xorist | d1caaaef83891f6d7b60a0acff4cea5fab6632942efef71dd8d53df07ec67211

Analysis

max time kernel
94s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Size

7KB
MD5

0e23d1a8ca65a4067e50718305cd8956
SHA1

3d85d49bc151777e6553953dadd798fea00a8d15
SHA256

d1caaaef83891f6d7b60a0acff4cea5fab6632942efef71dd8d53df07ec67211
SHA512

83ff6076fe686313f5872371f3ca719d8fca460fca4f83e42c458b6644ae605bf7e36c0e7a9d9d473bcb86cda05c6c4953a493d79e0a5e9612e55e43389b9eba
SSDEEP

192:Szdrr1FG1WDCgmjPZUy9mNIFM5wQGyMUA:Sprr1gkDCgSMIFMVXMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1296-5729-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-5772-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-10498-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-10846-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-11175-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-11176-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1296-11181-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_51d6c57c66e3de87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wceusbs.inf_amd64_1ba398d9da634d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_096c9e42fe4749d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1296-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-5729-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-5772-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-10498-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-10846-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-11175-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-11176-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1296-11181-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallLogo.scale-200_contrast-black.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-400.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-400.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-200_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-60_altform-unplated_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100_contrast-high.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\SmallTile.scale-125.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\192.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_altform-unplated_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\A64CD22E-7976-4E35-AF61-1C7DBC1F5743\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-200.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_messages.targetsize-48.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\EQ_ThumbShadow.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-200.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MicrosoftLogo.scale-200.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\8.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Large.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64_altform-unplated_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-black_scale-100.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-16.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\WideTile.scale-100.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-400.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-40.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30_altform-unplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pl-PL\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSplashScreen.scale-200.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-20_altform-unplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_10.0.19041.1023_none_f18aa36117af2f20\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_035501f3cf6d5342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.scale-100.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_c_volume.inf_31bf3856ad364e35_10.0.19041.1_none_bc12026591f04185\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapteap.resources_31bf3856ad364e35_10.0.19041.1_it-it_111d42bb0f98c75b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_de-de_94e83dbea1c3baa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.844_none_7eaa07ee55c22dcc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6847647c1f07e9dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_10.0.19041.1_es-es_f6289d4b629d148e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.powershel..anagement.resources_31bf3856ad364e35_10.0.19041.1_es-es_bb2d791786e0c4bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\console\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-simauth.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_79a17180416c4ff3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows.networking.vpn.csp_31bf3856ad364e35_10.0.19041.1_none_1d97fe527b5c8759\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvid.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_c4f5737a64044253\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_10.0.19041.1_none_b4b42e54f4792ff8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\500-16.htm	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..brokerapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a34bde99d56d7a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..card-gids-simulator_31bf3856ad364e35_10.0.19041.746_none_bb628005cb509e9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.264_none_5fa2234faf4e2bf2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ucsi-classextension_31bf3856ad364e35_10.0.19041.488_none_79eaf732e32e4cb0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netsstpa.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_0818ccc7e8d23c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvms_pp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2fc6c0c4a35a07ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a9bcd14039d031f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.identitymodel.resources_b77a5c561934e089_10.0.19041.1_it-it_7a665ee73508c4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-packager_31bf3856ad364e35_10.0.19041.1023_none_6d3c6f63ba434c1b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appdefaults.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_917bd934c7501ead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ime-korean-commonapi_31bf3856ad364e35_10.0.19041.844_none_c1e359d0de629ec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotcli-dll_31bf3856ad364e35_10.0.19041.423_none_a674d42538bb790e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..soundservice-client_31bf3856ad364e35_10.0.19041.1_none_67b80eac1744327f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell-family-cache_31bf3856ad364e35_10.0.19041.1_none_cfb7afe27be05a0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wof-tasks_31bf3856ad364e35_10.0.19041.1_none_78c8a06e7d6ac1ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.targetsize-256_altform-unplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.264_none_839983ebef167c68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_103d7413f2fe0492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataclen_31bf3856ad364e35_10.0.19041.1_none_ac9742f532d34069\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-netapi32_31bf3856ad364e35_10.0.19041.1_none_4d79d2e8d54e26a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-gaming-ui-gamebar-component_31bf3856ad364e35_10.0.19041.746_none_be75e3e54abda527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-125.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_10.0.19041.1_it-it_8d463f1f468dfb25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d8247c5a86830a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux.resources_31bf3856ad364e35_10.0.19041.1_it-it_eca97e9509560b36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.1_it-it_7fb69a2b8ecced97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_chartselection_clear_disabled.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-clipboard_31bf3856ad364e35_10.0.19041.746_none_9e7325ee31555ff3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1202_none_882b1b66b4e3c0cb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\startfresh.html	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fmapi_31bf3856ad364e35_10.0.19041.1_none_08fd237cd396b20c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a22d4db313525670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..yoptimization-winrt_31bf3856ad364e35_10.0.19041.1266_none_5e8c1f919ddea79c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_0af5511b58bf6105\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_10.0.19041.1237_none_05304b2962702833\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmdynmem_31bf3856ad364e35_10.0.19041.928_none_db33c4a06461cee2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-96_altform-unplated.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-125_contrast-white.png	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..mhardware.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_432f9b588838cf35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_10.0.19041.1_en-us_76bf1a170487a6bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.0.19041.746_none_9b8763c951d0e8f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iorate.resources_31bf3856ad364e35_10.0.19041.1_de-de_fb069b292b24ec1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ncredentialprovider_31bf3856ad364e35_10.0.19041.1202_none_dfbb9429d8183336\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-lsa-mof_31bf3856ad364e35_10.0.19041.1_none_bb14f18b7505a177\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\DefaultIcon	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DSRHMQACJKQPLWP"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\ = "CRYPTED!"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2I44i200Tf2UUn.exe,0"	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DSRHMQACJKQPLWP\shell\open\command	0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e23d1a8ca65a4067e50718305cd8956_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
300cd123b1d0182ca6ea69bbb131daae

SHA1
add67fb56e350a5f4bc8ae3dad466aba05d54e57

SHA256
cadac70ef22905ebc6f13628e0aee5ebd2bac77cf10b10fa760ab1716549bd39

SHA512
0a47ced2ecbf2b569d62b756db1fcf7a9c9d085ed5117967d32f41f08a422f4b025c95d2a669b6cbd4b3a7e96116e004ae3a6a7955f677fef947f44579247c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
59ebbcf68131259350e7ca1039630e46

SHA1
c1cdb0e525a72161f082bf09902fe6804d0a878e

SHA256
36c8f4db416cf53d029e4f19d970451f50f3eff36cb4a4b4c35829f5277d4975

SHA512
2f529bac2cdf2d536acbeda04533c2ea1dc4fd997823af07e90a2a7b9c7146c7111cfa31c4c3ca6e95725587a2aaff224a5c93e04d4c6fdd17008ec866131b68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
55cae18e4fcb12bb2470db55140c9408

SHA1
6e056282cc0f0b3134d3043c5110e659925ce3fb

SHA256
5ebbf80ae72d05e4c6acf3ca0d0880b208381da544b99fd012c0badc08b1fa06

SHA512
d0f30130a428b9d548bbe574a0fa2c85240d3614d93a8938a5a0863f118eff8bd8f0704f1d10aa27dd69e3b307ec3523dd7b45cc5ca18a187dafbaec7486b435

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
eb218df947b3f262ee662735c52a9f3e

SHA1
a71f789358af6867a70db785974c4ec6c3d175cf

SHA256
a441c5665b299ca776c02e2144ab8f2db5f4730f0b16677622a6af7f52fcc64d

SHA512
a7f991a89cfa29024d6947b8c3369530c23188d396ece585d10bb6d9aba0db83b9e964fe6fba7f014786807923955ab223311e082b69c350185a8dfcbab2c8ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
79bc54958d2b3a0346f8ce69972f4f19

SHA1
77039cd997a905d004afa0b08dc42dee723d25cb

SHA256
9bcb13ab493efa8159816d3c10231bfaec490b8bda209881e5021d699579634d

SHA512
103599e57831c0044c805d85fba45d0eef78b97a55c0845955875a27c7ca36e6bf288b0b8bcdeb50452eadf5107e1724cc9f638c4e79ed00c99f0414b9419dfd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
2008cb2c0ef7d8ce3f00dc60e1ae63ce

SHA1
85897e7fb79d49b8682859d1641302739adb20b8

SHA256
82b0e412ddb9d1fd0cf21051d388098ee303cfd93c9fab9c5a8746b5aaa236c6

SHA512
0f05220af9efa353ed1726cbc7cb119d4bb9ad9ff39135b0369166b271389a4d155b8f81ef8818f39c5e85ff71ca6db2566e6e909f32d3b348141cfc1817d3ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
becc166735fb3d4d5295a599660407e9

SHA1
44e270e733de6948fb0d0b562aca01707bc41ec1

SHA256
1dbfba543d5dd13b8d871741634d813d25b6bc9fc90426a60a59987340ab06c8

SHA512
b6f2c9ad3a978b4205112804f22db7922f36befdac175ada7c97d86268ad981115c29e0996a108104f7b646ccd2e8f17f99f027a2f7ca10217cf967beb239560

