xorist | 98603717c3251dbcae14c114a42a67c2a02a1457d189af7607a881e719039c81

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Size

7KB
MD5

71a135e0610b097e79fbdd4b2cf61d50
SHA1

56136f4d3ce97acdf810aad28c7538cde1a77737
SHA256

98603717c3251dbcae14c114a42a67c2a02a1457d189af7607a881e719039c81
SHA512

4c3dd12db86c0ea4516ec966f4f01bfbc9eeef75d60da9a73f05ded9e47af673f5ceeea18a5a43137147f1fc6c0a02d64e48be22719c535aa562380ced23affd
SSDEEP

96:2eZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExLeGs5MVaj7jRmW+WEra:Dzdrr1FG1WDCgmjPZLpbwXM0QpMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

Processes:

resource	yara_rule
behavioral2/memory/960-5143-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-5154-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-9782-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-10786-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-10907-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-11186-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-11191-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/960-11192-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe"	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbsb.inf_amd64_0e44beb9cebe5a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric2.inf_amd64_facbddcbb097c790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsynth3dvsc.inf_amd64_1a08a3b6cd493e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/960-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-5143-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-5154-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-9782-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-10786-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-10907-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-11186-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-11191-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/960-11192-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\28.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-400_contrast-black.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-16.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-100.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_24x24x32.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-lightunplated.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_ReptileEye.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-20.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-64_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_altform-unplated_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-400.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_field_grabber.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_crop_handles.mp4	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-white_scale-200.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-300.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-black.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\5.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-100.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIF	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NewNotePlaceholder-light.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-200.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-lightunplated.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-100.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-200.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalStoreLogo.scale-200_contrast-white.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-96_altform-unplated.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.scale-150.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setproxycredential_31bf3856ad364e35_10.0.19041.746_none_48d5c44729238348\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_rdvgwddmdx11.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_db528e4c60322190\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..gnostics.activities_31bf3856ad364e35_10.0.19041.1_none_60e9d6e3f731d977\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_145797bf9bba159e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..usbredirectorclient_31bf3856ad364e35_10.0.19041.1_none_5cefb40a6a2548b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ingflyout.resources_31bf3856ad364e35_10.0.19041.1_en-us_94eb3087f1624de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_acc5ea73b30f776e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user.resources_31bf3856ad364e35_10.0.19041.1_es-es_10abbd920ab9ed66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.targetsize-96.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-culture_dll_b03f5f7f11d50a3a_10.0.19041.1_none_9b96711be13ca628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_25e65642b37198d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..erservice.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f585c36703112688\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b76bae3c56e0846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-oleui_31bf3856ad364e35_10.0.19041.1_none_e0b9b1d5817fc20c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.1202_none_1a780ff3456b7bcd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.19041.264_none_6a494ac438472309\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-webauth_31bf3856ad364e35_10.0.19041.746_none_099c40ad55bc5d6c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.19041.1151_none_aa086da848b2c07b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..tions-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a8c950a29e305a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_10.0.19041.264_none_1075dbf41234b43d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.dtc.power...non_msil.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9c0cf80166e8336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_smsvchost.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_7da0c0c9163df785\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_6808d8dbd7c1eb16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cxhprovisioning_31bf3856ad364e35_10.0.19041.264_none_3756072d45cd9e22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..cher-tool.resources_31bf3856ad364e35_10.0.19041.1_it-it_289a54f5da7fdab1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dhcpds_31bf3856ad364e35_10.0.19041.1_none_7e9770d57c447e72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bc35a3458dd5307c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_es-mx_6346edea67ef6ae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_10.0.19041.1_none_6bd0c9bdf10da202\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_de-de_9444816f47e75fc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..yphanimator-library_31bf3856ad364e35_10.0.19041.1_none_dcf3597ed47aa390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\toggleWordWrap.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-apprep-chxapp.appxmain_31bf3856ad364e35_10.0.19041.423_none_15f557c171018574\StoreLogo.scale-100.png	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ilerepair.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9b526280ec0756f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_it-it_5e8dbd524776addc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userinitext.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_37778d54975677db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_9486a5375dc11c60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e8af5a2a3894d28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.19041.1_none_993ab95f8a87eead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\pdferrorofflineaccessdenied.html	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..i-windows.resources_31bf3856ad364e35_10.0.19041.1_de-de_42c45c23f5becd8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_10.0.19041.1_none_641cd8499a376e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceux.resources_31bf3856ad364e35_10.0.19041.1_en-us_256d21174c83b289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-displaymanager_31bf3856ad364e35_10.0.19041.746_none_041cd29ac291b008\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_73e5bd029f7ac27a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmvsdecd_31bf3856ad364e35_10.0.19041.1_none_26bf32737889731b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\0000\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-quiethours.resources_31bf3856ad364e35_10.0.19041.1_en-us_202bc40ad8846aaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ac20897107a5eed9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..allationgrouppolicy_31bf3856ad364e35_10.0.19041.1151_none_ec6f88b8c3d94cf3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-clipboard_31bf3856ad364e35_10.0.19041.746_none_9e7325ee31555ff3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_10.0.19041.1_de-de_a929b7a9500e8590\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-store-install-service_31bf3856ad364e35_10.0.19041.1151_none_5d39960f62e2e86e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_29613301342ded65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-embedded-bootexp_31bf3856ad364e35_10.0.19041.1_none_7f5264fda31782d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_10.0.19041.746_none_0a27ebbb92d57ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wldp.resources_31bf3856ad364e35_10.0.19041.1_it-it_6e8a37bc7e38c37c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_f39f082c141ce6b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8bdc9e4954f94b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ticexecution-server_31bf3856ad364e35_10.0.19041.264_none_a92e6476dde50295\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasmm_31bf3856ad364e35_10.0.19041.1_none_178b0181fbc2b673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\DefaultIcon	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open\command	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.500ðóáëé	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\ = "CRYPTED!"	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe,0"	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QdHW4g7tBB02tG8.exe"	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.500ðóáëé\ = "MTCRWOVHAPWOSSU"	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MTCRWOVHAPWOSSU	71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\71a135e0610b097e79fbdd4b2cf61d50_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
a44cc4bed97be7e1930c881215d993bf

SHA1
4075b2845da0865a9e8683d274239fa7fa434d91

SHA256
025131078cca3dbca1c2d65ab5b6eaf0a722c4cc04a1c9293890826219564d68

SHA512
775a674046e31b387af390a8a3c6e355859955d34f83cc6f5782222111fa1d8b538a5c29b04d9f560c51a961d9eec5722d44f89c3f3858f339a5ac294b03ef15

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
627bb54590dc93381a4524412bd7d99c

SHA1
e936c5e33dc893ad576102140df03a3e8db5197f

SHA256
0ec4b301469e693c1bfe72cdb5979e5531440351c6d7e419885c81916b364a42

SHA512
f7c3d8d7cb38ac020a5cd5e181a33952f5dd515c992cf20be195f429c45ea9b60a83f4dc00a4efa9e91cb7baef8eb645b84e1abdda77e0f660160825164d8bc0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
33c1c88e13ee5606063ab66454ecde26

SHA1
f30986bb2b114dc501f5036f83eb1f2a0be0a3ba

SHA256
d626231dd65f273b5c021a0f061f66f9ba7e2a047c91195718fc9d1a13bf926b

SHA512
1dd41f7718006ccc16d887d7d06772e57bb579d8c38d8be1cf6b47aaccc423b723f1233257825492814ccea07942fe14165f58b20b2b71af5d1aacda774f960a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
d13cf134861a73fa30cb04d252b40a24

SHA1
1eec7793df4dbd9408c326ccf28c10860d81b1f4

SHA256
8a6d182fd1ddab0ee2e98dfafeb8c61e3458e96c80cff534f34aa9326f0b7545

SHA512
6be287e592199934c6bec20903cb39d9287922743ac0080c2fc12453b87daa1e7476e1cdd66c19519f227cfe84280df341b81571db40c074c06b97eb953bbd61

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
f0bca2e035534e8ddd4c91a26b7c01be

SHA1
017575cb33820d1991e935832e8a0271a00fc026

SHA256
5c74b772d314992a24e323823e5766e0a8a89b212bc35bd796febcf62279d755

SHA512
e4f818dc8cea634e61654f59e74e9ce607a79e009c858eda3fb934c1c306c1bc0833e2be7c012048446eb90a1607f8764d5598bfc5feaef2ab39a80f7a47f572

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
797fcb730df2d2c252c9da4b82b7d4a6

SHA1
9ae7990205800075bc00d80de5e1370fca9a0848

SHA256
9d38a45e6ed7c39bfaf658cbbb2b7821ba79fe2aeb9c15b303c5b035000b50ae

SHA512
b2ec46cba2d8427b95776e206998e0e3a47aa64b761ef33b0106cea87235cd9ec48cb511cb366da01fc903e85ed5d7cf88f3a1a02f1da74d2fe88e2b92340560

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
e09f341d3ffb6308ce1ec51364febf77

