xorist | 46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Size

7KB
MD5

0e2b1f1c0abb115f4514a05212a20233
SHA1

afe35725bb3e6dfaff5db8335d017ebafecb94f3
SHA256

46dd728e76fac2aa1abe753493026a5e2fcc4a9c879a33aab43d3c887649aac2
SHA512

3f840cb63c67cd1a14c2376438420e70531e85c26021b9315910c4f409a7ac8bafb7b54b36b2a6d9c63e8e1e65922637e3319cdddf2fd33209e4c644dafd1b0b
SSDEEP

192:zzdrr1FG1WDCgmjPZvoAYmpiE/5eb2MUA:zprr1gkDCgSlVXeiMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2536-5757-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-5756-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-10481-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-10888-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-11225-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-11228-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2536-11231-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe"	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmkortx.inf_amd64_93b84ecb5fd1cc85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_a8a4ecec7082e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_aa94d04ecf56de1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_5b5f11128afa2611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2536-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-5757-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-5756-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-10481-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-10888-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-11225-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-11228-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2536-11231-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-unplated.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\script\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-200.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlCone.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-125_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-black_scale-200.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-200.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\192.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\logo.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-lightunplated.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\index.html	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-150.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Dismiss.scale-80.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\MoveToFolderToastQuickAction.scale-80.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-24_altform-unplated_contrast-high.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\warning.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\5.jpg	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lv-LV\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-150.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-72.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\27.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-125.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-no-text.gif	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-40.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_TicketedEvent_Light.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_contrast-black.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.746_none_21db9747a231d9bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_adaptivecards-xamlcardrenderer_31bf3856ad364e35_10.0.19041.1_none_90c50996bdb60a3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_lsi_sas.inf_31bf3856ad364e35_10.0.19041.1_none_5f9a81f80313be75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_net8187bv64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_023c7a00f572ee7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-runtime-mediaframe_31bf3856ad364e35_10.0.19041.746_none_55e6e4f539e422e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a380741b2ac7b04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_whyperkbd.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c14deb31f6b23a5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.windows.forms.resources_b77a5c561934e089_10.0.19041.1_de-de_76fec2c865b14cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_22a6297237e083fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\SplashScreen.Theme-Dark_Scale-140.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_de-de_09b77de93e360eb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-nameinput_31bf3856ad364e35_10.0.19041.1_none_13a3f68414e868c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..inproviders-sysprep_31bf3856ad364e35_10.0.19041.1_none_8c48b66e3e2545fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\085cda9eebdee4ba67ebbcfb4dfa8c85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_0114645a2cc6f55c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_10.0.19041.1_none_857c0c60dec56103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\StartUI\Assets\onenote150x150.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webp-image-codec_31bf3856ad364e35_10.0.19041.1_none_bfebaedb0f9f312c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_10.0.19041.1_none_bb8f0b304d7aec5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\431.htm	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6f8531dcccea7e54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..serverapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_a753cd1aa75c026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_49a869e265ba993a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-localspl.resources_31bf3856ad364e35_10.0.19041.1_de-de_7487bc444abf9242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_34fe2048c3e6edf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_uiautomationprovider.resources_31bf3856ad364e35_4.0.15805.0_de-de_6c27c84694238187\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.19041.1_none_1774c39d9e06c822\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..diafoundationplugin_31bf3856ad364e35_10.0.19041.746_none_60b214ab46cd56c1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_7f361afb862bd0bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-16_altform-unplated_contrast-white.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cfb7eeb681753e8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1081_none_65d23b04f8a3fe59\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..sedesktopappmgmtcsp_31bf3856ad364e35_10.0.19041.423_none_233eaafbcbd45daa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SrpUxSnapIn.resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..serframework-legacy_31bf3856ad364e35_10.0.19041.264_none_2f70839865657a50\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deliveryoptimization_31bf3856ad364e35_10.0.19041.1266_none_3f1ff4ad7c364440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceenroller_31bf3856ad364e35_10.0.19041.1202_none_36057e94c281704a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_10.0.19041.746_none_c02188c3dc5104b1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mmsys_31bf3856ad364e35_10.0.19041.746_none_46bdbf5f725b238d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.1288_none_a48884423b0a1d1b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_10.0.19041.1_none_aef6023556d75146\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.powershell.archive.resources_31bf3856ad364e35_10.0.19041.1_it-it_52fa79cc374a2d72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_intelta.inf_31bf3856ad364e35_10.0.19041.546_none_53869a995d79e64a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_el-gr_6873701b9852761f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-xaml-inkcontrols_31bf3856ad364e35_10.0.19041.153_none_ac41106ac38a1fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.0.19041.1_none_efc94905aa56b286\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..host-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c6d15e195ed1b14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_10.0.19041.662_none_cf765fbbf77baf4a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_es-es_81c367117552d701\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_bypassServiceWorkers.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-256_contrast-white.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_10.0.19041.488_none_66749187aa5c9d47\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_10.0.19041.1_en-us_c574347cde166390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..aml-phone.resources_31bf3856ad364e35_10.0.19041.1_en-us_18d3e545f12fa546\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-applaunch_exe_b03f5f7f11d50a3a_4.0.15805.0_none_a89f46f8bfac0a1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-management-wmi_31bf3856ad364e35_10.0.19041.1_none_a755ace56bc1bce1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\Assets\LockScreenLogo.scale-200.png	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ado15-rll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_419cf96ae634c514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_03869b2ada272946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_10.0.19041.1_es-es_cf29289771f9a5d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_10.0.19041.1_none_92805471a97326c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inetres-adm_31bf3856ad364e35_11.0.19041.1266_none_a70d41d176796951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZCLMZNJFALTDUHQ"	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe"	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\ = "CRYPTED!"	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57wobqhZ98OrXG8.exe,0"	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ\shell\open	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZCLMZNJFALTDUHQ	0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e2b1f1c0abb115f4514a05212a20233_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
6ace2be8f116d40813f3649f93ee6dc3

