85c1ac380118ede33b5d8c7985516ada8c476e5af82f368

SHA512
e456667940aa21e754c38b8f5dfd9ab11febd3601cc8dfdbc3a28f7472fe35acc42e82beaf408506164956a60e210ea7900edafcb223b5ab5642b3ecddd80981

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
d91d7d5cf6c2a10b05c15ab7a6e59bbd

SHA1
b8ead77417731cc5f5653b83d3c1797d4e180ece

SHA256
c08e49aad20896314576caee387793b3eeb714463c0fe70ff164369a6e841cd9

SHA512
e0bcc01e0baf1fb9698cf752286d1cf5751af0c5a89b75d9612977a94d64d3f2fbf47fff6479e3000e618dc178ae78e633a95eb491414b574019d3599c469e19

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5e8ac227fc9d6c137d9d71479d2d978b

SHA1
38b7ad5b73e165863c36528dc3bd8f72e8ebdd75

SHA256
cee6363a7d0ab6e4ea6450013b01e42aec863d4eaa1d12c3e00440afa16a1fbc

SHA512
aac5513ef39ac38baa71a9bd899547356785417c53942c2167b97ff353ec671a2e0928369ef1eca8805cbde90f4dd93de339669ef2242f6e51670ae67f98e3aa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
65682524cea4af47544a128646ae666c

SHA1
b763f08270692b8fbbe80cdd39648aa9d612db56

SHA256
5719792c8cbc0d336bb513384c4c44cc6fd1833dfb83d62078e9b838e8ad5745

SHA512
972f29c58fcdf6d2e6fba172502db1dd65898435fdcad3c16ca8b27719201867b67fbde1cc0e5a25456cd5befd386e0309bd56d89ccde5049e88fb3ee75d1c2a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
41c6731c3a602bb37998df982792652a

SHA1
380098b7b183d4c5487e33a441006b44c96f930a

SHA256
d532aad954589c49d5ba068d0101c074ebc33023f7fb6bcd89cb20a9d71293c8

SHA512
4c87ab774a6b48973d4579a2960ab2a43b17c3487ed843d2dc84e141cc5fda832b2a54ec7be44935eb2517ab4aa77c153dae2fc07baa1867795c02106ececf37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
2439f72fc14df40a81b52eb9d2b95b74

SHA1
f430764d9da6161e42b5888792176dd7757ffabe

SHA256
b1e79d1d21a05b24b1a1a56f08fffc106800ce0b95026794af867492d124a3fd

SHA512
8c4b978514023f8c2432721519f5a06d848bcb1fad7229f358b7fb90cadaf62141e0236acd236b607b347d965a5477ee00cbde1e4ac755fe4d7a7aa4db6903c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
8525467860ecc1e3cd2eeb4130d5935b

SHA1
46f1017585d5aab94d4df10664dccf5f8e73b904

SHA256
a74b0a041049e71b24da42548be27fd0a8dbf87f90655fd90621f081697cbaea

SHA512
ca30edad44fdcb4e7f8c02bf616d4a9cf01ba58d4d6a75ab897e074cf174adfa3a74bb490a87950a99681a451bf6e6d24b5bb3af35a3d4ef2fd8da028bf7bd70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
60a33951e6a423e0d8a51bbac8c62e1e

SHA1
269006f2221165aef645343aa04d821867bf39e3

SHA256
ded9120500e3c7768abc18346d555a0efa767015502bc0c94e98c1c8b76bd220

SHA512
caac27e22aa4fbdd32d5020e7d729a18578cb71181694925c8a47a9f54657a0832d64fde86056dd703a85681888ad1abccf9c8a6d0e1c759a8141a168ee0bfe7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d10e1065d0dc23bc4c49d1dbb74c6333

SHA1
52dd8fa80ea2fc3199d8ad9e6beb0e38108462cb

SHA256
42d4b68781c666edd011f028d5dca723837817dbb56ddb8ffa9229f6712c3a91

SHA512
c9459b4e50435648dc570752132e8174e279760d4f1a84144b28c83816bf6458f3537fa0d82dcf337b387b7e54758d8e2c57feff62398fc0c80b5d37b68097fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
1bbe9b75a25f187c698968bc8fe736d8

SHA1
7ea3097376ccf609165377078babede0e7f9105d

SHA256
45d21cc5bdfe9478b08fdee0a3eade258d1a5f9eb371c0e485f58d16b0ea9ea2

SHA512
d7403c1895303549b774802b98fb5dfa240e86ae457ea6b748bb9eb9c966d070f1ee268e9abbfd76f62cc7e3cee0ab9ec71195892a48dba01aaa0c8057ccf320

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b69ca40bc1c417556b684e2ddce6d2d5

SHA1
33070db4e22fe18f00ab8e79f310c0b2da3c2a3e

SHA256
9134cba13c17303db7fd9fa469fd0b1ce5de470f9089c9b5f5ff3797d10b41d2

SHA512
a001a5eef66645f2249d7de11d8c65c5bb600c16b96eff2f64363c83efbfc8e0f6aa73825b8ca509aed2cea616f7a04f5479eea426699a60e3c1491388d1b55c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
c869b8323c68425b00099dfe907af17c