SHA1
8bacc465d26b0b4d4f6422df3de451b645f5ca2a

SHA256
b53f4223df250da62c49142735532f489cc2adf2328c5ed151eb8a40b321b234

SHA512
0fa8d1fa49e17e3bb5816cc9aba0d34f258ffa4f0c60e1a31d6aeea1614747c3ec92186de4188792c6f64c6705a0544849a05f051e4658b2ec800e535c8492be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
01ccd517a163baaae00f2e3af3377d29

SHA1
8ca270aedb942ee3e74932225eb9b9eaa9b6e726

SHA256
5dcadaf9206ea4cfb81ee6181467837f70cb94e79201fd6e912763bf974e9308

SHA512
0aaf90095df791bdb4d896887598aab46ec05809cecc9efcaae2927c228c5355a657707e0646bf2de44b465bdc39c53b75bc8a1d975f23566d76b6e5dce32910

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ebe00a5f6d3f3d35802828175a65f599

SHA1
08ba703bf580a055907ed0175fa8500a454e8d58

SHA256
0279e8d9db945b534f2a6d173b4ccffec49d3f3d295f98c692cf35e3b43229bd

SHA512
f503c3f0a3acf9c4df4565b1cbf10a1adad1fd895e01003f2f5431d031a0a8a82cb14539341685832f122b29f329cc69abab6cee61fe1630d9e9c89844c74645

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ffe5310f569b3c3401a82d5d8b86a30d

SHA1
e63a7bf0a2627c08909b07142b5f94aab98ad7cb

SHA256
e8fbb9a18d966a5e8e5e3856885b719c322901be018c8d89d64909e7bbfa6ec9

SHA512
768f93d78986c3f386a2cbe478fb5b05cb7181fb13fed68bf63be625b2fd1fe0a0398b033ba34aed44c5130ffc5f2807a060006574ab3047d8df48b49b0d16a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
6ef1011a5898fd1db3045bf0186f2fbc

SHA1
9379e9e433354edab6be1864984e32f5e474b09c

SHA256
94e30cc819463cbe3c064e00b9900d0ba1b8f8bfc604f1d63d871b28aa79ce8d

SHA512
e70dd9ecc8d261b3fc8cc79660c124dbaf02bcaa9806a79a010adfe9d36405ecf48fef78f17d83df76a15815866451099820cdcfb3b9d1af6f93bb8943d66c5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b449ce1e2e336c43404ee3f5483e4e97

SHA1
e4a6d414b9282bf7598d239af7fb393265bc7695

SHA256
4a684ef3639e4a7e768dfbca65b01109cd4f63720e59bfda4d1c673d660c06c4

SHA512
0d87b5b5dfc2151dda6bd4455f846e36bfddcbeec8949780bfb2cb5d84920991f6f9f87f40a6460f2cd69a94c55b4131797a38d70b07f18715b47ee941a90489

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
35908c5aa498acdf6548012f93b9316c

SHA1
d01a458a2af07d7f689a34479557d783beb49c57

SHA256
c76cab20d2bd81aeaa8c085ee0052b9235fa1ad1993a452e56418f1a2112efd9

SHA512
45f3c6cce9b016621f023c8798fc63f5bb77e0f96e3e1c6d55d3cedaa6f1ed7a58bdcf037d5aa6bd4a7d7e157533ae996f5171e53638d2692c0d35f512f8d399

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
78a19d286f37c78b559384809f9841fd

SHA1
363192840ccdc3bb4088f352545d596dfed49a67

SHA256
692b30a631ad4e604adcc5acb76ca23b8c122ea1fd0dcae26013bcf6ce9b7305

SHA512
806774aedb5f1c8fdb4cb28a607c8aa9adf3f29a9caedc4d131754b6297e44f561cf3ae6884424bc3255e69bef366eea5f81feae0f8bb4710f528acad9b697d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
7f09bbb5a8dba092b3060a20d0dc0526

SHA1
578bbc675d07cb2064e4c0780ec76aa6c2e9a3c2

SHA256
132af7fe147d2951f5a61277b15d93696cf83472f62ae007fce8331b94b7560b

SHA512
343502cdc0f247cfda6cbc6ac22328aa188be600c3e205557fbd243fb8dbd90b5f1788881509dc8f7017d891c01b1e8f1dfdc7808375d365954db064eef56693

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
681657c46cfe1b24d85daad16275e43d

SHA1
7244a1fbb6bb05c74cff4c5c8a65bdf5f8b55b3c

SHA256
2634b6a33882a1daa14d6698c42089e1747423de93a3dd107289382c0bfb30c6

SHA512
570aea393557758b0a6e408326cfe29dae1b128f0bf1a1179a630390bc5c3c460d580ebb262bb4dedf5d5c38deee99c7482af504cc0c5941935e68e25ddf0667

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
fc5684f1aafe1a8fb12dbff06283bab5

SHA1
49652333d9138ca3a02a5d189d24cd7c640b9879

SHA256
b7c3816bf4ac5b6023df87ee19c46cef182528b6133215b3b53611e3715d0137

SHA512
08560426ac47994a568eb4e44c751772d9e568321b92987d2e8be7835a8350927df4113c8e26689a0f19e6e757f788795aefc7fb273e9c3f26270aa6a16d7ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
a25dbf5fa663582f969ecc2921432be4

SHA1
d50a18c0d3d7d4ba09cb4a1b6706bb21fe2f66bb

SHA256
184c01b664b1214192581e0c7bc6c67659f3158ddba74e65198c6d43071e76b7

SHA512
f4f7d417057f4fff6cfeee44f9f0892a9cf5e1493d223e3d570dd8abac36edf486de77621a8996bde83218c2a5f7e96745717f5a9180122c532bc2add5f288ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
8ca290320a29af1fb6280653bdc22bf3

SHA1
e00b395e03ba0eccc9c91b20fbd3b4213f1e2fbe

SHA256
6d47594dbebef04b9504174c615a556df843b3fcc19270ff0ebc857d4f20d269

SHA512
dbc6a2551b9e9586993935ec5f87f96fdb46bbb68e0dc4a66a40172787dbcd96f107bdd2b21c6c5eed6671080ffa14d9109dfe84b58ba4688e1d94d37d1323f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
1e61bd765df6bef2da21ce28d7438504

SHA1
3a8f092d3a143d81877bdc119493e47b570b0fb9

SHA256
e66ac7193815940268520d191ebd2ecf9192bb15487c4a806bb6c838e008533e

SHA512
f70b46bc7f5607c369dceb2695f4f4149d661f333b41a2c6274a57602c04ad4d4420b16dbde9bcc5144951c6e385cc3f96d7b77039cf4f95a7634222f7393d7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
6a8ee295d79494def6f252cccb1578c2

SHA1
5f5e56ac4cd335f80d86053a4776dbb933335e8b

SHA256
b40166a3fc98bd98a5395be1e4e766bf1951307022758f7a116777125176ecab

SHA512
419a60c2648042861185b7233b675072f936ef3683c5b1d6df0b7821faa9e0bf3d464c39d3daf9560141f1d86b5467e00c732bb30f44fc21a32bab3b839bc833

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1d41bb7a4db91b19df4806eee5006973

SHA1
6d56246d6f5009041cff9e11a68255700204cb3c

SHA256
4daae0802b1fd6c7d323278d5ac8bf33df3219154d104228fc4e7f96781666b7

SHA512
2954f0fef3fdaa3fa7cefe53810c6076400e46a47cd7407e55a7e0e77c07e28222c5fcf11f68ff5716d3d53db8a0b98107f0f48e5e3209a2e76b9477057dcc9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
09b59c82ca9b7e00635440b158a54a7c

SHA1
95698f050c669c919701c1c227dbaabd603dd29f

SHA256
3ad04b458b1180855c0a1eed7554360a7226f7d24e19e7695b7d3b9aec0f9e95

SHA512
d6495cd2228f7b54a214d9b1d5645d43230c96cc9b495a181fcbad04a635d6428a08f3ac4952c7fa3a9cf488b8d3364a29d9c6dd1fdc0414387bdd003704027e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
af835cfb13eb5bf0a035f90556c2f1f7

SHA1
004d3da8f26c65f25eba4c3aaee47b6e3daad1a9

SHA256
dfbafd7f614d153a083569ba85c70ff30b085d13e663fedd764b4279b0a00082

SHA512
94b31aa0f5d3163c025948bddaf49d9e7977c076049a8a848d9f379e28ea1fa05a36d1a380a7c47a29f4228c5390373e5a2cda11537d332129cced130f7a8ebb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
efbde7b5fc1840d80621af1c25822ca6

SHA1
99c5c14d8fe1aca22c67af62d2ce8704b0db31af

SHA256
e4a450a1a8f942bb60a51ed1b220e15476b0cac9e13e0d49caba17baccb5f89e

SHA512
9a873608612c176c46d9ff1537984ace6ed3ab3f0fb69d8a5c02bc47017eb735c7cbd98af8feb6bd843f978cf9acb43c77de48d0893572ab6814dc061f3ff34d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
702969d64eb3bc1593d9289429847eee