SHA1
0bbc839c7e1e2c683aa613246a1e1a29c8502055

SHA256
829c731e3b233d97df59e1ad4a0ab44a3339a4fcdf5155e4b39ad78a4bb4ae9d

SHA512
e303749de9c889fe9925ed9f9382f54b1f6eff30d07361bde77f8158c50682295adaaeb331cacdfce5da24a05f3fe837c21fe9b42d69ea2ea85fbd379068ac1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
dd6c6d3c3fe385cde97b494c3c2e20b2

SHA1
27f1fe8b0b6cd4b0e738af0bd18f8dcf780bda5a

SHA256
a39c1d481f3aa7a850cc529b4d4fff3de776bbaa6c5b5ecfd1c23d1253413b55

SHA512
299f3f00fed97e9a52195bf72eae59edc8700178e7b90a837ca94d6080e73cea359f64908d4076f05454cc3ff90a7d1db707b28f63994d4fe34671ce91c84841

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
7e810ed0743f1bf617350b8a17eeccc7

SHA1
cd48397c7cd352404f641a3917f8ffdbe55b7e71

SHA256
fdb1516aa9a13e27f379f1f07f9a5e1c3d4cd0ec1b1e8c7dd6665c0bb0f950b6

SHA512
6fee6d4a97e1b27acc0af26919c32373359eb8a45b3f1e5faed824ca0cce4586c96d782ba3c949473cc8ad94bdf3f4d29edb30e53cce7ceeacf24095c45ef30e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
e58bf9732091cfb26b87435a4dfc5c5f

SHA1
ee2986b163dd23622d0af05c605b27ffccb56681

SHA256
73354ae130746c5316a6be341529c2b0147df6796f6a8e825e7f2da5e8d62dad

SHA512
166efe8c2e93c00752345f863fb487f6bb3deb690261fcb81358c69839d00bc9a48f5177e2869e2b2fa729a7d63a5d749f29a0c5801e183a21b7e238221acd00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
2abc87c3ef6dfbec485011d64da7d838

SHA1
b667e6040de326ecdc1ead431e5459600b229b02

SHA256
094a3ad4ed4f1cb1a0763ce1d0e7a9f3cad20cb305931cdb65d43b86776d2fc7

SHA512
8e65eebf8da48c3a665f9e183410261300b776cfb5ea6759a769a40834f9c81a01ba127bb5816d5b0e8761c847974c46ba3860d289d88289f7532491dc835282