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
cbdbfd33836a6b06162e70414bcca25d

SHA1
ad93c2a3534f3c014426970159f5079824dd9f55

SHA256
492d9c98499bff6dcff809847babc804dde3833d40dc3b8e1fba1147b04403b0

SHA512
94cb2be8aed826db559fb48a53e256b83f0bc4f1860b288c8ec3cde82da1ee75a223ee823fd13a33caf707b51b9e5268f67dc517c55589d05c262b17a6ba19d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f693118cb3638431ef4de4fea2dcf6e4

SHA1
9440fbdeecb8b259fe755600057ba9f8957d2c14

SHA256
e6a8160ffa20f8dab5124374b3751f9eb093bc4d1d71edf207ba90e557f0a471

SHA512
5b5c4f6e53eea8611634c7c15a6e5f3b7ed5181063aceba9f9d972c7394c913bea0cd09bd79426473271f329fb6dbf426af802070a5c12cb1236cf6b55ff48ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
e9c79f65598d3c02598b97789ca2ecf0

SHA1
c381ca8b3de325b45804178a3fc9e9a0719f6c71

SHA256
d9eb56d0ece298e090367df16f1e6f21d826745ae436cbf5323e949a73ac0ac1

SHA512
48a87d82d0ce707e88e0f79aacb1041b2d3c25bc316b1811cefa8f1d22acde4092edc15f04518333e49bb2806e471f303d43743bc82f725dd5f5dc62d67762a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
5623468c3e7ff5e7fc75c2c3d8cff3d2

SHA1
c908ef4fca67d28ff0017e3c59c958e38a6728d2

SHA256
78c11b5da413d7794c8ce818c11b694f9ddde195113ccf8129f537a17fbcfdac

SHA512
33f551e9f5f8c1176506a98dc7b973b2ba01db20969cfe0aaf9a74145682d69d0060486e1d51bebf3729be0979c0ea0fb00a6c61a1a4e1f8c287c541265ca46d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
a6c27842a289bda3e5dc152d9b988a50

SHA1
d5a02fa6f569bd44e9c820219e781edd77670396

SHA256
ef4fb03fceae1b00d65b959977de3354a949b7ca7970a49d29157579191500fe

SHA512
c8643c29bb84f217353e92e3be7c7db6e60ec7ef0365ad8532cbde5f8f0a40aba76dcc95d9c02e7f84f36bf82879c7ca5c5906ac0214dbf93d081eb38656c9f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
84e1a96002109a113de57b761fb70d8d

SHA1
a9bcbf0a2843cb06874e14c156af1324f1ef05c6

SHA256
493e1083131b6b4890906b05ef18369b12034bbf97eb837944ed502bee489d6d

SHA512
202c92b12768bdd1052e1ef83ef589b5168eae26e91012979b9c023e42d07971105728528dd44f8a487156b080a1b4b2f93044e1d08102d4c333cbd6aa9eebba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
442e8553bd1d08b577897042e1ff848c

SHA1
1839bf187195f56ebdf67e803517f50bf5aabe79

SHA256
8340669d2df5855a1f58fa94d8620cffc6e18da400b27884f7b388f5fe48fea9

SHA512
2dd5fa66412a9d791c36865615d0a5fec5e6ff722c8bcd7da5915bba229e3bcd18cee6daa61baa2a60c85deb85dd4b30edb7a511c70e271ced7f90784df04831

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
c789d8e79770d15675b6c7531d79dd11

SHA1
1377265ebb5bb05804dc10f6a3b0aa9d122d8d08

SHA256
cf9c4afb0766bc2073ef30e1e5fba17ddd833a556b4595d0577419ce9cd8fdae

SHA512
4d9941808391e045ba2802c03d0589a406f239bfca61376805a288831ac471800331511a64e5dfe6b973d0cef22822010f337285d2b3897e4b1502f8d848bc8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
bc19071a7845cb6c0ba5cb08027764b2

SHA1
ad94fd22931757641862abb73869be7bde2d72f7

SHA256
9c110bb7d55aed71a9ae3ddab2f80eb05a5c67a48d72c0502a99a7488e5d3dda

SHA512
8fed37ed85d2298263aefa8420164731a774834acf31db1a128e0b8d201b1eaaafed91da7277884960de32d7dab035fffc10036daa1438ad2a98d794bea5c2fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
157e4258c1db690adb045535622bbda5

SHA1
538231c13dc37d37f7d1da5957e7ad1c9839883d

SHA256
3ed0403340eb999f8cf5c95fae9ecc885da0122059bf9ce407c833bce2276826

SHA512
dbe2cc0b173fe157236c1c6085661b25e2d7144de080173ba4073de579aa137d53c481c09ef8031760374a866beb5fcbdda28c486fc7bfe04a86a2fedb10f484

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
239fa43f93f178b21a19b66b3474f035

SHA1
219a7cfacaf79119a9d44fccd82384b1e699406d

SHA256
0f8c6734a08af428748e0799eaa155c3988eb4e8380d4d71fb8f36c1913b43dc

SHA512
23cec064c49be47e8c14e9a0d1ee6303edc8ea8f37a463c510b5bed9aea49f16385b7d2ca9b78fb9abbb91cc1164d90acb176dc20286771ce57075669794f3bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
9ef76087e7fa909d41a3fc1a937a70a4

SHA1
934923f8de3012168290bad871d7dacb1f14e426

SHA256
33bb3ac23e5eb86a9c4bbe0c02c2b8a65df029fbc19a4a5b1818e58ebc93e8b0

SHA512
146677b3681ac26a11ed91e30d028f8962239faa154f28118c3ce0568e57909f2c8848d34aedffc7d759ad3772fb69929663f3d2555b4eca0d29fbcae0d286ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8d5b39e8df9621d873a7011162fd902f

SHA1
ab540b3150ca5e79d4a5f4ef3bd24e5d419573f4

SHA256
96eecd865d4f5757efd9ee302a005c76c709676279feb79d10e27ac02e1b7816

SHA512
40a1c6d3a30051a1e11845b74f23203a03c081fdc059dd0cf0d6035b33a58d6c5f40a4488a2ed2f6b3f18e84dfe26bf4401a32fb0461d92564d93354a706657a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
e9e701ae984c2f26b57d1b98c84cf4b3

SHA1
98dd0e26170a619f4987cc2d7573bdf1a8c78eac

SHA256
c51f371b2dcb58e51f38473076045a74b45f197d56b29c5bbde57f1f55a97b26

SHA512
30b17857f4ea9f8a7e68258540a4629dbe5bd71404102543a585e780cc39a20261848c9b1c907d6a5fe0634f25e758458e4d104d560e95650b4f37f4d46681df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
8ff000c6f445e5afaa1f00486cfa7fbe

SHA1
d49a2c4ffc2f2dd3527e77d5917e43b6f4940442

SHA256
5574f4d36ac4ee869491f6901af9faa667dec92f23f0fb65a8c78ae06aa7384d

SHA512
801fdd598ed5f0d5e7a0570281318c59820d1c69021d229433bd525eff1313f2339e11a1d64a536d2ee85e70650e53708149a9dc253cb3ca00af1917b98e723d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
e3b14f0d76fd5b4036ff6e828a858d53

SHA1
2ec745ff6a27cc11809bfeed62dc6a8fb71b37b7

SHA256
11a552584f22d067b331a9de6e6500b18492e8769e69cd3a460f9232e338fa97

SHA512
c212ee4c20c5799f1f06bfb5242fad2ceeb2add1f5e1a8ec29b565d0a438a2c125314faf1e88b72af4dd32f1f8eb20d5153cc27db15e0a64365a9c80e89d203e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
19435ba13446720256bc461f3435c49f

SHA1
81431186b39064862bcf6c5b156d584776d28109

SHA256
7b2c9f35ae4e3c861b264ec017aa5e6a2b93f0eb9626c50012bd443f5f93f05a

SHA512
c0aea0d74ca701bfe8ca6b674de2ce7806b03684a3912c8855eda908c52c0163aec3444cefe0ea741ca157ada919cf207d4913c319e5b2a13e349e61d65aedeb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
9c56fac02479972d113cde34a1714e7e

SHA1
29faf962a6c8294348035db6b78f4af44680d4f8

SHA256
f85318fe51088e5f4dc375184315a1cbb71cc48bdc237566c6cda0e3cbdc9ffb

SHA512
6398107786362ee14283e7d64e059977b07e450047a4fb0d83d58206219d402f5f2e048a6f49dc628b3da342303ea86cb372160b5f13ce5e1aea0b9d70018cc4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
094be9d94b89bc282604405fb678beab

SHA1
79fc7527c6d8f6161689fdb5c9efab359cb0f742

SHA256
fd3e861eef981a075ef6859ee66ecc46759606b6aed69fc3f7812e58e15f5f87

SHA512
f046c2193e3ebd252d5d233d2984b83e5f59d1a761f075c387501b80bf84fa1ad8a0a2950f8e22da53254d5ed61df8c227a4eae964741e86143550b929031f2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
9921877ed88c2583b4c4b9a87f3a97c6