SHA1
5fba6de2417bf6f92cb0fd3719aea6836e477b3c

SHA256
10e401beda1b1d2804190c29e29511c7d94fdf4d82072d836eaf8755fde3412b

SHA512
d0e00fea68b6dfa1f026499fb9427ac771232e13a77ddab5efc671219b5aab214411d6bf08cc65ab767c1dfa0c8a834407af8f2dda6d6fec967db918ad13b758

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
31c40c3942255df16bae7cc193c66522

SHA1
7c03b1aa3bc2bf30e60e942339bd127f3a8ab4af

SHA256
471d1da7847571b473c6bb003c0263c5b264a1cbadf6b691f2391bfb52f1f77d

SHA512
db8d5dd5f008f94c368fe3959eb8193bd85701782a35b3c5d7dcaf5add02e59930e4587551e5284eeb7ed68ad08adfed4fec7b3f6db090aacc0e668ea07702c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
084930aabc8512511e3d5bab93a55739

SHA1
d7957fc7f20725ed64a37b1b5c11d2b2586d8201

SHA256
63197148cdf2af3a32e5d999221cc1726965a2d0fb1a8db42dd5f79de5fb2a43

SHA512
e3c840b742000b622643e7b64457a027865ec9674b72d58c2d8cc11238ee251ec88fbdac6e3022e652997cf72a1f5c2072027255d457fed3a89596e645772d55

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a030b8aadeb18fad424ccd459adecb2c

SHA1
04d952f2fd0237053d8862d08992122b289ba63f

SHA256
79e82122d963cda53de5232b3127817f253e2be28313aa5219a151022c594978

SHA512
4f928fee2faa9d9cf7027b7dcb1db02ac8cc381237d51aa6750791af4ff7f33f824b85dcfaf6f8d1e29d592b90ce52ebe02b8262e93398db45c4ce6c5f38089f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
734b6149cacd780c82c3969bec0a82fd

SHA1
98180b5faf586dd9050787938d186b5037760940

SHA256
9a6b8f17dd2387581caa041fb863ba9c84d57638de8560963baa91be53f2da48

SHA512
c1e00c5a13e784f06300b6398952c41e89530690161408e4199ef0b00d5d4a07009bd86363e51d78c815827d6a9b668c897d26c5fc00213ff77efc3fd86d2c25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
612ff1daaf2a90b91fbd24517f82287b

SHA1
a2de26ac9a0a6b354c70c08571e829b097884210

SHA256
518c08274073b3f703b6315336e1f952d85318d1510898cd9007e699adc8433d

SHA512
c4c49d685d22cb16afc13e0e7b8fc15a274c1ee205705c42b303bf5da4de20281ce61d3b119026111d1d44b1e32cb0f28a4496e332b57336dcf556215a993b87

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
8e4b49013bd275260c90265d07dc786d

SHA1
99c2b18286984494d07d86fe6b7dfb0325f626c8

SHA256
e099106446d7ff9976bca89c03eb1694fbf67230c1a738c40aff21518aca4d82

SHA512
ac62ad98a6324449cbbc08ed4e05c21abad223607914f8d41c7f43d8135be94a789d829751b0435eacac300ba4c33f737e32b40c329277b01d52258ef1af5e1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
5ae6d52c52644bb010dec1b2a8618c1d

SHA1
ad9c7cca3b1a03d79a9a3cd0105f46f2fc4e2b07

SHA256
24871c1b1c17f1fbb4b9d641ff4456a1cd41351ae400e976c0c1716e8ca379cd

SHA512
6c96c9d2b10ca405f8afb56edbcd51a411eced5b5cec4b9046effe4bd8b2cc83e5bf09519f2ce67d5d3802532345a8508c33c1ee856a29bd2f1f33b7bcc3f1e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b8919293a6077ba40f504c0fe3c73e1e

SHA1
431ab18550a1873ec930b68eecb76bc2595eeb98

SHA256
d4da9ba13cc0f954455879d8d6fd22268c634e736816bcd9364d1af9a410861b

SHA512
8654fa1a8e48fb6bc5e578793596eedbdf8de298f016b55671fc8fb81391641357e4d3c406b2ac5a89e0dde651541904c549b853023e80ef3eb9681649117ee2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
75ec4175ae38f89c56e9daee4306bf87

SHA1
13963c5e41c84b97135e43d359d1a83cf5f1e655

SHA256
cd7cf3a1f08b660f860daa51a9fb3002f163e22a83760968cf6aa497ba2b9ed3

SHA512
5a818c69d2fdcae94c90184725858485aee21be3da41222184679bb1bb916894c4d535721ab56bde375888b68e3e1101ca0780f2d105e0ac04fb5678ba7ac911

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
07e5712c858e557606792b2014d2c0ba

SHA1
4156ce4f8a40b629129683307b7b382cd8867e09

SHA256
45e44047cf482635eb0b2c2057dd4a915989e8cef40d62939ffbe3b4cde02a1a

SHA512
26b00d7af5f07bb52a234fae0c32684cacc2ea490d258d252fde0360fc378f2c2b1946376b1b9e4f30c380978c5e4c027a361163b70d4c2fd2c72507a4b92271

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
0780822751a95a5459d98edc1d6570a5

SHA1
e2b4405f89e6177f78b6310c0852f846e9f9158a

SHA256
4b956abf64b61bc1530c417aa79a4e73bf0074e20490df36f203cab8a0ed716a

SHA512
bae3e93880b60678559a9c3a29ea5d6da2473026eed44ed3ff844386247870e410059d6f332e5054f4e85b61f79b5cd91c7d87346525e92d19a4578318bb68ee

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
d819958c6d18e183da73dafd6a4d749e

SHA1
0b5ac5810a908d11900326dc35401ffd41892103

SHA256
ca95e57ecf948717311c4cbff22b9d975f5dbf2e3b85bcd1e8aa168366ec2bf6

SHA512
3533a33edc0ead239634f35ad0172af37fe2e65b9e7ebb7df853c9355b0739bf135e0e433c59a957a8f15f6647f9d884c71d19cbcefe657a04b487cfd29c71f5

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
116B

MD5
7c355de1bfc0bfa2b77b64bbbf8353fa

SHA1
d8be0e8da07423158c0f32116aff467b2d60119f

SHA256
5f1b69c6d3495d094255390c44d1fdf6229264a5d08038e64824bf66ea7669e9

SHA512
9e2c5f5dbb24f3a4aa5285158c07c120c6b1b00f06d7dbf22b1e2a39c57bd36b2d8c7a3905639494293d60fee2aee49ea194ef8682bd63a2ff7120d39b760ec8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
60d21a1685dc7ebc3533b7ed517b724d

SHA1
e1691d64afe639043c37f0a0ef7fe95836105030

SHA256
069bbbb07faa63009f665fc80ab7c46df08e793e1b2d3cd7e5f5671d303ac898

SHA512
9651aae5818c10149a1857ddc02a38d5f0fcff61ba0975135888e65e2e891917594ed935b14b98799555f4f34ec3409438e631d7973f916d1b49bd383970a5ad

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
0543eedb2261d6f07e7d8d27644a8805

SHA1
8f2e6d2c74b5cc6b124461766be3477853157643

SHA256
bd21e2fae1e026a776af05b40e362c337c1af1e86787e4aae838bf43a9ac45ca

SHA512
7f993a08bdab0c431675c20bebcf372f8cb9cf5844ce03afc71d5853bb5b8130490a8f96b2198782f423874bf2f52c8e61483dbe70eb85d966a765cb565bef45

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
39e981995bd23ad36a6bee1fe90e3963

SHA1
35f7f6e539ad5e2cbe1b62e907c21051a3c04017

SHA256
efd3c26662780e5ff687726ecd954fbed68eb5cfb70d86a60cdb3dd912c79425

SHA512
67e3c9563508281bd6a7be3e08fba60845e55524a22af3fd57c0e806f169370982b00e16582faada01a7ce5e9ba8c8f33835ff8fddcc80d6d5c99ba72ce3f8a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e672095c84e11f5b86f1f50eb3f56faf

SHA1
ce58adf8eb0337ff18be275bcd19f6543a3e1a78

SHA256
6145cf0d77f49b61cb7f8a22e44ec8e44a8b0c2162138b87f6e90d4e44f14f90

SHA512
7982253ec43d5c80a451dd898c8c66b28749a8acaa3c2f35fbe152e436e059acf8e051d2c6aa44e98421ea44602539a5601471e19e2298206f742eb07b03717f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
7ce6816034ffe80f432b97d22b77f4e3

SHA1
8ffb3dfc40cb842e562219ba90335bdd28c9ed3c

SHA256
74d47d4c303acd9753425af6815a1815196e1db13a5a06a59256458966afc420

SHA512
53881aa2b5889c4d95e4254d645ee35b66624a3b061b44d898bcef1dbcb50354ccad31ed6733afa6d2edbcb60bc571eb2f7fc81477a5a406b97535df8e6c6fc6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
d0b40970d221104efc6ba380b73ed80f