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
28fb8300663337637988baedf4e6f463

SHA1
cb814a1633accd8885fbf326e55ba35ffd9cc69a

SHA256
8bb4989ef9c3c4690817ba752a2e7da9bb133f778607f720656ece4cd27c8ae5

SHA512
06a9c40e59a06fb9e696e0c704b25ab31654be5f7bab94b10abc020bd84f58f122af152a8b59c0f7a1cfb22e9d432afa009083b01be6b751294c63ee337b59e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
851976db4074d2f85a7893cddbcf3d32

SHA1
030eb280c1e74bb9a974f384170739fba250cd66

SHA256
ab4983facb9d28335668895c05cee164197e2262841d25f36368127591a26348

SHA512
2a4d88eef47de317c8a3776cf91014869e138b56d338fb4ebbb05c586467354b094ee38b8d36ba360bbb1f33274ca3bf90b2039b5a29d8a5ce01788caeaf0e0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
6a64e29b0015a2271de22d0fcfb9a9ea

SHA1
c325f67399f6c66dd549738de860226750727901

SHA256
8046225c0647f3c33ddfd6a7bae12ddf93e7712e0df03247b1fc549cef370752

SHA512
25b154391729f2cb7c75e3480675e0c95e1bbaa8d13bc611359c72403431d7cea2824f2646f2f2d5f7d065e0a4663f134d6cea127fba689a70421f7d4a848bb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c9ae030faa71ec55b176317566e5fa77

SHA1
9b70ed02754461add5dd84e01eb97149be18cec3

SHA256
fc9958f98f3db5866683953257225f3690900c03a075581861e432e716159c85

SHA512
7f6bd7be4a7d520639efc064a30ea01102e71572420822314979753abbf7002f486b4df9d2752f1c74c871c95a928ae318d4eb5cc3fb3c99264643fa8545f4df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ce4403cb0cf12c0b76f8f4824d372640

SHA1
571abe18e67c6f4bf6822a00127a1e3bddd5cecb

SHA256
7f9b02302c6252eb4261c0134c084121e1484ab31d7dee114927f4c42acb6f24

SHA512
4bff35ae50504f4a3033f026d284e5706a6a886d09e9a33bcbe2ac664459f5270b3f3a958ea286616db7babd3c139c23a19b6cd0bf4936622ef352ba7eec6055

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
5896b2f714e99ea5bbf46f3d4ef665ee

SHA1
2ce4624b0c8404be4aa00a7ae36dd87878092d81

SHA256
f77faf95d5f9d2bbb9ba4ebec39a33e0eecc7beca214fd319d1ce14038066c8e

SHA512
d737e70c4fc01638e1b79295f65e203af50b6f56ed32a42979ee2cd0f0b38764036871646feb49bba3e8c233e17cee61b9656d1605f11fe6be1219fa169dbf4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ba67b56c7edc267dfd7e53a3085ef62d

SHA1
32f560593cda965d0e4203e883296182bea01abc

SHA256
0b0f1e8693bd68c1cb79462943675bf61d72f187ae331be7d5188e802fed2812

SHA512
0e4da30b2f89012e5c942307780456786a855bea6caf3045a08aff7d86ac64ac08d56c510339659438305943e7ff990f20a5bbc3ecae07e047ff448dbf3abcb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
93c3e5e8d10b4e7a179e0817e0114e1c

SHA1
7fa43c0cd6f96f309c2b5effbd0558f20715b276

SHA256
4660a5fb773792124192d75e349f05bf31226e5dcaf8c241568bc52b1905ebfa

SHA512
2c818a47437fb4d2ee524cc979ff1cffdd232a80da4a0b414aed5871b5002d755494c9573397069bed4f0215d2cc1a2183760135b289b807ac67d876fc1f2dc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
6df11223975a5a8c2fe67b54528aa9f1

SHA1
0835d40d3cfe023e3b23de1f7fd37dfbcd0aa09d

SHA256
9e537d38f544e571feb3c7ffcfb9265ca0c7cb3b8be5ac411746e2029c620c7a

SHA512
b7d14eaf722d36c334c79e00bf4972474a1ef00746cfc75303215f6c453b18eae73e4416c941b50ee15082d3fd2be593ffa2623c835c53575dc86313d7f41c2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
f9b5d0be154e4436ded96287037dea5a