SHA1
30bc13647f2504cd7e9caccd005060cdb2fd809d

SHA256
cb354bb2068432bc5af334563c964b65c898a98c26172b3747cd9ab5fa454874

SHA512
0a6c574dc2d0eea50e1dc2f6ffccf1f1a560951088d0e8b5527323447e334b9e07016e315ab9ce59ff88a6aed6af3acce194a380672f054a37cbcfe9633dca5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
28da3b7a5c5b4c36f73efac7f54ce6d2

SHA1
8b3b8a5df34f8d8c6c4030ccd11d03f6fb04ce05

SHA256
dde0a31ce067688086ea27a0ab3be2147f7c6efce2c5cbc22bd7bf42ee07909b

SHA512
28be95a95c6ad34676b1fdb6de806e4144b56aa488192859a095bf17aacf34aec09586b99bb3853cd0d15b04f5a2cacebd999965674a4e8fb405cedab7cb3910

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
3edef343ab2544a633391cde279c2d28

SHA1
648f7df6fade0dc5c8a43606dfa7aa5f8ea85324

SHA256
369e8810b52818d2eaec25ddfd38517e623326fd4c36de684f9070ac28c07f71

SHA512
c7d9f652e2a46252c579617e7f0bcccf4ad92fb02ea455c5152b8c191da7b26e0e1998f823221f859a2d1d392bebcd8e126d3d7825a9491517160652cd7f5958

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
471a352bcb1f790ab8a0e24b7738aaf0

SHA1
e9dab94164efd9c31c525f1b043e5317f81cd849

SHA256
10e6f660b85926352fd04087bc48d8ddb12e81acae6cce3241b0533cb9ef33b7

SHA512
c46b984691a685ed93ea24b94213c1f130ce0462055a64da26ed270519f6efe8dc2e2b09e09c709ecfb578d7e02a623f1028c41dbce8e7051c190f626610ec69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
709ca4b8e1c4628c47664986751a7678

SHA1
743e74959566e0d8ae36a6a67b9b8f0a2129d632

SHA256
d2a9876cc0abaa46acb4073ca018b26a5fd3448ecf0142775b82d91b85c730b4

SHA512
0143e5b2d13050d61206fb7dde7ac86b0b4491d8639ae96cad6f22d7f6dafe44ba9eb14c7f9c47f7af3de80c28cec0fcc6346e4a54cb851491890f85026dafb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
ba066f7ea1a716beb67fab9900cb8eee

SHA1
7488a192ae6a2e1277af3c950405c01ebb350905

SHA256
ae2d69951cebe6d34c5f61d7815c934beda3e2b5064ef1b390bbc4ba9f774d3a

SHA512
6f3efc98191dfe95d56f2aa5f58902d9b3a2386138d336cab655be27b66cb037ff2dcff3f910d6a65d09a521977bb53ceff39e1cdfee7878195ed2be1ad0d5de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
bd9d37fd8da2a84cee94915684a1ff46

SHA1
5f72f3220c06a31001bb0afdfb457a389eb84eaf

SHA256
f200cf90656a4a86085948d653b5b6e6b3b1ec2e30b7e3af50ab20eeca95ffe7

SHA512
35616673e3478e21699f28a65ab08743831c5f1c1443a0a953b6f72ba06aee3f386ee4ccf0076cb7e6fe0dd9d6eeaa133de850c8b87e36fd8b80ebf7ea37c7f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
7d4522b601efc74c56ca4b3c37654cea

SHA1
f2cd7858fa222bd729f214dc981bcfb733e6875e

SHA256
26516c6d05a18d61142c06fc840d99a3755f06ae575979cb9fc7a576a98bd207

SHA512
377724d64ae4dbe754b41422cbd5c244898ff5f2e7a6bfc59c598d0ed4162aa54fdd426f1f6cbe035d914f25c8286b2148a35f5f14d85cb0bcbb57ab041f7052

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8560fae12e5943d08e4e4070c29cc787

SHA1
760a6b0278b5fd7105c4a2e0b970d060e2e72819

SHA256
5c198f00dfd2aeaa0c0ac6c45d2f0076e67617b2c534b400e293d0d3d994ba9e

SHA512
da12aec5aa24d8504cdc2e5d4ef98e5966531fc91354aed8870a085d8e546d1683d794febea775d88093e510e03646b76ccf57e2e60a4be1c4888dca1422eb45

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
342098ef4ded06fd4dc866c0d07140a7

SHA1
59ac71b5c1baf22207a399a3c00b8bae0c3b7328

SHA256
fcd79a06f378b85abbfad792e6297236ba811b4b369e2449216a89155c0c6f51

SHA512
9cd1f1b9fbc697d7d3edccb112e9dc73695eabef4200357f3403315774b9948694fdd0dba3ac6c673f9126f78ccb812dbc154448a6f5535015da484f1108910f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
8bd4652f14ec1648cda86284c9d4b6b0

SHA1
e6d64f28335131fa6d362f47048cb855ce11952e

SHA256
ed15584d4728a94470f39c7ace195f2f2d2c6de76c783db16247f5bbeedeae1c

SHA512
042b82c94c47f0ac8405a6a975abb359a4d33f9183e6296967fd90da04de6ccba5f094d8d50f98f5c55fbbfb9379bc49c98513ad03ed32b48b973b21c71dbfc0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
51a2f0739d93d2974f8beb0899cec9b6

SHA1
511c19b7334a7a6138abf079f9d31f61750fba85

SHA256
01d957771bbf585574b912a32ba0a691cef085a2d42afa17ffc406f62c80de2a

SHA512
ec4b337550467ad206da135363a6c4ce609b4f4918b5b5b75b0fda58896ab87ef0c038790248ec392b804e7cbb8229dcbe0a454da59c6095bf16374c7f460b60

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
294B

MD5
42f460dcb4ef90dc584477c676ec027e

SHA1
e6c32a7b97966c18a9fe0061f314bc3b80afc33b

SHA256
081ec37b52c13e9ac56cef23011a65ce2846f644ef5bfa723f79be61ce97a52b

SHA512
36c53dc3168516abc179748d579e62c64c54e1d5014cb8fcc327e7662227d57495ff4e50f5c81f2b4926ba2acd752674d2f3a99ca4f5690c2eb0ae50b6186d68

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
864d4bdc98b5ad7948d84cfa058d075b

SHA1
e8dfe2f6fc443ff03181dd691e928bb533877f10

SHA256
f74f8d9c2ac128c1b26fd527a1afcaa1857a837bfcff3030ba3c8029562401db

SHA512
9af3c7585072defd0489d4fe1b7376a1430febf8c0a059decae8353f167c9f1aa91aef1e3fc401c9019cb6552dcc77417b34e823c956ffa05da6086c4cd75f7f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
e273c95c00e81c7f68d3e369a604588e

SHA1
5cd6a4ddd6c064b6171ae3771b26e7a022193551

SHA256
8d8ce8edea6bafa3864fc451b801e72d8f87fac58c643765d8774aade8141504

SHA512
debbffdab7d27825fda0790c3b4979b70a2d3f1a438ff87df4e1e8dfef263f7bf9ed9fa2d28973d1592aae104b678980155a176a959139c4985a96c0e7554e70

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
e333116a3e08947171edfaff1d1a2074

SHA1
5f04541d934a7e9d1d264e0b87794afa2b26f950

SHA256
fdd4214acaf0fbd18ee04fe26d0ae4845fb921db5d45609358c270e4ac206b27

SHA512
4af8ef661b582e108758f6923ed68138361cadf2fa917825e65978166618c99f7f19e9152cd92dab1ab27eb96fdb198bad8417dcb50be2cbdabdf5cfb5edbdf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
b0512732593010b29e762073262f18ba

SHA1
4011e05e234e6a3920b4a0493ad6bffa410288b1

SHA256
601d2364c06ba9c6b84bdb31c3819c9db62e06e0d3f44d72326ce04dd78f71cd

SHA512
bafe6cca6cd7f3c4a1f17c30b3042759b00402c73db48b19a80a6b0f0b58805dfc364a0d9c98bd453ae4403d74d53e7008320216782fb6d19294d4e3b32f5bf7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
42d0442c2df37c3104eea2e0d17a81d6

SHA1
1e2c4de745a2d4103baf50d12680052db03de83d

SHA256
75af14576e49adf7d062e4b98234a3df86e859ed14e03922c7c592a1e5ed4de3

SHA512
486674ecbc4848c1fbe59e48cfdc02ca0eb060abcef9fe76550455bb3e1926054ab9a160dce3b79f80a5a7d74111b8e8d81121ca5e0ea97fe78de99e3f956323

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
134b23fe95aeb8f223489dff2b344785

SHA1
6f9fa3f9f7507dd75c7cc8d2330897015497bf91

SHA256
1891952b30f7a8fc7023b0b067eba16e159c897790897de1dabd5271d339f68f

SHA512
034474c4137ad32bb76740e1a77b7f354bd87455a3e5d836025d677243a45fe945a0d18c6672e100f8934e729cdf45cf54b99573d7c34fdece932c4a6ab00063