SHA1
fb0fd7cac593e71923ee39fff60461f5f072955f

SHA256
1004d2e0f3408b4c6ea492bd848389f5cf5171976b08c8c66e43e9cbc28cef77

SHA512
01b674114f0fb0d441e162caee60a3df0e5b1cc2d1b999b67823b18312c0fa5810ad15527a3c049d05938010dafd1c8b81f13afaea1c0ae4b0e1685844d135bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
209603f09bc667101a8bebd7c140cbe9

SHA1
67d73d745397657a237e36c1ceb4aab406beabc7

SHA256
dc20ca4fe969c0fd5aa88a5b0e3580c0b052be5eaf491b9c6639805cd33bfe79

SHA512
7b17dabf1ebe207b365857385ce92969f7fe2d763cc38f845e05f42d036a23323931ad2937842670a3631b002b4588a67039c27d53ad824011c92c5d24215cde

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
d19a226ba9239ba58deb303e744abb7f

SHA1
8be42dc2c0994d292045fb20e0d77e5789c5695c

SHA256
3af8e768d5d8b3414738488acdec06ad0685d9a7830f35280ecdf2458423e4d3

SHA512
5e588ab608a87475679698fbe75f38229bfee7c66fd12b769ee3b8c8e02e40ecba9bc8b7e66a8a08f054106c766f4661225cf21ff21e472dc044e5595d00027c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f2d362791453e6d61f95a98de9b353b8

SHA1
f09b1798d5553bf67963b8141199b5dbc32016a9

SHA256
f797d770e9986a10757cd0e7fb71b806fcdeca84a849dea31d73287b06f0fbf1

SHA512
94f23c73b3ffad94689e4b753c291286ca701ea5974619386b3f8127b95106206de3314c74b9770fda2b1c382e02d937c0c69c529d635bf54f03c244b5497ac0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
d75bb4eb62187bbf8946af810dc94ca8

SHA1
8695376461c37ee01ea38d77c2f6e1596780e027

SHA256
1752a38fc6b2012300fa401a868b621dc9b3bf8d34fc929ee1762d3baba7036c

SHA512
649c1da735440b8f1b87431b36d7272efca2cb81284708155008d9f440d44c8f48d72c2e525f670989fd798277fb036abe9fcae88267b3f399e3dcedf1b46e24

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
6e26f781f6c1e941c757dc9372e8e14f

SHA1
89c88409c64dd56e9af56d4d29e545891382d57e

SHA256
3ea660878d9342688a988a9f2eaab9f85cc0f8c44a92df80e179bcbd2716cb7e

SHA512
e3ffec748739bc94a1f548719ad0692a5d630c422cb22b3d7c4fd75057762bcab80f6e1cb6ec63af38135f6c5906b63fb128da2e8d7d5ea96eb084305e15a0dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
1e5192965cf720e4931e48a3f257b15a

SHA1
07a5016142c1aede51ea15925547e0c6c6153f96

SHA256
7f3a249459dc6d576c2d35d58397255d68b544c712e2c6893265b5d0d492e877

SHA512
faa35d9ab83ea02695a4da26ef4346d3003772559bc73465d3d67f4bcb81f099a9edbd8b38c0cd8d8a7cb546eb6d618947fae2eac9c1f5df609fc96b9756ca9f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
5cf438da8f54b502f160b21888916a2b

SHA1
e318cceb3eafeef1725226e3e9b6eb48cfacb2ff

SHA256
8ea23e6f047b0085d4d1198f36497c467c1932d45b29437053d7ab48163ba750

SHA512
72f21e68523363af49f3afd7c86f73847dab43d26dc8a92c7696b1ffab4ea626d4e1f676b06658552da653239fe1776a70dc0a06c65200590363902fca0e8a93

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
804a91e1f04f66d1ce98ecd032253304

SHA1
7a5f2adad591997e18612aa20291a67817c0af04

SHA256
e845ed7d3a2d77525759dfaa16093cb9774711928409fda9f351cb6880dae466

SHA512
c479b042b32150a14a38d2f51183efa28c65a1dabb9f555caa55b5aa4e090e3557dc6b823bbeb4c5f2e2df5d5df2525db0de3c05dd8dc4a212d33f92669ebb61

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f71a803a51e16f67f7547bb3795e2109

SHA1
f75339c13742a55675810dbdc92d54bfd70e4c61

SHA256
fd197e66c323f0c33b58c8078b572def8146d35e6a9e3c5d8e172c9a6e85c383

SHA512
8039957a9aa6e613544f957b6b489aff634daffdb2f0e0a0c2388573952c64fbb1ad9372395d51ee5a98166a2a2836ef3f35a716cc3250bc25bce024e1663fbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
312a5946e150471b7f21bca000c1652c

SHA1
9e16efcba3adbdc21daa92f238b3166d79803352

SHA256
25f8ff3a3333208b3b6a24a0f5dcdc5251d9fadd376a7b3487a7bb0af661eb46

SHA512
42bc77f316147d80975a7e442b2dca3b0cf84d2df44741f25dc231c89ad3c7001cbe60d39228bf7955c08c43721ccbeb2e0e209ef4973f5c91e8ada02d51a2e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
7f34d449a9bff32ecba670d5f03e3583

SHA1
341794b731f4da2780e0476ed28b3049a7fb22f7

SHA256
782e39075ae5369f9b18b3020538ffd88d0b06d384508ef383a53ab8750daa9d

SHA512
084cfd33f6ef4a23cc1c26b1f1ca0f29ca67a6ee90f02a1354c73409d77a7f49fcccf06fdb722cba09cd9c3b755b4abd4dcb54c2ffdf31377aa5f35d39751c09

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
d2db6d62e3d55cc868cc17488a7bfd86

SHA1
5d6e506607437f013405e88ebab118c88ac85c12

SHA256
6fbc3e6693e049ee5b9c1927fdc0ec21d8b09882ecc3c6326f4f1aa8c3f524ef

SHA512
4b479d9dca7c0da6fbcd5124b809e1f840014db5d7d9f6a7061c4682e59315d150438754e65e1ed534bbd1930e1c1a99d26e6a73acb62d9adfdc6737fb5bc12e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
1f854670d0426e309463226974bde470

SHA1
1b5f2d0b46234d1189f2ee7daee4ef7334b4872c

SHA256
8057eedcaa75c8368d8db2751942d0f83cb4a0aca29b97b51beb04ff399f02a3

SHA512
8a8057ed942e49cf4b465e76b218dcb4a8a0833f9a80c6ed95d360c9139d0704c322565bb52f1ae0ea9cbff220b1518a4266efa3c7bc4cbeedbc3a1757c15d62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
1a03fb46a71c447eb1c38dfcf9025b39

SHA1
a5750d344b1b1098242d8b247fd50dae1e6e8203

SHA256
b14b5a9590261dc06cfe31ae450b293076fdbb5e60179e4580750dc417308ced

SHA512
886afedf3cfe3e834f765e4322b9b3bb453c779ef7dbe39784061a8ce7471bfa0870ec907b733b91558034acb4b45eaf5e717be9457c1a65ab7a217db1796ac4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
fdedcd28654bfa093a022575507c15aa

SHA1
905d15de6a71fe89be899194094f5ee344d64436

SHA256
c9d4116d65dfb17c245c5dcf1e00ed0f9753ab9a596244eec19f36603fbf50a8

SHA512
070f5b91f95c6b96b757d3f3ba3e089f39a54fbbd168f099a1c63eb1c10df5e3fc579027a7086b4d8bbc9ed40ef65b45267f7f4caba268d43735698ce345079f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
f53c05f4ea29596c4a2afd3a76a504dd

SHA1
76824800a3366394d2d57443c77c1f7b699bd8ed

SHA256
4f14b9ccf2dd4993f13a7b3f5deb3110876da0d50bcb585005b157cdf5504642

SHA512
da29648c025e4ef1661e0a5034c0ca93b0160bd66c2f6d7c348d46b345dea0084497f232ab9ad8597832b2e7cd31367b807a0e8fd1b47d421de0558bccc1b2bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
74beccf67d72e8542612a3ca09e3cc4d

SHA1
b5f9ac414d0df724ca9c812c9db25376fbfd6e87

SHA256
1da8648f715725c8a1614caba7d540e5d536c019ee20ba6df66f20aa8e1aad45

SHA512
3654cc6a55000a7669cee16cecffaea2784af86af7042b54661c0f2a87966f1671976203edc2b1edbb43426c598efde53675903c713f47576151dcf09ad4253e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
35f929a298f873198a73878c36d58740

SHA1
3c58a376ff6ba28aae09d4bc2846dee159c3e1b9

SHA256
776bcd3ae69ac7a1bc5f0feeb8bd5a9b724c30306c674213856104160b8c48a9

SHA512
cee6aa380b39d23e088e8fc2d346c696cb091efa051567e2cb4bdc3f39b35dcc2a7ef84fcce21454875a5d454d74f082d6eab78e544a278f26a10778d450d5ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2cf7b335b58988ca9a4a09f81625afee