SHA1
9d9cc84b9a83245475d2528764a70760d053a7f1

SHA256
3ed4d065e51c74d6a44ed7d1711609612fd87c0d68fd02ff82692dba06590793

SHA512
e9188e4117d3f7edeb459002ddce2211aa55274a8bc6f4ecbf849fd18dd98d8b0e40ef51ecdc8ba4692226834a1344cdc5421578ca4c6cd51dedf2c6b6347e2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
7abf1dcb3e1a410cd7f2e326968265b0

SHA1
227b86cdcb5edf014d6e359d821a3d43ad0ad884

SHA256
6f7cf8554dce2323d0c53c41a9dd19367ec734b236003086d992671f46c93c9b

SHA512
ab713edc91f9893668c902b287abfea66ebfe096c2b66aa5d5e07f9d386095498f315d3b494c8d682dbda5fb9a51a88baac9cfcaca83e546d5b3419a2d94f953

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
dc6a7d1314f8818bec49b1052aeb865b

SHA1
ca8c9fe5c9d9a0c96146fd75b0295f3c531380ea

SHA256
49be6a4dd5709806bb952c75dd28b87e586fd7afc586c2ba6b5841b4da5319e8

SHA512
4c8677d99eafdcf4bb207f84d81e4387403022ad32b1cbeeedf6713ca91f396c9d433ac4e96411abe27be03a43afc4d0ffd75312a9f68c4c4dfe19e0d305b573

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
bcb4ee591660619a87b65ac58c3d8605

SHA1
482a39343d19b434312bc0a418e806b7730f3b96

SHA256
84993cced32287c92d25b095ca7b3d125727e6863fb65a04e09442230789480f

SHA512
d888b7850999e87768110834a3791337d38e552e01e8b1c66034bdb13f4648030c994a212a4682fb32babb4307da750923170a76d6a490e9308f52083720f6a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
2741d02d3b8e655403aff931b969d820

SHA1
50b725e94ff1ec354e31011b91ccd5db3517fc9e

SHA256
a305f790d2e1b82313f16c8146d3de429a0c435aa1d77ee649d59b91fd74b9d7

SHA512
277634cd726314f78de12d31c83e32bb22a87147583fc9c11d9b51b6e3dc5bedb886957b700d22fc72ffa515066922d47f9afc4eabebd58238292fb300e01c02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
4fcaf5ee061955158fa52bb423834a3c

SHA1
321d90b20814774358c915c9bb436b75109f52f4

SHA256
807590040050786687a10d5be74f004317fc76c500ab44b45263f723cdce69ac

SHA512
be834534db8fe379cba33e2c404fb629f875b340d2bacf3c586a13ee7259503e33ced7c9b45f6990a3eebe833d76afb68668127995b510756a9871734fad29de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
cce0ad3c1c68c8d910545ae89b7fcf6d

SHA1
aed4af9668e5c6f994e9a6690eb43943c5d79319

SHA256
1dcc723775ebc2fe54e46ce170aedcc284521361232c817c1623fc12b2f242e1

SHA512
b540294bcd74f9faa0f1db6f89e92e41381dba03dc1106c669db4f682778d26e72b03b5c6c3e39d17f63d92bd2aa822925fd6e25af6ae14e3a6548397ea62402

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
a0ff4233de59d38cfd7b926e81ab8d57

SHA1
bdb38bb56512f65cf30e9bd3bfddeddcc167e8d8

SHA256
e1ffd6c76bf2cb75a75a1e616e81fa5b6f8b0225b219ea5914d5e960669dfc2a

SHA512
302634659eded560367b6801c24da2ee0628cb4789f10ac4dbf856930d1c0775bf79fc46b43a7eb307f08bb57a9c0314269ed724f3e898740eea8030ba867155

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
25e2d1dd584ee6303ee0b89273e5b329