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
28ff0c4c32dbf05957a0d670f1adb7c3

SHA1
2dd367efe657877cdfccf00c2058f11e7e7dfbfe

SHA256
06d54221616fd70a2b5d1e2aa863a3c69287653bd3e831b1f2d88e886591fb4a

SHA512
454354c1bf0baf1c8f2b3d0230f082df84fd68366fe512acbfd2bd5f6b535abfb29b536acc113b2465723c3fdd188c142e58b661f5ee982328abca80e85553bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
291682e8a5018dea1b6ea8e160e5ebc4

SHA1
fef44c4f53ae2d715d5cef869a4e367230bd0cae

SHA256
bdf1d18559cdd917193d4201e5fa50af3801a3d0318e1c7d088e19943823dbd0

SHA512
a1578a133c336c61153e05ab9444355b1dd74ddcc5de916723d382b89de68e0e5ac1a23dbd1a48bec809761be6b05c4146d552c364c8a2a40818eb659b8ddb80

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f9bea8979279b4634dc2accdf2c08502

SHA1
79c376227238909a815f2f0b2ecaf5a136ec0d44

SHA256
7090723473f6f003467acdaa89f8e2d78bbb487447ed52f07af723a6639c4221

SHA512
5713b53966105f654b593a463539e20930c129f98d80b72ac0026b94f1ffc27960048c55357a713849076db90a370a3f1148cf0d3ab626c1762fb6ca6138a521

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
ebe6c0c950e907bf7545d462bea8d776

SHA1
abf29bbc1c4d8747b34f67c386e6e9c3130f388f

SHA256
d9dfa96a9855bce530d1e45a3377e98b7e90039f24eeb6dab2801c0e7d8af355

SHA512
2dd9d325640de576a61ff507713ece84b14d73be6874a3cf3961cc939673e2f844b123522701528bd16acef87058414f1988d33b8c9efb19bd11e5421a0fb2d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
7120372e85d085c32f22512e351a24c1

SHA1
9c85248a656bb8610bd0643878175f6063c0b764

SHA256
df3901fef07641d9a32d502e1d59cd6b00ba7e75c511b49e94f3d64963545a62

SHA512
234d80d919bd55d00d3bd7ba5d35a32098e052cbc86d0ae90e35528c2aa50ac397a5c262f5b144a07957e96f282e713ad8ab456958515b4a3a1c6293fcd78e1b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
cb564a8ea5185c7188f216cb72ccb6d6

SHA1
ac67ca89ce41a5e80e27ac73a09ae68d195c7414

SHA256
7d86eb02f07e4a97ef6617895fd7f95882fb70b5e0d809be1d8de788784bf9c8

SHA512
3ce623376aa8a8bac44387b88d31bd966aaf6bcab33da88ead88c6fbc663f642b7b1d8d2d67240bce2c854c39b49b14e07feb993f8346bfbb7408e0d27fab8d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
060cbcc6634601643cfa277695e6a5eb

SHA1
51762958d2c2319cf2b0232342bf995ed3a3b3a7

SHA256
4534ccf54b9bb6f43bcd83b67d7e97f78d3cc9debf55bfcb3e2ac7a9a0ae06ad

SHA512
5bfcbca049b386a5fa1b0c19345098324508c98ffc6d500b993a542668fd61450bf4213567608b28c78d5a256f12a117f94c51e5106f36b4f049487e308e1b91

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
e79ff3152240d0ecc680897ea969880e

SHA1
88e758733047bf2091217077c3b7720c11522b46

SHA256
b6512504f80c8bfa2f955a19171ea874599a9d6d33b86ffe6c02fd5e4ba5caa8

SHA512
fc75cdac09f47692bb83731a6c83c83a20f493b0dc05684d8179e39866476353ede6b1cebe80fc5968e69eb3f41a55e41824b01473e8fd3693b631755485d3de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
6aec1d0964af477b8b0e79d334c69d31

SHA1
1aa023bff14bd2b7c247f4115cb33bd6e0aa11ac

SHA256
171e75fd567beb8f09261a85b2ce06a6ce885a43ed0cbbf3745b6e3180c8d5c2

SHA512
cfdf2cbb2bee4d235978923bd88c402edf3222f2fb682cb5b60773aa5571b7c5a8866ef31093af11513e930e86782db5fb0b26f69849344e94a3d226326cbf44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
93e08294743e48d8ecd0e3489251cd79

SHA1
3084e7653f7a23f9cc31e6db59b30074f4dae47b

SHA256
b65f84645d1aedd1682e2be00d0485892624b15ab33b6a5318e37fb6b75d9e76

SHA512
0a1423ba0abfff428cefccee184d840d40debcb9d72ac1d0c77cf02dc2882da185245758094cab546f3b648fff2847904b3ac337834d6df5b268ac82a0240f16

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
04be7574f5753164f976af9d4366a7ea

SHA1
04392820cde49abf3e1b2a632412ee9849a5ad8e

SHA256
e9663b88b1fffefca328df1c09bb8fa9c2a6f5520b58dca6ee921f43377d6d5f

SHA512
5527e3d84d8ae19f79628fc45a48e9df32b5b54a250f233cea96943afa32afcd73fd61a23a3c8a8b9bf95ab024a9a3ebe27037083e46d00efb723ccfa3a13c6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
be5165a2133bcb9e234be4e52b1695db

SHA1
4bad7e72beb606bdbc057eb8716c79544bdeb392

SHA256
80e891edaf0fd879a81f512eac75d3e6be1ca12a42c18754fdd22b0354c3fa03

SHA512
ae9eca78aa8d5c986755f5523d000dd31274af1527950d27e7efa10506f70c2c95aa2d3e467b8de26e6fd5d7b2e340e865436bc2cb58a50f69f03a14a4d2229d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
acadf77a97ce85a0857f3df7adeeac59

SHA1
ab1678e1b198f651ddad10e3e6e7125ac98a1243

SHA256
4fd4d3ea116adfd8631106d44cc3eae4b8860c01d577e05cf36522d8889618b1

SHA512
cbe93272f555e7fd2d91bfc6f93f4100c2736de62f3195ee303d271faf4dab9cb3af8a505896fd2567bd2d73449b1f0038abf8706be94d42b9f6bf505ba00432

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
632f9d82dc2c40a22c5b07b01cc9fd0c

SHA1
b4deb27937d6f83ba34417edd04a45f90271e61d

SHA256
57bcac21bef7b09abd4403f00b65e5815b0d9ad5bcb8e792493648b7f1d939f8

SHA512
8b9f29f203df92f1c080421f42805f3aa6fbb8249eee60bb3c007569a2c1520a8fd9da283d518ec8b88c389ff0e2831c560242d533bc8e5af6a3bf71220bb656

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
3248b8b3e6600d7ebad6e01479ea7f34

SHA1
ede8a72d62cd0d44777763756240be394e134d41

SHA256
2c1fab2f9286c7835e956791ff7a110ce7e5271403a766bdbf21b59c6a946f9a

SHA512
68a01ba7bb8a5145a8fe2fa616feaceba1e5a1add66c8d351dfdd91a162c6928d58579bbd8a3a9da65fe58e35063ea3b9efc4df45fa17248ed218029e92e1753

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8bd5aff3af40143f6e5b0a7c4be754c0

SHA1
fc816719adee19419a69534359877e31ac4368c6

SHA256
4733f7be0eafe222678908997cc36fa7dbc5295932f047308a0a5fca1b0d9be4

SHA512
c6db739d662b4f6e6d6ef332e3e8d5ffc10dbe43a803adb7afb71868777a5dd0d9896a05d2e706243bd83e1758d318c6d7fa450779d4e43f385e767f4a3f7ff4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
81817c6653ca91fbb9abd68a486b3bff

SHA1
b4c47142818323978f019faffd4ed4f26d9d0f2b

SHA256
8647e24a9efe6127e4adb59a64b99441609e02037db14344cf1675a0f6f868fe

SHA512
ebb117bb4fa03f0c23e8683b172c6bcbc92de3273ccd09492bd380dd06ee862b5ff9a2434c08eb24009c4d653573ad51d6251164aa8c579f019fd3e4f4a6664b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
550ff99bbc18b85c863188f15238c64a

SHA1
2794dc37353513fa4773666a15768568c540ac97

SHA256
50608f28e5d2fc44c116bb9e5c36a55e626bffd9db8f9accf9642e14ed3d937b

SHA512
5b1c19ed7af612a89f60d3806d2d5cd3f33292702a37c908278e36af9e7da82127f62bb97fe5be216a6949772f24529c5740a5f729b7fcd7d15c1aaf97317323

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
b782e128b5970e4544439d3126a4c6b1

SHA1
3cf7b260743184fee71e45706fc323fde1c6fac2

SHA256
44aae5475a7a6b31596cf3360833054604bce23b99f6cd7bec84518564e6d8fc

SHA512
c5dd8213ac96782aa6d8021ae8cb75d3d1fad44841f4da0b4b671eaaa6600eebc1f9d2371b4f5aa7177d8f1c7fe27c473bb92e2ab7db65051e0ea3f1d14c7f3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
223e9cd1c7e2362d7512a7d37bd8745f