SHA1
13be75925819e2e8be57b519aadb8c12ea2bdb8a

SHA256
77cdfaee2f80c59aac16d4232ecab506cef7495c7d090b5786749e63ac5efed7

SHA512
c542054919b2c08099893ee6122e0130b59f9f925e7aed72d9b11faef6b6143829759a4a5687153223adf6bb3309322ee6dd5d344ebf9abddd2c8b0c9cffee1e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
fa2d1cddb2b33cd0f20045ac1a74ba12

SHA1
681fed02406da21bb03c77f4d20d2efe75b74ac5

SHA256
0671df45f46b300b394bc200eee9299f153d0380ac286c0e9b0b9faa3d3320b2

SHA512
179bd9bfcd1a6020ff7cfb77efda35a70c6fef56dcc78eb0c4fdd6c03c1770da5d2b695c5c29c7aa6c83a09af965160c12f1fa4295089dc216a3d1820cd835d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
a81d9d8b422327a009607297b39813de

SHA1
12086716bdedeffb5d2b331ada0c79a0e2ba510f

SHA256
dc5720ac57f4ea546b9dcc218ad6c3743fab086c595a76cae877839f8407c1a5

SHA512
86845e2f7c0bd4e2597f4290d6284f3fc3c3861947ab7f182d66e62056e3e4fedff4d68fbff2959153079502a8dfe258b3d927009c07b7502c5b3f0eb7323530

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
ff230036208efbf19befef3d460833da

SHA1
628f42a31efaeeaa274da31316b2feb991da9bd5

SHA256
ebe72a0cfc5c6cb78cc5b4086bd9e9cf1803157c2cf643d8ef289096e7886815

SHA512
6da074bfe893b968839b44581f440cba19719d6077fb2afa97b3a5d75d600cc7eec459f6499cd199705636c72430bf7149642c6076920d0e379745f6c61150e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
9091f9c74e3d2112d56d1dbb188e70d5

SHA1
de281dc8222b95566afd7551af5d8402791a7a4b

SHA256
114bb0f4395821adc97bc4f227ef2b1a5e205ac73337bd11d5e95e7ba1f86726

SHA512
370cb450ab1c8d75fb1208c486835be5a3ab2d004845514a2b5e0b7e531e18011c7348d38a30348a4af934867e2174f1c5fdb923f11b21c7fc5c479f2ed8078e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
853d527b6886ba5bf89f8db39852f0eb

SHA1
cad9c174e85d5092730bc8f5faedaf17b763caff

SHA256
1c4b9bd71d353623773dd5ee2f3b52adf41e6d0285c5037e0a8e46d05e864f21

SHA512
448fd0987e2e3d03829bcdd92dc295f13138b2eefe6b108df0903111be905a493d9feb4e09e4eddacd68bbd85b4bbb6f432bb596cc3e3042835708f1c829bd59

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8466e38d2e2ee332fdc5d66ef1524bce

SHA1
39fdc3d517a64a364a675988844e805a0f7f9510

SHA256
e8ae829309b6a636a267332d4135d4df172e4fc2a6ebc39205965929aa551ed6

SHA512
2b2005c3e2eb513cacedcf4ef437462a91a24dce4ddf9e54e6af4461cb2fba4865ad7f9caa3d239ab7340f947ee45d694b49ae6b3ced4fc30bc156f938ed2f95

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
ff51820af4d935bf5ae6b71becbf7a4f

SHA1
531157deae162d4a40f928c286e613b8ab9a3bbd

SHA256
ae281d6ee294206ecae1e639157853038b29fdd5bf2ce69d92b9ddad59cc20f9

SHA512
30a2ad22912a6e14baef292cffa0e68358388d1867ed2cb14f38e5d950d9fe6528920d216d611bae949da1b174b74e682718801f901729011feb3881201324c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
a174d69efb3a4dacaa6b9381ecee76ae

SHA1
0bc2517e1f0ac3df209b9d28584d7277d9d23e1b

SHA256
606f9ecf48d43affaa7d06427ca92e64e202dabfc14ffcc9011ddf3ce9f271ba

SHA512
811159876a470100c05823a3201509aa91f9c66f6023cfadc32146616515434b1c2b8e7beae97b47a38b95ee2c28bda00a926e2edb4c638afb4b74a583ddd1b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
cd4719a451753862037eeff128d23144

SHA1
8d91ec0250fced8bf6f188f357a130ace88f0b4f

SHA256
34e22a127fa355107c2b8e80bb77b494d85ee4cb437bb6cbf49dabf4c78b3c96

SHA512
3b29656108c3f9f6b3af91ee73452039a9ef6b60c8599cca20b200ef5f5d3ce33a3f2aa4587ae23e1290ec425d26ce0b38d7341e0c0319da30618a83c10feb91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
4d3b4c735b2581a2da075dc5a4dd7084

SHA1
604a1975d3eb98a9511b744db2dcfae2bceed221

SHA256
b33fe69e4eee95201dc93e3f2ca4271b207179dbec5b0dfbcb317748f6140ac9

SHA512
c7bbf82f5e13e7b57a1c6edbee1bef3348276c370ca5fe78c6e60067028362f1e06ec5d5233a1b341edf9a125b6dc20e11a8f64c12089b61fc2d3c69c7956b91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
745a892f2490a44d60415a691b528e1a

SHA1
5634fea4d1da1e0bd6df6ee65a0722f2cc8b2a58

SHA256
97e2369a12762fedf3619504a00327664903568293473e6b5bae2889626ab1ff

SHA512
925ac9f83bb84833455e280f8eacd146e7da24849131dfd23ec08f8e5aae5b7235020020c26cf2090224945a2c013ee7e8a34635f6a1e54d9e5cffcd89eb5515

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
b912368976881848efc2e9b66b367645

SHA1
5db78fc16239a5ecd5969a59387db78e66d268a3

SHA256
5dab16297f43f9a78f78c4d7d353e46052f72707c556f425f79d58bcb7483559

SHA512
963030d121d4fe417cf931a9b483a6f1010c3e25ea1b0dbb5b35c8cb5d113c652a3021bc36e435ac0ac8b0805076a959fcb1dda2ad35a05766fab0ea3f680d98

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
1e7b78d1c8c65deba3646aa3ca82d6be

SHA1
1e6036e3fa75d3bc0e078e61a47b80bf0508da17

SHA256
6109d1bcbe801f395ca53732f407b110c244e1190491ca176c40ae1d971d4d11

SHA512
f3ed26e04d922264433a5dfffa9ba7d98e4786418df7fd096033b3bf87ec3b758e1b8eb9fcd00c17b1aa95fba97fba99c9f6deac5745577cd95cff69f47a0e90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
bf74a20da42810fee271db5e90027d18

SHA1
2db06f459670c0e33ead2cccb47e195cb5967dda

SHA256
d302f8e8b3b6acac83c04c8936d430a8c7d08b66955d5d1ac472f68a8a071446

SHA512
cb38a62dcab0307ec6b67f727a0ff9b775904db3a6553c914055e636f3b02f905e066ec06cc15a9ca3376af0a81bc018cd31c93a1a47e0b67d90ea030ce59b9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.500ðóáëé

Filesize
2KB

MD5
000fbbfb93a723c2dd366fb5382e886a

SHA1
cb6697d8493fb1c2361c8b749a0fb6d401cbb309

SHA256
76434d7feedffd88d1e4972669e0225023d2b82bf8a14aae30f0aa0bf0f91dc5

SHA512
957e807ad32d3a9b37742494c54de482cd32843858b9662a21db8349ab4d5a8423608c4697da023041fa8ebe18ef5c25e9b31b2687af3369a76c6572ecda2410

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
af0b399c9b4ef59f9b1873450f56e5cc

SHA1
c89ac687be0cddd8c9773b2a8d5be632c6925058

SHA256
658d790a492e303081f6b375f5ff6b067462fae6d687464423be3c730cf49815

SHA512
172372efef94617c833ea0e3f1a1190f1630f882f5e92836bbdd04fa6ec2da9c2118b3a7c5d91ba20c34a6ac7e8e0fd39c16c6f0e360881e23d39f124f32fcfd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
f5122b988b80d2aca7a70246302fc658

SHA1
ac8a24476b0aa6896d26547dffe832b297251049

SHA256
0d81bbb2fac51ab2f5e7dbe076f94edf81b4c00b9a1bfff6a71442facd3ee171

SHA512
90c89206bea19766634a9fd1d463d17f165b35471b5c5c2e4e6a1ff228b7d62ef1753ea819051f512e768fb70658a5fe38a851039a9be2cb7076bd15259bd65a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
837d5bc5b3538633eaff744afb47cb9c

SHA1
7e2816eff794a39cdfc1f7405880297aa14ff90e

SHA256
96a41170ef77b0854b42166c8001cbcb0b9a384365aab7b1981c4b96ddc8c3bb

SHA512
977bc4eee9ef842afd8bf10f4d98e1d4399dfca22287e845cf17c7aa823e1937577d81a5a93973026e258bebd0e1e2570004a1d030cc9b668cb7d8f6cc821660