SHA1
5b70ca09ae259a47dbe7f92f008915e75db65520

SHA256
a1244c52f30da9dc967750612e8b14f170e762e62ac491ccde90e01dc8be1f53

SHA512
8ddd506b400bcc509bf05d184b612be3503f22073b35945038433977889a140d6422a0d624a4c0bb68168a911ed1ac1d2af841cd9a14208fb77e45241f90a10a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
c2481e4df63ba9b6f86326d3ef07f94e

SHA1
fdc077ea55bab220d8d787eca840dbd6d8f7bf40

SHA256
14bd629609a1f1b02a316fdfe11c66b10b0bf7e090013295e891cf8e52c4267c

SHA512
4198bc75784925da384f9370a40db21eaa442d920b0a6494616e3d9da284751d2d558f7e536b4f5428bdb34875f92e09377bd23f6eed96597878612b8aec8fcd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
1eae7f9bbdfa1d706640d132c9c28a79

SHA1
81645b8c63e1bc9fb740ef0ff1b8b10ad210f3ca

SHA256
1e01a79efc2c3daca52e5ab436cb09b39062ae6d3fb976911971c7c0f8596381

SHA512
e8820ed14ca434986cb2e1a662dad4a4f8cb261587f647a6324a8c009411848a8de109e6c783e28a26a6c989a240b11ebe3f29e68b593882ffbb935bc9a021a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
f723f6206bd131a2c67eba0881c282ce

SHA1
1a82fee4a2f53c19fd2adb8911757362efa1506a

SHA256
139673dab2b63d5b948f9c7bf3f7186afcdcebbf37b32dd38bdb4f37746f8e7c

SHA512
13de90070168358f617ef437197999746938a5e350341409df8430f2ac09daae5bb69d6e36caf3f34e52b0faf74a320dca02d876b8c7cb0d59aebaeaaa9686f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
1afbad3221de5faffbc4f24103150fa9

SHA1
f55fe9aa1fb1bf4ac5ac0f6a423c7a5715ff4dac

SHA256
9b614967f5d88644d6f0e8423d468ec2cc6c3f72092f8b508207457227cf8451

SHA512
afef1a15a262ebb882efdf48e7a1760a9fa10f9c06fae3fd0f718b38bace94a661bf0f81eb978e43d032fd48aa73e762ecf07848b8467a38b13f1a6d35490104

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
710df9263a3b74d8012ada504d38335c

SHA1
71e39c6fa3f94281784a87d695de02aae2f04b19

SHA256
28943f337effe1078df60ceee72eeb70738776737dcc11468f9f114cb8b038a1

SHA512
e18bff0de386e78b700abcea2a1445aa9a54dda9b5fdd0719d0e9c2d9c05d49b0d5c2d2b766c3c1099a4a4ac174027e55d3eeb29e02e79457d1c578cf9b22837

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
8d4599d8967b1f6d364d050acc01bc29

SHA1
79bb94a496dfe84b025677cf6032604d8e74d889

SHA256
51948c6a60890b3046849b5022cb7af4dad824f72833b81ba9ef73274543f557

SHA512
90482347c809498681fdc2a998ba49ef1968de01880b790b0a85b1007cca15b724f4f71c9a838dfd08c16ee9eee91618c740b6ae5925336b5cecae837143c7e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
4f8015c67e900da92de014af52dad82c

SHA1
8cecfc618e86dccc3c5f1059e525f4669ace971d

SHA256
d0a7dbcc76a7b68f0174385693a1eee3014ba43e1c0921aa6864d58663fac906

SHA512
839e90c5f5906bd4a324f8eba76adbb9a90f4fd0f378dcebba02d5c58f6374514bcddfd1b51b90a352e112cd8b45803dec1285c55a894add2ab09a729cfadc48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
096c19eee8e700de91ff303895928368

SHA1
7d0b34ccc115095bbbccd2e96a8702fbffba1b66

SHA256
1b390097209f5482f361c9828b5e4b38a71ee08b71175c8cdbfd3fdefa9b0f32

SHA512
d8878d9becfd1f45ea0bed219123ec7596eaf02900e406cc95b8b19ea73ca1524748b9ab38773f03af79dba10487329b0ed4eba5b98dddf7fdd511eaa725d625

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
a070706f8e674bbdd0338a0e4f5ddf5b