SHA1
fddf401145fc8676b188e39d3bdda1a27b7c631f

SHA256
eeead0158428ccaaf2c014931b850d06c3d7fdc03413af03d938a7eb292682c8

SHA512
0dec9bb6f8f769e25ae4cd44a9e16ddefcc1a50c16a77a4f7a0140785619ad7ee99d0b043b5ee451da2679ae92799fd02b50e3598313401a9cdd8975e19398a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
88173482d9a2eeb4da8b7a8db565e02f

SHA1
7ecd6554b20f5c4fb2c3280048c1acd30ce25ce8

SHA256
901625558d0c8d846c3d14284ebdc64f8c548af1dd3eba92b58346541a999b9c

SHA512
c202226f87c7cfd1eb3b94a22d448620bee434934329546764a3145f419e0dcfdf2154e4bcb3cabe70f18881b177510f441584322fadd250db3f62750a13b407

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
787ee03bc42002163fe4a44a5be59fbf

SHA1
81e4efd0ba9294c86dbc3d5c8b6b071fa4f247a9

SHA256
f983b154610078070fbd0ade9530dd46eb36a7a08923bd6de554c13fe8710aa7

SHA512
f1b9237d5f5b23805c94e0b0c046d55e94edeb28f71b079e8a6c791dc64c2ca7222276abf066d798b8defc3ac5af80895f8a6afc3c178deda32b322a4e801082

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
e198beb230a1cfa62c19ef03d90f284d

SHA1
9230725a14b6635d1e584fffac3de457ebba51d2

SHA256
f817c514bd978a37e4e075788ad3d952135538ca9f30dd74f3d6a829a1bd24ae

SHA512
f3bdf208b3b257fd9484483adf3d7e1d0eec5f357482e18c852f9d06df1c80844a86cd60f57b8c2de7afb3cf2a3e4880648836265c11bb055575778f8c762b1a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
dda459b04eaf115e1bd7d90a9b8f1483

SHA1
cf205407cf7bfcad8289557fdd20c00fd4d2e698

SHA256
c7cc7b64115fa26528cbe39f9e0c7b7ab71e7da65d29b46e4da575e9af1cb858

SHA512
485d3fa3fabe1d6b3246d14f334e75470089d0ff728c077213580cd39b2fb6bb3bb0468fdf41c926db14f0f6fe853d08cd6624c1f1b0eeec798b6692421c3b6d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
545097ea5d434443ec7ad4d90175d8a4

SHA1
c212cd4aa72ddac55e996cdf46be89317b2c8c34

SHA256
df3c3962f7d0ec4eb901736920f7b294e9be665bb13c0d9c3d213efbd012cdc6

SHA512
c767dc388fc63b6cb555644d667ecf6ad897663f464ae985a79bd4b8ebc96b56104282cc7f929e9ab560922d0b99e32b2ea4e0e195623688c869faf8573bb836

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
e3c3d4952a32e9a412bcffb29d782d08

SHA1
47adf6345d1cdd469edc20f1275932a04e3b57c5

SHA256
ec70c6fcf7f6f469647ea1935fcb32070c69ece376717413ba4a307cb504ae83

SHA512
b2a8d8bf7ab7403ad9287ef52288f0d0862be6baf3c1b7ee6f4d1743ea9995e550e171e81bb12b26b0edeff85f1cbff94458ab2d0b58b668b4c085e25435a8e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
212e861f10d6bfc3768fe29ef16b26e3

SHA1
e810749df929b3c6e8a496240ec48c7000119473

SHA256
1c3ad6a61336a4fb71831cb58876c81ce6cb296b296d7fd1eb5842ebe0d1c61b

SHA512
fc84ef7d83597169f640d421cb03a578bcbd161f58705449a6a2688ec62c17a46f1eb416d124465c60cc0eb5df3c3fae371c5f8272040144c1da29ddd313727f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
3e2ef33de31349dfd07ecf5baec2ace6

SHA1
4b939ff6124aacf94cdeee81f42dc8fb0f007bcc

SHA256
66de8eeefd93376e580f59230da8f69c7bf98fb62c0c879209b53f2ef65c9ba6

SHA512
f933264c8a6416b242e59fb0a2b674369e10f858a2562cfa9ed454fdaaa7f89b82958d036a602bb9ef09ec743a5b75ed93e76f349e42d3d3c4dd4cb569a7c14d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
ad62ab52ca5061dfde6cd6e679abc929

SHA1
b9844b0af5de730d74809557172bce474d0e989c

SHA256
42429e7016f3adfd5dd1f37d7797badefe1c2abf77ad5e6c69921332cb7e2a4a

SHA512
6ad5bde97ffca56687ee8cf0c4ec76a7d50688b1848b0029f2322cae4a95e4cd38216094310568e3887720ec5be3b170e30280d13f900ad74cd204a8d3ad8a18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
0b5bfaa869630fc79bf1e342627ceea4

SHA1
ea986e2e5fb384a5275cc514099db3fc51d665e3

SHA256
2d9323bb0669a250541a5dfe29094adaa7a4472aff9a65209ea0628326ccbb37

SHA512
f9ba0fd25c8ab6d2b5b7aa60cdee97e7a6b0520fabef150c05328f37c226cce85b81c3eea0f16030f2411f81212f0262434107e1c2cb46d3bea67f4776c1e23a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
7d205b054191960dbf6ef70093491c3b

SHA1
f107cd236a495c8935fdd8dcb61e4741442ab4e0

SHA256
4666136bc77f9aa7953f5ed2d2b60d302d6f924fe110c26e448e8c9bc9e107f2

SHA512
dbeb9ac0accb82088739cb449ee0b87204118bd732637245e6d2afc29443969e7e4a5d76f36fd616252f3d7bbe582b2480a4e8f1ca9721cc754d528ad05a1254

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e1356264705c6e5fc7e8cccdb237b249

SHA1
617bcff9c81d0458db1c92bf317d01011e028ec0

SHA256
eefbe369c8abc4556750b541f471a225093d35922249feeeca308aec9b2caa51

SHA512
fec7787cc1b77f32f0e073a93e1665d3ffc1fb9a2ee8fa3f4af86f35a39437432b67a1ba4dd60bdc9bb33113c9a6f8234191da536c9456331a269e92835f6397

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
fc12f1c9d17c7fc9b023323b6e20dc46

SHA1
fdbcb59d43075a7477f33763cecf08ad391365bf

SHA256
894ff19f98fc4a2c618ff2042a92e00fedd294d8ebdbf419a0ac9cc99e2e6826

SHA512
e51e58a32353f14e75af5fcbbdc37d2507821129615f8b42792fec6e184e35e6e97e37f8825fec25d37431ca560147eba7f7c47d45a0487d2bcbc35be8222433

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
87728e534f66dd03eb609f622a485287

SHA1
5b6902da86ee69df179f99a596dee5f81f5e7ccf

SHA256
b6f574907582c6c9bbda7767cfe3a0922098f674cd0bb864ae9b88fbbc6c73f5

SHA512
ed601c9aab1b8d960df9d9cacf5e6b2eb85a70f534a8796d80a5452a9a479f3f6726075a20193a23845d36e3836100da336bc4d84fb33a90513b6846938e0c5c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
0dcbe2e88fa19a80da7fc5b6f31b2fb1

SHA1
4d1fb9c178854807422e25a501a83b61869a7d5d

SHA256
f3bd69e4edd0af91db32993a5e5c78590de2db66eb1915846b6e98e9ddbb47c7

SHA512
bfbaaecd5d9783caef486eeb47b2a4ad5ba831f0ae72886bb262acd01de901a8282e436e7935b2c5001d6d7e343095b4a73ed03209bd4b35f21192fdcbf2684d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
897394bddd57259c85a07877fc42762d

SHA1
598051ea6aa9b195c60e38e5f5bb666717b98f6e

SHA256
70efcfdef5a6964e94c5c305b0decf92c3de994896d3ff67764b0601e0fff9a7

SHA512
fd74175013bee443192f1ef8333e097e0646210aeaf7e7eac8a7c1bbe49a987f9d1e9d088ce81fb9671fd43b087fd0dd54ea6c95aae8026968b9f498ea1604b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
de71f90c5a8c43e90e446c1c00ea4385

SHA1
9be8dc480282ad20e7003e2c4754b0dd497b42e7

SHA256
d4e3005008bd4441e41f116737f5c52ebbca88ba2af40f0972eba80ce2a61233

SHA512
c37b1026e77e6186415e577b10b26e3d7dbd8fd1f3080b379aa7917d8c3fc8767915c5f5260e47a272f3b5384ca1bb10f677aeabe7cd24b5991ad92df312974b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
2bf8940dbad368e01fe35a37d12693f4

SHA1
96236e2bd86352e0ff7774c051923c8711e5f058

SHA256
286f63dcf98d41d6e034d6385da2e2aa12608b2111d73ded619650c3c821b066

SHA512
5b267c3407991eebfa954f3c39da3082abf287328287dcb9356d4cbe9960c1f8c976e29d39e6ff3161fddc3815a267836b391a0110249c0dbb5dabb509a349f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754117131308.txt