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
bd006cb0171f8a8c2fc7117743054ae8

SHA1
e821063d5f1780abc997b68ca2a55fee5045b52c

SHA256
beb4cf1e4ea2b6e1fc9ab8bec538b55779ab9e08ec9e6bfacf71ae98e4cf86a1

SHA512
b2c9b6f0d25ab949ae1c9380edcfa4b3ffcc31f3a6793db1dcb785251a519c0ef66b4f956a5db5e0d5d205686deaaee1647e6754eecac6bf1ae9d519942476c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

Filesize
77KB

MD5
d6981eb5619394f49b82fd78f43f93e6

SHA1
bd1db65cd7a62c1f8807b62f6855fbd8f9800f71

SHA256
671a4cc0d3d9fafe81ef715b9fdbb9943cfd639840aba132d28cde15f7c6fbcd

SHA512
943b102e2461f4eeebf00de85d10aed8cf2d4b53aeea1c07376116f5f108d4dc9b1d34bacf30254be93229b977d01edd9377cd5e8fe6bbfd927458f9aea0d168

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

Filesize
47KB

MD5
ced1c449c492c53bc7eb386d197ad652

SHA1
ffe3c17125048404171a6e55b15da83e13636695

SHA256
a66a34e21446f218f448491cefe152fbcf5ff34af38a7e906e17489a21f124ba

SHA512
f6aff25935ed5ee6376fbbefdebd5d07ee3d5d378bf4f5b0d0d3792eaaa2c9edbc5659c049d5beb971f0b45346e932cfaadfdcf176d5b3847d3afe7540d1e87b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

Filesize
63KB

MD5
a3811b2c4678f3101129e0e8d15a9658

SHA1
9866af944dd9c035346d7a7ade43a2f044486515

SHA256
a4877ac3388e5c5cd8559cf68356d4633f2b6215f67bd5d5dd1ecf6ae7b82bf1

SHA512
f59e08455f768950ef3eeaee92349d79e6f5b71d9f4a6c13c31e39ae246ca88bbda486aa653e5833686ba9dc70b998adabd7e059ebf9204f6dfcb65d9e19318a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

Filesize
74KB

MD5
b9b4e99b5a2eb762e89ed816147517ac

SHA1
98f668acf76bd11d1983b6ff99cc4e78937e76b4

SHA256
afc2659e4d11442518ab20df83805dedd0317d2fd1a14c4c465595bf1afe50eb

SHA512
1d951905a8d4e8887c07441138609c250a4165e9f40b0bc413367ab7f32ed3c93453fcfb5184d22a317c10eacce572c09603e30049663d6dcba865d55f3251b3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
632212361bd681ee1737379853b23662

SHA1
3fa6e8dc87ad77156b6a0a4e7ca7126e27815348

SHA256
4cbf7439e42c598139038c0ae70787cd3edb6e7e1d672527302960a79bd55484

SHA512
0f95d380e03040a394d6fc4651c0c8c0155c6bfa8fa6dcc0cac296ac22d1931e302fe0b2d2b3d266cba64a171fe960712c609c1824de2859c895e5534ab3188d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
d365546f082dad0be972264cc41c60ae

SHA1
fc2771adc7145f7b4493acdd558ed95a73fcedc4

SHA256
81dac8da2106e875cfa3ef03829204a7c632c55df4e7173a157aadd527b3329a

SHA512
f0be1103d140fb6be49f250251fa3e368c6fe2af0a61facbc36ef475c3be06bc01ad78ee61019a32e183afd0f9b4ae7e465cd71b166a1bc0721d5e4c97e56f7b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f809a641e5ca672895d9cb8e364da8d3

SHA1
22b63af0a325a81a9cca2ed0fa448f0ba0e7081b

SHA256
38ff9cf8b25a0a5ca33c7d53969c66f03f51e9032fd6e7daf2331d99fe5cc148

SHA512
53d95ec5c21a040de470ae19bca73ccb9caca9637156a38ad211faca328d79e2efa34ccde452ac46b729334961ec97f87786cbb375c5393e509bf2343eecfb8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3dc090323dd1751617ca950c622f1b38

SHA1
5b6908a2ecdc5d01c8879cfbd808e702ec8e9b59

SHA256
ac5ad363c52435f66904a7c9c3ef0a28073ccb571d01b12911f43de883041419

SHA512
5ab826340125cd5b9adaf9ef6785a399da544d87572464c2b21933d407c4b67862764b44383088f5227d53e82734cfc2a9fd7950c0eaf6b8a5aa5bc77dce9086

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d1b93f7afd7842b35f6b6e7d92f44293

SHA1
0b38086c6fe78ba9608afc3a6c6c10350f41e29d

SHA256
858766a66d80a6478ef8706b6ab6454b361516392a45d3e1ea87a583a6e8bed1

SHA512
5c4dc86e2ea6f03278ffb5f6dbb80a9578a6c5798218d4b429cc02ec4aba31986aec215082cf456465d4f072a0d1e637651c9c00e8162228ae2e75fe0d3ceaab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
967d31f1dfb9048e624bea6bc86a8c7d

SHA1
2ad3942f8df270619b24b9b0884028ecdc61b9bf

SHA256
de3ee4f3901bad68cf8959f60ca8368d2d147ff8d39ae6875d82b0e63677c9e1

SHA512
7be55edd0fb0b398bf1d888eb11ba20f73a8c29e4b1fda3a4d27139d08730d6de9788b62f78a2beae9c56829889bea07cc36151c779cd417f32d9968fbeec68e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
9406b78662db6241eb94d2d14a873699

SHA1
3bd299ccc0651e8bf59b6424669f845f9e1dc430

SHA256
b9be86b1f85c7afec6c095731f1135b52b9731d00863f091eec7f9af8f2f654a

SHA512
b29b3c87ebecbfad2471e8e1a7ea7bc7ee0fbf6533c7787937ccc10bf410faf4042b2ddf46b1c73f8b079d2fbef4823a39b30a4d09e20e39dd06e2f7ff865b26

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
efa9300ef78f3f979ff1b75408684d1f

SHA1
e53a46b922f2d4961997e8fa7c61f9daa2eb9663

SHA256
de02a0c5e51e48f741679bd3e39457bedd1482ce34130066741d16159f0c534e

SHA512
6d0fb8ce1f8328a63b86d49a1df38bc9626cf65b97ed445c866522511528c8523f06d35402f2f9daf31acdf7f71e72872d3987365eb2bf5d3a3d8809ffa8db2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
63982e2fb4fe0fa0f9129edf976446b1

SHA1
f9fa2b7761d7ad53c606969d490576582a1411f8

SHA256
3ebc083ae9ef41acd4608a02518d8529bd9523f603331ffb8901d1897bbd2746

SHA512
9ee6b6168e19808019412e3a1f9ee16320e0fc7d3a02bfbe35777b8d55c9cd9b4957c93b20d3063cd4fb5b6cde5217efb13a293726fda8dc32266934a55d7358

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
ae5e0741b77e13c155d37b6780c5ab99

SHA1
9eb4fc264216beb8c1dbb09c2d3103bb5c1dff4c

SHA256
dac4046426b5d4ad041d70ff86e03640e3814c12bbd7edde0ec355d008451063

SHA512
f15ac0a5151c5de4ef4f6830d90192533fa46e9c9cf57a6fa695fdabccfddd7383379e03ed4582dcf110dece6d0de3c89ac674e50fdb615926897c01d03c6cbb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e82ef45022b5694e579417830ed22758

SHA1
7594369d65065f4ff988d15a04449a33159e1576

SHA256
eed7d0403834899c0d581f0101e8907516893b09a2b716b0f0a00e04c2101b4a

SHA512
0dcb62207fd45b19b6e0f1486081e666ac450c0d5503f7f02993ab7613bbdbb7ca2cc99a1d63380e1bf3f357cf109524ff718b1e13dcecf04597cc3a2448d497

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ee830085e80198fe9ed3294124901acb

SHA1
9836f7e2c237bdeb53b8e5ab795c01282ee27783

SHA256
ee5b0c26b44c8a51a1b66bfb75f160a8b252f0434abded21addbf1f1fb7b4ea4

SHA512
e46d63e58ec2b53ff01a767b6578e3ab0b08f6ef57242b50fea024eb0df2257c9b855174278d2929bfc6ffd7c6e9e94f1ed582b5e7d5dedec0b782f9e4810734

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
026be259634dbc4de05bec0799f6a2ff

SHA1
58ad79b1ffc106f7d42cc47560ac35b6a4413552

SHA256
6d3d28064fa237563f088d3b325c0ba203309c6bb82f7ca7bd45fb84c23f15ff

SHA512
945312a84bcadca87d82fe5b9e7e59c04c74b42b4ef04790ca329778475c23413eb44a46a01ec3abe66ae9afc793808371d9c4886be2ec5348df68b2d838670a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cb77d480373a2d123d7875146df86d37