SHA1
b6ebb1a7f13c6bab1eb87cf11552ee9784af73d6

SHA256
51ac882a337596c08b85f991ea4a0041ce3057c3c933f55f64153b350b5a2ffa

SHA512
3fe8a5920a23ec3c533941de5aae144c543bce37b30aef59348332a851a20d1397465225be9ffd4687e41f985843db5aa251f325e63a10fa6470a5167b295d4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
2642c5b9f6160173a6547766e64eec80

SHA1
ae223476807316c9c6bb01c8aafc7d04757c9bb8

SHA256
fb46d069911bdeeac1ba2c0e8108c57094d861df966e2f8380f49894dfe61a40

SHA512
5a1a331d4202999f54cc3b603f47bab4b03d8630872b2704591a9a3589125142d8cc1dc918522247195e03879584ff22fb090c0e5abfdf47610c3cc3d3250f5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
1a7b09cbdbcc027e5736687943d22aec

SHA1
7cecbc1098d5aee47f78f45a6055113d3af4d6f0

SHA256
c24dff7f7684f3123b77cc6f9344bda2d5561359039d3d38dbf9c32689fef2a0

SHA512
5cf3daf73ce14e2f543fce0ab52a4a202c7fdca684a51505491bd6055c5402b8d78073e061683520e51cad24246aaa2dccb273bfe72af9c63ca86fc496c73bb0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b0af9a8792d3731d28c234d4d6dddbb6

SHA1
b28b33399c0aefaf47d959083ea8115775d9314a

SHA256
cf21ff85a07ee3505bc47ce44b09aec1b6028683a8be04b7b08d6bea6a398a67

SHA512
38798e60628863d97f81340dcd46b65d992db49041bf3a2dfab77b07bb657ff18fd864ce008eaf8df84a8b8f18934208b91018ce6065495e13775daace950c8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
0c52d843bcfc9f8d4c2a391002eda8a5

SHA1
0736fb489f5c7db9520750dd77cf42ba365304fa

SHA256
abc13cf389762b874ab7fffe3645061cb3ec1efe407bf05d786004610d15932a

SHA512
0e628a91362bdbf6ac5295c511e6ccd7e22d09ab46f8d71c8911f047c5f5841ede0882aa0bb3ac93fcd05e3f542fe5c8eaa5227a0401cec678e40bc4cf052053

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
159a32a9495f36e2429a44df87b1fb1b

SHA1
e3df125ed8d3d2023234cad26649c51c300a8fd6

SHA256
21bdb7c05b6b6c27a93e82ee6f6edd26a154dd076fd21de096e6d971004b9d15

SHA512
161ae2ec7ce91215eb2e5fddd0112db27e4dbae60193ba717212b244ba5af21625d313e9c660029543b67d4d4a8152d10ebd595e53b076cb5a5944ec4f754b9d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
8aba8591e9deea178a050c008d4b1bbf

SHA1
7adaf2c369227bb00f9b4725248569f0192fd841

SHA256
5758a695eb1381787d92366c5ca7b0dd811d05eb9cba61ad43fe21274a0a320d

SHA512
a042f02f75fc29fd0502abba1ad07b7e6b1f97e6f40226d5da6cebb385ba5f34e7f8668b36496f2b733640bbea0050d4842e9b6a8118216f3e519552fe96aebf

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c73db0bf7b35345181be01691437b6ba

SHA1
5cf0c5a624bcca9c86bc72c4b206fd123cc7e69f

SHA256
e84fa3bc76b43a353833f560e7865b5126f73d09bb5ecbb015b7066f2e1c6159

SHA512
48062d3ddffe80738ae0ca35b837f487406a6bfd0429797ae869a0e2336760cfaa84cc35bc878f3ef1f12f4e1962fe5599af59f80171de9aeb1c7696547a7b74

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
307B

MD5
f00ab224a1158a7e3decde3559fb8d60

SHA1
aa121d80877301362612dac27065dbfec307fe10

SHA256
9e05c50cadc1bebe79d80b6a0ee2530157e1cc8b20c6e470e09974087128651c

SHA512
1ab15e40ba2d24977972995db6944af5fbc11a9a9c89112764a6bcec036480f4285419aac7d22c3175c58f7aa6d5c97b6bc1611e9fced6a8b2325c741bcc0326