Filesize
77KB

MD5
93f8c3a35774de74b3dc0835ad36e215

SHA1
2d83de673c2c6dcf5254471f3c80554b733d525b

SHA256
1e83d1629aaf6e107894ceaac480a0326c1c648008b269dbffce5abaaa7e696f

SHA512
75357d59a6c154764148a3204b93da65786aefff3aa0879a070acc9197cb754f9e705c21341bc048e7286c591d4a7fb5469f8d1157d8622de0dfc440fe671377

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754697600947.txt

Filesize
47KB

MD5
71f348122c0925cbe33da3d70ccb5a3c

SHA1
500e388b2f25e417e0cccfea836c5a9c6d5de7a9

SHA256
61649326b7220f93ea5c30913de1c0b299e4be981fed8dd2f5264e174b4231a1

SHA512
50eb005ccacf308b0fbccc85e2fca3867ff02fd295634c6b04cc1e9dc4c4135fcd98dbe93d7cc24399127e41bf2e0893d8c12ee38b8195ef2494146d404c49ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761298369186.txt

Filesize
63KB

MD5
57c7be9d574d5071bc2caeb94a8e1648

SHA1
9f19b627317b3dcc2f5a3185e10b6ff1b96dc44a

SHA256
c946100ed484a9f82abec83cf2009e6585edef308bf92c4d6fc92a8b343c089f

SHA512
47da7e545252d8daae34f22d076263a3a235cf53cddec8a4b47f5b319f523d296dbf86320bc76f043a1a8dc3e58f770ac56c91cb8757efd5c8a07ed20104931e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763938989402.txt

Filesize
74KB

MD5
85dd7c2862bb236c626d712b16889e8d

SHA1
6e8cf4f6e02c539e521cf2eeb0e45773a0ddd85c

SHA256
d052605d529c02d5f660bc2f4ab8193c0b45fa2996a97438c20337fcfc9eaa6a

SHA512
5d101a2aaef7913d9782b5f61434111518924e78d9074eb367cca7ac71444b86b0d7310f8193dbbe749da58faf6fdb96348b3358b702d2e5e13e6cca7acf7a7b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
8c16e1ce54d61fba0676f49099304c3c

SHA1
61953424bbda7b3ef08b18e3dafa786b92c58851

SHA256
fc78f1237523dde125b824d3a13b8fdb55e76e0200361b67fc8ea7a56128aaa7

SHA512
ccaf7386645452f649fd03864b045a8f34c92e99c20bd60987bf1fbf1efb55c3b912ac20fb985faf9a9a3a978a2e25104cf67544c7eb0fe16b38599909b64195

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1299d7a82778d1fd469f58dd7f40aec6

SHA1
87814bd41de9e534fc768df5f59d6392426b65ef

SHA256
f6ca778a2b1aac07d0cb04fe55e5e89c14fb72e80c5afffd717bdaada6a57f98

SHA512
c60190d7b07c7d37626b05a68efde152468b9a0b303ef881eb1ca8ba33e7783d024017b8cba92456c227fcd39a1fec53cc0022bca73c73e9ec5c539ef6cfecc7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
6056cbb2f00698f01437a6f08522124d

SHA1
a26bed9153b36dafc0a6c03623b0409814efa9b9

SHA256
8fea7da83cc467c797aaf952e60edf068d2f16331363c8ccf52cdac0e1c46f29

SHA512
939bc9649f9c12f163e7515535b678e2397d68683aa588608990200266bf0804169e251715b9cba5923d555171aeada6dfee5abd1c119c4d20d79171cab9e76f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
82975b048609b61dd5973cbf34750522

SHA1
b99b7ec672d5ee43a8c53e14668406402012d243

SHA256
fd9227b5cf074e26294828049ca5401e76ed1686493b328fa08a32216e7019ef

SHA512
75ae8e8117d6c5ba8cbfdc2cfd690b04095bbdbf011bfabbfc5602b1ac45bd78e4333d8022f91421a5edc41d1162cf2beae64118e8ee761e39982bc2a66e4868

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d6d8fa787408078f6d2c18ead7d6d0f3

SHA1
cd9ab4e8d5724000f3cad7529b86f55246f7e95e

SHA256
14d646449c981192a46806801b353a9051ec46d4ae093cff50d3da66496f2f28

SHA512
a8aead0ef50cd10aac9ff3db8f0349eb469c17cbeecb668efc509df6162cab47f6c9808c7aebdf25accba52958f78cbbb6a27d33961aacd052c67a2fdd737ef2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
21686c981efe974fef59ce39e3ba9e40

SHA1
ace519a36586da105b205e6b09990bcbcd979bd2

SHA256
0c1ac31989b5f22b697fe5d56876c149d3bb6e117bb900ce84a29f7d2ddd5eeb

SHA512
7f2ae78b795ab0188b0c8f42425003c89f2c68e1966f44801dbeaf7016f9e3ce62c53d3476ec2e2d761dd97aef8978736b8dcb8759b3b6a2f1ff2bf8f2c5f49b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
01225d10447ab15f55735cf1b654f96a

SHA1
9842566f8d4aaef617707d83a9dbccb9015d0d3e

SHA256
24b02b59fb3b2bfd208b70ea1e24e5897885c5d0f8904f2bc815cdb324e11257

SHA512
1b03ff812532a0296659b993b0041fbf53b48b176252de2fc0e9112173cfaa16ef4f1bf830643bd06280f6d4f0efe0ba01147b2254e9fcf10c51c0e4f6774e9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
337d6f468453510719f04849be2b3abf

SHA1
b2bb13104108a8d5e2025b3cdd95da012b2ae8f0

SHA256
4eec38672ad7e90c2c058d428d549a2b8808fb1b1f2e06f2f7a92dd78520b695

SHA512
d3821b5db63f434fc9642f9738200aa6239692d610a2223d7ec10528c80ee059b1703d5d51b8a77dc1a0d2b35180e15e96456f8f286911f058eeae1a668e1692

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
8a30bfb289c47e8a027bfe8a3782fe3f

SHA1
754e5ae22a9c595e4b964ef7cb46dd9453452587

SHA256
2147547f3ec9df1693d71af4eaa473f621252a793a0294134256598e013523ae

SHA512
8e1e5d678c3106d34f88846e37a031136ba44e85b8d9d459ae868b9f879e4d83f93d8174fb6ff3f30a6daeed0a5c42ca8a344c89559d4a621d6281bca2deb693

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
39c437c108986d0c722c33a34ae58983

SHA1
d8513abf4b0ea4c2d44c06b0609bfbfffbc74855

SHA256
c89ada045f83a12d76c01726bc7c11e8d6e8241a3f8696b87fd3dcf97b7f00ff

SHA512
6ae31d07cec8182e28a28f64028341480a7ef55d7803f93a78fff5082b5286539b775af23b96d69f07ca2f799ea03e84a47d3e58d08df359abbaa7de6e7c9e07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5c1d61a36185a799c362f5de56d74aff

SHA1
61b5eea90287caaa0721904baea69866e7d99d6d

SHA256
1746a8118be7464bd163139c443718eb4430312bfe7c44eece32b42303b9da19

SHA512
736676dcc5a1318e57554160cd65a9dd067c962959837bf4acb2376045ffe8f3c1cde815ed30cfc1abad095fa442a6d7f374bc4650e770471d2159d9f88d304e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
9ff17548cf53661914ba2171a9945bf9

SHA1
5dce6b911d3e653f4d1136bfc63e97936f0d672c

SHA256
6c20280ed150e4a245a511fd5afa230b7b2de45d92bda3e6d1939e480000b5e6

SHA512
1301db8335193d6380a16bff906e3d611814825c4216e763518bf33ed68a6b66d9da12f48f86c6add90123a59505ebe6c51c91b70bbc3f3cb0dc6e3892840e2a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
cce0e7ec0a66cfbe65898ebb43224cef

SHA1
3d250380bb83acd9f79b8b050d8b2aca87d16418

SHA256
a7967fb0665a27e74f9d4bddce4ed1e97a1171cc1ac4a65a80597d0dbe1b8f5a

SHA512
941ce3c04814aaaf86d987e71e18bef35b8d65562ca8307104ddfcce1fda0d56a7b56352ae62ea242ed9aa12b94d508ffde921e413eeacda482d42a951f0b36d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f620d9ff4a0bb9425ad36c0343375572

SHA1
2fe7aa6cf63a62c9a4d7bfa7426a16d8d9411343

SHA256
dbd0fd9a19210187743e3e67336a07e0c0186135305276932c015e946beab836

SHA512
dce7a005d26cda8badb732d4989952dc06031e97df5041df7289dc130a3bad27612dc260a7409099c90e5085850128a5dc7e80d2b4ab3d4c01d0957481454a88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
832f9bf4283edafa71418ecc6cc8d526

SHA1
e50cefa4bc7f23f318558ff9b56bebcc0472e0a2

SHA256
7b1670cc20d39d5d090a731fec7c1630d2c5f3eb709c5202ee25bc23d4ccfb14

SHA512
990e40ff85c4ede1b7614415a00260b66b482b2b1fe99fada8b4363c05ee054e87f938dda4de631d2a9820cde681a023a9671cd2334ddab02510f63186302623