SHA1
60120147e158b6f5ded6b80052b0680a72467787

SHA256
f6214b98648cfcbd12a826c9967e392e11cf874388793070c9a5b91f356c313e

SHA512
2b5a99b904c081037b5bd37e80d2c54e2bbbde97e302da3babe60ce6d91cc86b1d25ef39d5b25e164ef038d2d6068471746e037002bc4f26927859456cb37ae3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3016dbdf8c94577d8356900cc217f8dd

SHA1
40b1fffce1b89892265b5ee2aabd783cfefcde08

SHA256
94f4a88e9502e409e0657e78eb6df6f51bfd531329ab0528df72341b27a0e703

SHA512
c4337b300ff4d60656a4f89ac846105f784dc00388029b768140104df0e2056d520a9326b115bc83e7b00851f50cbb033cde26ce6dcae3434430cafc86d6c900

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
30b586b646f5a1065761dbbbadcbc99d

SHA1
483e59dcc40e737a26dbe32163c4dbcfa56150df

SHA256
f394b0868c7e74f2dae6ec3109829fcec31efe646c6a22a8399fa61e8d49bc13

SHA512
3568d380036d9ab47ea1999399b98f190789f60c79870c61ac4232331a82c8622ecfbaf1ed6a79d8be9c1d013c24d865f85a87f01a528f71d75bfdc7dedd963a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
977ce12c50b150b877195bbb195148af

SHA1
0946442c1c8457944facabf25917a5269ff7e507

SHA256
07978f58498606a407305e42c2f6b81a75ebf0a9dd3d203b9b7cef65f4363a50

SHA512
abb69a8f02279a1a67a700248c00da7c093e3bd559daff2d75a1fdf438380df4013bc7efb47fefc527d7ec331d8181acff26bdd1e95091e5dbb265e6e9895fdb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
6ad3f3f6c053a88ec8ac138555a80252

SHA1
a5b9a840736e4835eb5fba8ff9dd91702ca28255

SHA256
1f6a53546d0794c674c3a83d960aef4e0c107dab878f8f4df9b0c16cb6f409a3

SHA512
44c8ecbaef3252e933e2e59ce8bc1bc5eac02777f516390df5208fd47dcac63193a97f8b4c841e7280cbf9ca5bd594a851b0fb19ebe544c2f94c2dbab7cf5ef7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
bb94fb38b95f2f9fcb45e4fb615f2607

SHA1
78040a8bbe117911bad7a198e2e53594bc13f747

SHA256
412eb8118af62e4f656d1e8378ac2f9ce3ab8bc593e7365a6a881a156bce0eaa

SHA512
48b72188b1b0f8c8fecf6c5a7c74c0cf89dc64ba60af74b602fd8ff12da2c7d0e42b53f5e65fac516c4dc0bee954cd5a6783169563194ff4a7a85540130f881a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
bff302a14926b3f6ac53b1a89b132dd0

SHA1
7f2719912d7dd3456ff16a5ee53aad7319beb8d6

SHA256
a674deb749523c3540257c0915f1419e7da064488e04a37adc915d95bd5d0794

SHA512
b5e0a203f57a6437dfea454ddd59ac40ad83e66d5b4359c9cb3b31a0dd7d77e44b34c3d2f7f9416f00da5bc697403c2fc9b11b9ff8ef38119f2abff86b00efa8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
7322bf25f8fe2b1add95bc9f185559b6

SHA1
4464160ce97667fdcc4280d94ea6b04159ec6622

SHA256
ec19464622f982bd7ecfbc90d2db2baaa96700ff74a24f3c18fef9f83fae1f1c

SHA512
b097fae6290093a1b7d87634df92bf0632de26c917d025bce85cd1e669b68b295f573d91bd404afc1acb8dfab5934fb4faa850ebcbff0e0348f0ff03b2965819

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
b29cbfb418a37c2a1c2da20678edaa4c

SHA1
433288ebc5f4830d68c4411971526f8425339697

SHA256
cf9502a721c3a1d02da57cbea9f3fa75c21311c0a7ecec549993bc2f499b842e

SHA512
4f9993ac72d15cd52c6baad8a035ab963c82bfa468415e32784477e63178578be132cde7148e924c807a4dc1480386298fdbea2ecdc62fc02787d477470f537f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
b589300282b9dbe5b6fc6ba108aae616

SHA1
32086340c182830ef010c12adc6853e0ca5cd1b7

SHA256
3c8567de8c84c73acf1236c93d10b2aeaea1cca882dce366b0d437159e1eb768

SHA512
8191b8c6523f930edb7ad2e8b9d5c7a05598f3e641cfae1cb3238de068de9498d908be083cc92b334eeb5275b66bb0d8531f81aa54b8a639f83b7c986cefe2a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
8b1b9bd9127380f9bc8d4dfb0bb11bd6

SHA1
22e38f26d7993f6c3a32ba9eafc3c68df7d05b57

SHA256
bf40280428b422c4de249a50a7685dc1900d4ee931b020cba2ad69ebf81999b1

SHA512
e11e609dbb9f8d928d9fc75ed9bf4201fdc344d9f046dd0a1dfd7967666fb2b0d5261cfc72eb9d7c0bc9eabcf71bea55e61d1781db1859daf5bd1ac5933348e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
3d387b9725824fa5e11cbd54162967fd

SHA1
b29aa3f839063ae4693695936ce9e54566c4ffa5

SHA256
821bea61ce8bd7e1d0e438d40074ba0521e279bacd160ac63c648857d8a5342a

SHA512
19fa609769d4798766c0943b6ef4c175702be64e540ff7a0eac961d681bf84d8bbee32e7692e98e9f728b873611d03be43f533cf8e81a0c116786ded4fb595c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
c21e9b68a0aef7249e3752075e0d00e4

SHA1
244aac7168fc0d203b954f1f8e106ae00d73deb4

SHA256
77c3c267f7ca37404345d28c9d48d142d1b1a4ea8568caec0b95a603c9718947

SHA512
1b01dd3b36878ad74d4d8e52ddca09cf282be75c6244798de9726d5313f2e61bda257b7baba72fe4deef0bd06419f3667507455d0b601e31506ac6463ce9cf53

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
a15e52fd03f07a134190b0de45b15806

SHA1
3090057a2d9a3fe5a9689f614bb2a0a390cb714e

SHA256
44c3ccb7944102481e2c3f06f3142f26771021fcb52fcce48211188674a9e76b

SHA512
5888a0041e15666f5fa48249dfb28f29c275641e80481133c76c106ce4382d26dc38840b09986635ce589130cfcd66252a160bb6b20701626e471a02675981f9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
c6e87d2e8abbe787d77958a061821b7c

SHA1
48c37e75ce7a01dccd1ce8d1f249ce7d8bbb99cf

SHA256
e5df27cec76f4086c1db68210244792e6d6efadca427de43189f7a387d8512ea

SHA512
20a1a27182a20f0e9524e2bb8d7602107ae1a74bc64d340229e49450ebe183ec0c03e1ad17da8f3235ab080d91f30ee3479c3903e8af075e0ec3d1081bf051ef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
364e2df09eebfad701924613b73c59ea

SHA1
220c41efadd5d493e6ed086a7577cf92feee7c92

SHA256
dfe88e548b6d9dacde5e3b6130f8cacdc7a536f8d8db5dee9f785160ea4354d1

SHA512
844769c335faf646d259f2e79c9f77af8a113394c084ffc817b127bbe7a6892782a23ba5b030f1d1e221ce0168445fad87a78416b04871b7fb461b7e37bed6b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
1659df67b60d9f08cec6864ea19ac058

SHA1
34d45ee27d9a83a37db7597ed6f228036a59e5fb

SHA256
5ed3aef73cc904c133c7e675f66aabc6326bdc56337d8885a92931253d67b15f

SHA512
9a6a9310da65bb4bd7999ffccf314552e97379a9340c8c30440444704cb1af0c7974dc3a20dc4914ce21ae6686a1c0656567f71e262af5edd038b4d072241a14

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
4afcf66559589f3c5b176241edbd7e52

SHA1
0133cd26d5afa2f340bc048d616ae4ed68eb12d6

SHA256
dbd39740f4f0163682862297f30c37dfe97123de4d6a9295a76dfd97ad5b9bd6

SHA512
57738960b4ccad1d4a96013a714743bf2e13332e062bb6d81d5b0adbccb7ab7d167ec55f57e0f4d8426cc13c8b9b45c1d7c3d9816cc95597bd0bfc1aa2005b26

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
99c8902c9a04ac3f8ab5242c8824fd04

SHA1
ed315e103498f61238f500e7adf4698d1156c2ab

SHA256
d82fb1d51d4feff46026f73739d4602933eab4a1857cfb2281e2212b12b6fdd5

SHA512
59b43e45d7c81fd1f53974ef639708e49a07500bc8e06df60845387396ba89b4bc392816bddb35794d3b864e5b437741d48fde67993e076c0ebdf7da03f9b5bc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
5fa7e2a36e578b39d3770c1a7f5a473d