SHA1
28002f3d022b260b59dcc069d2f6c4a6f504d100

SHA256
b893caf7df2a14af98feab209fafb6bea7ca19a07f62a5b3d51d3caa886fd4c0

SHA512
999f253fe2c8c27c146cfc3635dbcaede0e48a088b79c2bf6b763567fff63518eb5961a57e35d97e26938c552fa1da439e05d1368a4287091a4d214aae02884b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
00b63c8e6245e56a7d6aed0e35dc16cd

SHA1
879b112827c665c1bc2c70a46f0e92ba5914ce4b

SHA256
21b2d4725147431a992389ec183fe1be76e5c3d8d45d58d9b2e7e7b4c7668f8e

SHA512
120b766895193450289cb4be3f4763b4131ea7070853d19e7a974f8daa4bb1d5a970efcd03fc4d921b0894daa775b4a12d06d8a35f8d6651ea6b3648da47ad69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
bcebded7ea4d2938c45d7ceb24a294ee

SHA1
be00eccb97e4d85832c15dc043415a99b31ecbfc

SHA256
2b0a354b796614636d7d00cb7c8ba3d4928411e8bb6c36ec8a15b1cd5da6d0a1

SHA512
39773d28a7600202904b0a8d21d10833080caca7d2c8e338761dec66da60364722a5e13138c7eaf957c41be275783decff51b7c5b4f57608210e6ada546a66ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
25728060f457239834c33d163c7322df

SHA1
3529099c31b0c7fe38fa8de302e3ac1a44f7368a

SHA256
4104fb2ef3e4065781e4fdefad49a4fc2365c3a8d833f043498a67b8ed1b3042

SHA512
711b02d7bbe42a6a858da2184f924b1f716c3b8146fd0ff0bfe555928c91c66bc05847cd9088a4993a36cb8facb7bb4a85772ff2eec749fa8a81fb254dc6b5e8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d296902839dc6006b18a9debef55b12a

SHA1
47fc8030c218e7396f92cfb30f2236bfdc9395b5

SHA256
bec743b1390a7699c9c0fc19ef9d7d1cc0990d62183c72663024639ebef11f85

SHA512
a8b85dceab9268146adc6fa9699f6191837426778bf5e2384a0c4e59def7f69fd56525e717fff7eee0a03d9fedb456b95d179ba2eac45a0c4864d36d4877742e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
d9866c650429b5f6fc21b33a824d1da6

SHA1
42103f3c81700a11e2238d799df7d3ec73dc4838

SHA256
86a2a8622e1ff50c1dcea613bf27616cbd60ac60b9b63914b8fcf8238a48d7c2

SHA512
7687e2b333caaf62297c322b9cb667df31731a7b1c783bc7c27f4c47ebeb3690fe414425de4d44f136c7af6b1c65ef341cd7e696566ac8cf9a9c7796dfcd51a7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a908a0f227b7f5fb58e71ebb96359f36

SHA1
f3c40aa59edff473af2fe57f3b0695481ee0e176

SHA256
b9daa98f89ba1e32acf3d1100fc52ea4c00bf8629e1cf3f7f59a96db33a883ff

SHA512
75660be778d524297250240ecea2d090b192a0ac7a891a27f592a9c15b9ff464d36436d1698fbb9e8c99efa3b104273d2cfa06d529544fbf8dc057d8d4ef2ca8

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
4d99da8b8ce4642ccd7cdb8b6bc64d9d

SHA1
4d03b8d36877d108f67b84562f92d2f8367eace2

SHA256
9d1d118706cd4e378e9c839c86905ec427abbf0264c630b2ed7ed94fc51260b0

SHA512
a42fc3c65fa85f9dd302d277abd23256d11cec9d8df36c9aa96ca9ecd7e4c4d4c236d485f30e23daf64750a4669a193ffb1bf71fc882d461ecaf9e28b0b441ef

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a8e00ca52044e58474d23d16bb62b5dd

SHA1
413459815c9f461a8edf38bf09e0f03ffb8cf09e

SHA256
0469e4a25219f71c49ddf1130b9ca2981c6623ef6c43616cd7bf6d591eac30b8

SHA512
454586ec46469ec8dd8f094934b821760e96bf1ea1c449d74f542ef95463829546cd3e801d023f0679ea6df99f6a03044a7294abfc624790f77331d2686a218f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
05b20537ad1268dde7dbaabcb413072f

SHA1
d08049a2de1ac4cf74f38897b59f4241c6565554

SHA256
3446c404e41bb205071ae3e347956db14673188d2a959c7643d436513eb90c94

SHA512
bfb9e0a4925e71471b4de0600e658ca0821e212e422968de6bb410260228d068f7a8a3638cb6ea77b2b18723734b88c20adedaad807804b62aed0b7f5374d592

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
a84f967d8b5731baa890f13987c38627

SHA1
f1a43ecfa533fe989cad3da93a0acebf6e512b7d

SHA256
923ee909f52332ee65b18c5f7f27240091eabb02ba220ed530d10d55c74462a7

SHA512
53529b4797ba3a218fdb6c3233c6141a6b3ac68139a3f2922e5f96ee4f972b7ed93bc17f5baf3c692ec1551f7bca9856ee84f7353875b4df6e7ebbd5ae18c18a

Download Submit
memory/3556-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-9850-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-10880-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-5339-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-5335-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-11199-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-11218-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-11223-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3556-11224-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download