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
c1b1519631cc3b14dd4adcebab0d2be1

SHA1
bcd43c7ac5c1ed98e2498afd132c8bd355731d28

SHA256
61d9a693f667338ccc5d5eeaaa8276892686ceea36a173e22fa98231f3960f34

SHA512
eea7d4c592f742feb68e7323135081dc16c16e89a17e607271703f73580bf700448b1114262acdb23f587171985e33792ec95d4fb77b53d534e7965e4ad2ca38

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e76afac7f58015c6204e4e71671cd32b

SHA1
928004becf534a947517a84e03f71ff4dfface66

SHA256
e31f3e216e8c6e8f964717eae739508a4339d9dfdcedc22340001799aaceea05

SHA512
57eca6a36b85921092f275002442d47f55727f3de1a993805e871ae4db904f0c244e87f8ef59b80c4fff45c440ea99489ffeb9238da1d0df36b4a870b1080812

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
70f92d1b0ac553de267af8ebe28cbbf4

SHA1
e17952d00a34dc6a4c8052ab944a11e6dba61454

SHA256
86b7d640715d8837fb1c0b05d513f0b36e97b0af0eea2badb0c44c1510be0d90

SHA512
fae7803d08c4cae2e948e4020af096c9a88dcceec010e8d2ed77b782edbe84b67ec22d3f43da588bfdc2ce6f54bf1d51d23dbf9698ee7a5e2b39cb2119e9dcc7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
1b439432bd9434f1bc27c8329ac8812f

SHA1
b0f61eb4cf9060108a41e4adec288e6d6665f900

SHA256
5cc3a5dbb02eb085169877d5edec8c9e955d2807e46ff75bb4f5b384e3cae220

SHA512
0665c97eb6fbc52da0fb19ef4c6843674be891cfdb0f98f49f419db2b6b8f9065ea46205d3e85c17455570858b36871adc6b514963a59a23740b58999ec585c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
8358863c2548fcfe639a234d744cd76e

SHA1
7b892fabbeca8b0354b07f406364c09342c524f6

SHA256
9f64f805ba615f985b14e833b6bbff00fcb3f7c1ee5ff82f2ceabea5f3b61da7

SHA512
df0b0ec7b3cab796c82ef043332c0c5a4ae832c5830b0b0a57799dc2f972578500ce1d28f43f940df2c67daed707d775bc4bb156cc13fc0a68d52c7b63d77971

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
41e5267d2b43455eba2981ca5e928f1d

SHA1
395f61e0d0d8c8074babc4ba580f4add7ce234f6

SHA256
c97f61e79e3032b7c574228316f2ea85f625e69f67f84222ebc40a1d2b4793a3

SHA512
93223b5720d3423eea147ad08632fa3d676cb4d226a18e1394e21270d216236ba8deeb31ebab322e4fb33db490a0bbedda25a0277d4dc84af0aff32f7b4200d7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
a4df3605f1835e1e50f19340b6929d73

SHA1
aa5a7c5f6a971f714263ba681aca5738c35c39f8

SHA256
c7af6d6af5e82bd710a0f65db2b314619f96a3b6d5c635e41e88f4fc5e123f66

SHA512
c006facec6e52769ab69f39d3124e07610ab08eb5f98e8369184940c22ede0ef07d5686048490ba0b9f72510e3e35c1f332d2cda96f8b490c89c09fbcf5614b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1b4405e1688ade74a50a632605f76710

SHA1
bc20c9e2c6479bcaddb45afe465e51bf64632ca8

SHA256
c061b4d568267fb7af1816ccd19ab0b548390e381642e87c066ca9ff06b60b68

SHA512
7b017218f4b5787c7880aaaa1f80c515ab50a1edbb5e822d06e28b6e2533cc01960847fcc3a18abc15ceae06400a1deeafbd61fa75a8f6d4fcb7815478896a37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
5950cad88b75d6ae727d4f1159bd7beb

SHA1
687dfbcae4530372a750fa239c01c2cc8893193f

SHA256
87956a17281b03080b9c34aadab2ed1e256ae77dfc8605aa2cea194a9d172361

SHA512
cf8a335d651ba69099d8019544ec05b4e8707afc994f29927b762e85beeef1a05200a2b0f9679ffe03702b8d03cd7a0c7405dc35378c097c4c77d4b607c30bc3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
845a51cbb9e98d59ad0c564f4fd543db

SHA1
b3691627e956055be544de3126fdb0f2df562529

SHA256
b520b29d7cf0f6c390297db5868be81e238519a6eb273ea8c470eaf22147c24b

SHA512
c4d4e40f0df80f8ce32626f7a42bf3edc1b032bc20c67992ca67ac2e4cf6f25967c748da4daf059f0d95cc1c3179fd4706e05708923a892aadf00dc16f56c9d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
b5501d69bc38bd029c003ffc2dd3e9f6

SHA1
c5137058344c25f2404282ef87142941b6a241d4

SHA256
4b78f16eef0524b3a648f150e8589c1af8d2ae34efa7639b6ee970915c2396b2

SHA512
3a8fb088caed6788773d2c47c5a079d1b777d912106438884ee98f6793121519704f767a22c2b09d123d6348a4a84eb5d7178710c545126c0685671417d62cdc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
73df5c7d7955614cca2b01957a84caa1

SHA1
50179b2bdf1af718c67a6eace2e08f316997bbe9

SHA256
7671759f040eb44d7dd931f32d2088be8afa28ec86cfc546e65a4fbb730bd818

SHA512
393bdfdafc307640eccaf08c4cf5bca31fd63a536af4c3519e59b3385089195cf5d6e9e76be562940f83d5cc77ec5d1cfe76a83b0aaf0ed807514c3cf2244eaa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
3c8ad9a088847a4abde23e66eb8ffb8a

SHA1
abef82e0ef2c067526fa75222d91977df89d2416

SHA256
da34692826f8788a44bf51898676ded6abb366d7884f8615f8d923acd6659f9e

SHA512
3baae15d7d0c38083dfe8490e05184e600bcbda10a11fd79d673a054fc44c5e436ff14075e138af506e4acbdd9921c1aa02b1105d9ba7af5506b5ad5be4171e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
e49ffa5915f55c56cd8f1fb88442b475

SHA1
1d7fae645bf2f398575d119b24ecc746cbe8d1c6

SHA256
1614b607cdcb7a101be7c0ccf8ac80eb97dd1f3cacfe68851c27c1e3036927f5

SHA512
d691567e37aca9910bac16658894383d74c2f3c91f12546f7a5d498766991540b1c9731c4d1da83f79709964535215328fdb1f22c8acff37f9157c7ea025c8f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
fa52b6146780ef25aa1d871b6da7f206

SHA1
ff745adf1bcc7a2f2545422e222a3ff5192c2aec

SHA256
ac98f410d02a7d233306a5e19dd11add232bd9795971fefd4839239cf5cc22c6

SHA512
1a8f550a1eff12e865f8574f8099aade9e11d7346260657f001a52a3e3ed25a731db8cc6dc3496d922f69e152311573f391f55bcd964947a46478e41e184a2d3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
8066706e16e7fa654a6ba9cb4ef02ac4

SHA1
c54fb45cda3d2ad043601ceb1b17d151e75b5c07

SHA256
7d626050cd8539d9a73697fde6f6159fe948934a9b40b57ebc9d1b523f617504

SHA512
8f0314eddb102cf566544557938237d10c9032db3d9a9c5bae67f71ce9fc6fd2ba52d1679dfa661ac0744f65181b29ca1edd3bbee04de9b037b75bdd5061f6f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
6d3e071c68cd693ed3fab2269812a901

SHA1
57c92b2c4f7e73982cfdfa48731576cc8b1720b6

SHA256
7f415e27bccb4a04b18ac77fe8edc99e87fa1d7a55acf383af26911f20f17040

SHA512
3497e7e3ec8d830a5c82f6b1b47f5b3e4171add419d4c2f7f7f5d366b323ee3d21759a3b59b404d42dddeafd3715ba02e0cc1cf318c6ab975b619a1e3cb8ec91

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
0f68b309674f5bfc9ae4338981bde2cb

SHA1
6ba1d4059f811b381810301cbb7bb1cb358547b7

SHA256
0e4059bc29092e4de09f73c46e79c71f864d2f07f92086b7e0a9236c0d1783f9

SHA512
c0a1963ca92603377d08c1edc2482051e0c93b9eb1387199ee5706194dcd710c481900c3eaf1bdb466fa894330413f9282b8be8802fecbe03510afecb6bffc71

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
172b22fc63c12434cd8876ca258923b9

SHA1
b36dd85fc608bef26fb50eb66c9b8e435edecf94

SHA256
457659bb9f56e1989525c7aef35364a757d4799096416395967ba53230f8bdea

SHA512
0541879d5a1693e406094a2fddd783c61005b452fd53aba23d6852f5ed86562a58c0f13af2482ee56c080af026fe7d38752da9fb12a58cea300905baf7422b6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
7402484ac14ec81d777de6bc13ca4610