SHA1
dd9cb88c1d23d252b8763c405c4db478396057a1

SHA256
54b96365f54d1497781dfde50cd5b47e2cc71acda3e2fc1f005c20fd049a450e

SHA512
0b978fdf0aead6bb7fdf5d510abd332a0b261447bd1fda1ecee4f269bce6d94e6f2876b10c6ce2f75975029ca0cb7620a6f470deefbd7598c82b35473ad68bd1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
b69701afda53a427689167bc633c6dc2

SHA1
7ded7161b622e325ac172a0bdb97a40d20a70e24

SHA256
746861c5f92b6391d25b47a1339f414b8c8ec5c113f303d1ec2f8170350920f5

SHA512
4810f01a7509b1f1dd122533ff0fe6a6aaaec3058381a0bbbcdc09077cb0c41fce15546a8b0e25859826d67aa7a2c98f45affe55aa901be382767fa6dabfa933

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
9eebb42f10d8b520179317192e4f5fb4

SHA1
b07ef6ca18fbcbbd046234a2cc109f2e908ead06

SHA256
eb931bcfa1cc2c3a513f5b6964dd9a91af73f896df0ac8c05d1fac2e61b6a775

SHA512
8fd4c0af9bde88c6cae3ab9aaae85df3ee7152ee9a813ff66070af28a46845f11df1f39a2aee9e6ecd7d39fb2b289382a861f74f022ae05fdb499bb7c1af14f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
e55c9ea8498713b59240bff89d48b0ba

SHA1
5afc196f379183a0fd01f6d35a466e1ac316e7ec

SHA256
3afa00d72c7f98bc6cef0cc97b14d479c4882b1bc92dfee64fe743f11297e9e0

SHA512
90e0a8851e72e9393582ec10ef755f06d11a07bec53a66393744bc9cc29aa68721e04bfeffb2d8dd1fe07af0375b098096a6144932b9a2ed7eb79a38e0c4f20e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
1f3b48d36168534d76b0223be11764e9

SHA1
4330d347143ac3f081e84ddf070a24c5773e027a

SHA256
850d9fda480e68d07a3c15b94a95db9947c143b70dab2fb82106bf6601d852c8

SHA512
48e814847bb33bcc17c13f849c09abefc27f81ca7ae8805c992eafcbc84b7d0de636391ae410024c9068a55cde82a067a062a91166f5248458c39ecd46727cd3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
ba1b8741164b753ec258ffb234d7e961

SHA1
eed679f98eaa6811128aabacc74b5017ee52b9d5

SHA256
4019734d1394a27b69599fe0e630801a7d87786061ee75eba95594d8fd4219ba

SHA512
d0fcb8406c1a5c803f359b7711f799b34256263efcc2cbc43757018cd2bf71130929366587fd281a52a62cc8ab97ea16fe5a56cea662c63c95b0ee7a328c29b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
6f49bc71b6a16268bac0eda52bfdec08

SHA1
3bac48bbfae20b4bf2c74d5bcd503bf08e0e3ab5

SHA256
9bc9d8d0780443267fe20d55295c769538fccbc49e9b6ebc1874ac1131578134

SHA512
0953c68d1ba04bd12ad0bd91e019524e571db1f01ab87e6cda15095849228c5e174a87b6fb52416ac3829ef3adebb56a399ca53ff46068de2fc429b20aa6ca71

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
963983ee2466d84b052f127d1fa61467

SHA1
b68cfdcbffd2ab60e3fe64622fa1bae8daadf246

SHA256
bc3f9861416565c3d49c0421cd53a30282d4a44f0b480259ea2e4e6b021071a7

SHA512
f7191c9da59d5234f81c5bf35fb91faf753e6d6d9a483d71a44afbe31190e87c7eda8304124d06cca21104ab8afedfe067a252c5e5cd435297068bfce9d4f61b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
795fafdd0bc0a1afda61fab4a9d3378f

SHA1
cc8d57c0b780b74777db1fd5d99d92bcbc29c533

SHA256
994a49f11bbf8f6e2ffb47dbcec5f3ff22985d5228497a9fb8b36d982050a985

SHA512
c25a5b3a90213ff8992a4cef7ae93d2f59fae75ed580e187219c96bfcd8acc838d2ded44048e8d7b9a522f7108deadd0d172a660344c1bb7f10e43fda27de8a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
20a329d910a239ec4be9d95c4f73fe4e

SHA1
3fa30e8eea6665c308d3c55af30058af40e66c80

SHA256
c4599a25bb7aee5cfdb45d6e746c13f417ec348539ae7c6cab2320f2742bd4c4

SHA512
55639861b036c4cf119522c8430e71f79daa770740b49a29cb50ea8ac22d13991c49f6c41a6848bb3a34af9b1e1efd994b459018ba0d7471e0128c712a7b5fbb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
456436a6f4b7fe84fe9626226ea09673

SHA1
32dd3bc2ce7ceda9d28df17390a2bf70ea5f0ff6

SHA256
0f6880423498f85c11b78b0b56a94d8325175f5c3e6281ead5da326d0bda3251

SHA512
ee5ac287033d6031a23bfadbef3479e5f90b21053be5051cc692a9be499bbfd79b73f947e3a40c92ace29472bd04f23cb3878cd5a0fd91c1c7c82ed46d572a70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
39dce5156b2f818a65a703e0916d89ad

SHA1
d2a34dc6eb89c438fe7eec5519d3cf1cc7fa1004

SHA256
c7135384e4e8dcc4964cdac2094e248e0ba7a958c3543d934e10bb6311abf83f

SHA512
13f31d18f6d1b64d19d1e43b83cde2750db18e87ed664892ff4e24b914cf9c3cd0b4ba4410ebb5bd31d9f3eb6f1d2647b8d3facb22ded18dc264eb68c4d18e29

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
bdfd3b1bb8c4d75b04559a136a256aa7

SHA1
47a98ee0ef66eec56b96ec240826121d711876f4

SHA256
e83319a7caa84eee13323951b39ff61e45f21c58649146734911c84e8381efdf

SHA512
3b5a3077a3319db55f3ab2326df57b4d8e7f0791fdec0ea4de3d73c85622da5db1743c8d5c3f65351982dc1dfd38ce42fa081dcc0f6b8212d57d1fd1e5e86775

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
40ebcfbb664cec304c08e96784930a5a

SHA1
d47885a4cb02b4e68f609ccabf76aedad53cf4f8

SHA256
51465525238bb31d46c81ada25465d8ea2f5cea28d4f994c95fe1ba1757d8872

SHA512
6497f37809fe2682818261747e09f628af7c6f70fb3523ee617aabc5a3792f843570cff1bc31d4f805445e6990eae81e4f101e810501cb7db3c05381089ba51d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
75c54eda7ccde11c55418652ebdb7283

SHA1
db132bce09c90660549409fc53d9dc15c429b6aa

SHA256
23892fa0431d4008d52549ce28a80db434933f65c3ec9fb1aaffeba4089fb650

SHA512
24dcec3ebec7f399a4c3fa95ef3bd6a96a57e6fd2626347a1af22b75e8d23eb000b955238993cc168e63cfcf21cf513cb334992967aa625028588d36893df054

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ba30cd9a7c51da18008b803f476c5e46

SHA1
a42ce634a51d9365d372d92b9d4940d6ce4db951

SHA256
e58448c029f8d5e33c4193c6113de4651ebe5a82527dc72ed40fc756b2fceac1

SHA512
b1c7eaacb307256637b3f6737c9fa7659c42d85b757aa9c8629b0e42f31208f288467c740c64e632b0c60145a4e8e111e65660ddf9e53f64a3598ce79b86d861

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
cb4e31969c420a4a391462355f1b7814

SHA1
4541445beb72791480b59d1d712ce72c136b2b11

SHA256
97ab2617d80f85c6ca4b59aa0e0205a9323bb6f3002f37532db6fc22c2ac24ab

SHA512
84caae4e5fdd88420746c446c53cf820727a565eac35322b142477d3356932831fd89ca0844f90e8a7294218a56dbb5dbbacabf63ec6bedc8c508559f7b9f4cd

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
86d0bfe7b098fd00f2c563c261faf704

SHA1
004fecb6deca22e4cf27abf08b069a60ab8441de

SHA256
6df1878aac9cfcb3529f2632f30afe22bbe519c758072016d04d999deb4907de

SHA512
c611199e05134bd618c2911b8ce785da4d4b7c531508bb9e4d27b3ed3c965731725ddd3030964b9bcd211e1ac318d210aeed12311055fc8c0c7fe19e2a9dd4a8

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
643931979ad069b31b931a42bf307fc2

SHA1
8bbd66a9650037a2f3a74ac5ae0c3ecf0032fb9d

SHA256
a2d356778a9b7e34e591991d5e893266fdf27c1ed8a50063447540d8fa8218a3

SHA512
c349e7bacf4c055b7e883f37ba610d2bca57bdb8c946e1dda6dc55e1e9bdeb8c5bfc2cf69f0d55037fc8cbac4d79e40442e3a4f2fc5ad2c3e363f0c29fae6641

Download Submit
memory/960-10786-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-10907-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-9782-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-5154-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-5143-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-11186-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-11191-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-11192-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download