SHA1
eb9e2a712ca543a91130f68cbd8b651978374851

SHA256
9b766e3a36566054b19c597054cd78076849bbf764c1439a084f5d52a19921f7

SHA512
d885a7fa74967ab0e45711a25c3b3f286725e350d3df24528c235a7493968d68179164c6908a0b77ce566abfe314fa8796a95b4c3592e6d2a6e8f33fa32dc2c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
a2c9de065d7701b07800746fb3d2cb55

SHA1
f4125e3f9ae51c8a16a349326f556e280920fd7b

SHA256
f97b3a6de0eb845af30d46ae8dc24d36d91948fc6474335c255d7b66df696e7f

SHA512
0454e16940fd34cd19cea7b14d9ba514005cc7bb7198f131689572fa35dc04d97e6888e69a2961e4cf602bc98a33e6d9f0658cc9ef8a0d5ce205b0340f8d4855

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
dcbddff72bc3a11729e30bbcc0a4b347

SHA1
9e2d5b8cf5e1594950a881197b8c0c03dca6b62d

SHA256
b6f23b969d4d2f5f0b65bb8ab1045ba036fb2c20ce2218ce13f54e0654bd3a23

SHA512
c7a398296737fb413abcc8aef739f186d5c9cdfe89c6c2bcc4ab0e020a0bdc26b3c8897d5adccf581dd51838005b3a0836faa227a8b62d7b6fbcf6daa6ca31df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
9b26e1234bb9296441c41248b699d8e0

SHA1
d10a3559eafaa09236cd60a3b0b1a5128fb16f6f

SHA256
79e93fea9976ee0a2a9b01d4dfcb042ed6ca11498358f1cb589dc23332b7b48b

SHA512
e3d38f48f312d42342ada73f3a46fa499388a44d2966d1c9dfe8e46899ce8d7991a4ca89257b15b62a127822fa8a9a903ad0c9c9a089a2a3aa9fef003887b7d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
738f4499cafacdcb296cebc839ee9cf7

SHA1
a853b70514b1de2bae4328d2296e1796e4172cdd

SHA256
b6eced8e3257ea4f2878c1313b91381cf013d9d7ebee9051e062ddb56c90908f

SHA512
777a1b73959640c051f4438906a1367de8f00c5bc92405e04a6f4da0db001d8a0efffc7390633e4e809f0498be726a48b721a80b64e9530aebd2f316337833b1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d9ed7871f46c866390e00ef0c971cee4

SHA1
dd0b876992c07c00e2915e3b6ac6ff93bb410016

SHA256
0c90d9c66ac4a1f404bfdb61773714f84a14280cd06a110d64ad721d3c4123b5

SHA512
57a65667b7913530839a7f12da91ec209370f590404ae695b66c012bbdcd84b21f577ce1870f5260319a9fb0bb81d916f9caa0c02d9b4ab38dfd582ae9f68923

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b5f6392e9c718daf289a5f4f519b094b

SHA1
ff6a7692f8067657f9591607ec6312387527e115

SHA256
db9dff311d8e9817ed5ad35604a894016e7db5106a81014a5a4c6485bf4a1a77

SHA512
7bc0e0a73c62c46d531c192ee572714c36ecdcef18a7b3387dbdddb9a49002dae3dfeb2879f42c20305b435a5a2dc513947d6bc5ebf455d724ba95e96bc386f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
5db058d2e59f3e12b4f35e5d62eee541

SHA1
c752f6b04ac31f8ea48a7971050ac4b7b1907c53

SHA256
c885d79c89e93c25ff09a140121296bb7bcf9082743431417d4580acb627aa68

SHA512
b0a579a4487e1241e9e06fc984385fc99fee7c4f038594c02502919fe2e10fdd1f408937c075c83a64f58246357ebcd8654610691c4856e562e8e9b7c1c352ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
a4b7e76744facec8b200a6fd97937cf1

SHA1
f7f3234df6ca4510e2deee9c245691137a642cdf

SHA256
68ac87f178d096b8eea31cf81fba155b56bda54bbb94c1fa0b728f00c538458a

SHA512
55d31ec41b02e45656a30a0e529bae840ade67fe9c374796c7979e5d0877bc0b581c9e77eb18bcc6f8e94477039869dbe0f3c0189f309cb1903b730599b6d800

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
8d3004b643ca1d79ad04e491415fc6fd

SHA1
c3b791fb9b1d8eb68679f6203e6cb5b01e912504

SHA256
186d13480e26fc9a4d6d1e3754388610f7b3ef39e887a7f20e812a5bf791ae68

SHA512
bf1fd5d4cd5a053c43ed38305aacf610fbf4648e210c74d01cd9862f473aad890f67e4da8df6838b1b21af85a330f905881383354b2b719a0239fa34303a5adc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
e36e06485e5dff160923dc49fb3e706b

SHA1
901ab59b8c01771ca44895975a56357de38f6ba4

SHA256
3a20618cd30d12f9636de92e49633d9b30fb79e032d95c17e67905b7cbb9b7cd

SHA512
2f0e485d2979fa67d405d0d396027be4455a60c9eb11e03992488fe70a9d907889419f972df38c7af657732cd684725bbfd6d4f527f6765bca3d4b65aa7d89bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
cbf97defb0295193d2024bd62f0305e8

SHA1
798192a9dfea067a2a0d0ae9de864d125dfb3357

SHA256
f41e6c3f712cd0e3dd14c0adc6fc76e24b100a7f3fa83248e7e8536fecf95b53

SHA512
699ee3ce9f7f901c5eee69913b6ef53ed688b27a29a3834078fb71a3407b9ff9cfc0c30b169c5e18d9663ff8b9c66fb5b17090c1571c0247e720897378d65240

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
0d267f8f958c1353fde31ddc0d86bb7f

SHA1
bbfa991cdd5abf4b4a821dde024aa8f42e360bd9

SHA256
9e5450b654333f05cc1cdbc621f6fb86682eb3cd274652cb16773a8d5495035e

SHA512
cb0c86c63f055f7c32e723d4ff73433ba3dbcc33f2785d54dc00b105ba7cfbf31e719c4056ca37c6971c9887c468613a807473805bd9739cce5e919f96d25061

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
0e8f1966dae5def4840637839f1b14da

SHA1
99a97ffa298ed97d1fda373b8ce4653cc583ff6a

SHA256
0960d3dac9ab56f243252ca0127ecfe6ee983af94e2307726f2d1c2fdd28f472

SHA512
5e189d80ec51eeb16d8315f839f6073c1bacff5aa0e179ca47ae9a0989443acb277a75351382e2b90ae48e59831656e16e08738423af44fe6c8f30594506e9cb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
191da3390e22da430f0455af03d2a602

SHA1
420e5273f2ac60f73c11642a211598fa67156ddd

SHA256
9a461bb05fd2caf6d71f00ca7cb18f8c5035b4130674f79c71af95edb1c2d369

SHA512
dc4a85bfa51751d7ea2b06aeaeab1a750843b3dfa8a84120e552d9e276c41d7f229067d83852b476a8d71b05413c09f1de35fd94200881acb2b6cc319dcc4fc0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
b3c72860abaee9aba4c979509fb8bf08

SHA1
947bdd94f3bff66700fb44734e1cc4e9a91ffc6c

SHA256
8b39cf4d40ddbed5be9641efe1eae25d0630f940c096ed3ec0903e9429710675

SHA512
2c58403465370c28fc451f56706c0f0195a1bc83e43af243aab6a1cebb30699129f35545e5d9f7333969f3631bb79625a300add190aa05d95a1b4fbd8557d570

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
b31ee02cbe400d0d2fe4082c4a268531

SHA1
543ce38e5ece108ffe451c88a5c16a5eb44589f1

SHA256
25bc30f031fffee60f18b83cee57eceb9fd33140eff3dcdf7e5f0c63072a4ff3

SHA512
ad433ca954d2bf781279a9b4e5ce6d43f64d3471b772a55227342dca7dda61b8958f08ef1d77f174ea5101e09dd9595b3cd9f5959a54947e806a13bca83a1635

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
371f5c026be5b451217881a1054b4f6b

SHA1
a160ecb4cf068abb1d0f5801a3791d4a99118d6e

SHA256
43953c134d6e701415a55ed363e27868a8f097ffc3d2d5b1aee33bcba4aebac9

SHA512
429326f66375d5e2e4bb2a08ef2ee9ed5b9cc8b138584b0dc9ea1ba94c0f7dc3a4deb3aad5f66db8e4bcd117a81cc62c607601c45b12d5fb7b5f20c974773589

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
76768f36d3a25c12d47ea80a741930c6

SHA1
5a30b9bc62166344294de2a4f34a0ecf4f19aa9a

SHA256
87b567c479ed07edc269c92518db2c7f87be3614fd7774aad01708ba071ef8ff

SHA512
78acfc87b4932a3829a574c47db1303c3173b760ae61293faa41c4bdce465cc0023cc8e659b22262d08d64a7bdb7e33d8f2f8f823736cf8a7882b286c2c2f61c

Download Submit
memory/1296-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-5729-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-10498-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-10846-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-5772-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-11175-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-11176-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1296-11181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download