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
a19c0052b89d7b47c4a45c45cd7f5b3f

SHA1
0e2eaaeab208810f7307b6bbb3170657eaf83cd4

SHA256
fc2ffcf45b058ae2b0749e996d8f43680362308096fb0e7a51e7460e5e592e27

SHA512
644ccd6c2f61ae898de6401a8e4a76b47fe5fff1ba5da1ac8a5f57f14fb49f1fb36c170fe70bf33b572a27b2b21ace7c3557d075baedaa8a5d4601b6f92c215f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
a0b8a2f8ddb7ed19397b2a4a6fb7b2fa

SHA1
519e218bccc246b19025a9e13f1ba55b2e88902b

SHA256
adb40ac1b96a9c320c2d88a8349a64dd28c1114f92172842e497a2ec04ffb80c

SHA512
a1d0781ffc517fa8fd639b4f52c6eda9e06467f6069cf108c01073b726a019d6ae7ef57f07e4504304246e5d7cecfd9953e153951c07283c460d52e961f68257

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
c56a5a4b087c74057e616bb7f855bb00

SHA1
66d355039aa1c143a29215635a2859032822c10b

SHA256
a7ab4f4ed2040b9732e8e940993dd5672b766e23559f2c8489f47a4548b4525e

SHA512
8b5a08115d31116eb3bc5d8dc91ac0db4692daa0c1e2f62a91b979f15343f330ef4f5b1a6e1b313db5215f39ae36dea3adf2ca38daa1b45730c06c6e20694f1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
886a17f24cd6182e82a7ec24094a8ccb

SHA1
9b340e143a1739e0a89b10276fe74aec7a8c8931

SHA256
fdc38733598dd91fa112a9f2eb1ee597a292260040b570fe8a876e8ce06957a2

SHA512
d9589f59da100a90942dcc33f017dbb9164bf603e5d97dc3f7cd939fb4d7ad6beb719534910664f95ce1cefcb27f1c70b32bf87eb5addcf630838e69510cdc57

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
7a6a695ee24e5f138a6deb00121f71f0

SHA1
73c618d48603156f21e72d6b9b1b64c5cb1d18ed

SHA256
8afbee6341e7790accf3cd68cbd0f9e05d05a41bd0383734ab42e1b9b2577232

SHA512
05e0ea2abc2526f66b4d6559b82cb645356670cee7d54cfb0cd3a0efe5d86728088a3e49a0ac8a11b79cd0ead33c541a08495e7eff098106aba4b01062d7d210

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
1b392214519240c934660d4e7080f078

SHA1
2c6d58a7523871fcdbf8e46790b926b7684909da

SHA256
3ef446b1619973ab336a91b505b4bc117e1561546d80d38533d236e662acc4fa

SHA512
54a43c81039849db0606e59181e13af8398c1726b393243cd907bf153f6edb4e8b56583a13d15d7af58baf01a92de5a75c5da739b3f70563ca78762d47853d4e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
38a296e6af048b79fd3ecba205540bb3

SHA1
10dd750ead4a7c2c77625fc2a3092ca1a439dcdc

SHA256
ab36e31fd17cbe177e1dc87ebcc5808b2939ca9dfaa641156c774daa3ce2d92d

SHA512
c2e72687bf74a5f959ca42a77589c1972ac9b1a949f9958315dd4eccf2c3db9d2b933dd30eca310f44452f53186bdeb65799380d45b77d79f6c4b844383aa291

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
abeb7fc36b8fac6522a47da6c1cbc1d1

SHA1
c48d489b82479261959e9b5dbc7e648362bf279e

SHA256
c640f25897cd59fa1e1330cd3385015060b9e3ab5fb0543ba65139d1370115e8

SHA512
62a80021a316bdceb83012549d88415259b9d952d734e58303755b2239f69997c0e0e44ec56ea124324fdc3901b373f2096ea25b0d2c3c347ab791dbd650c3e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
0cc2f6fa7f161acbd93b0f6af0c9142f

SHA1
f70d3b15eebdcbe055790d0ce91125e20fa5727a

SHA256
83933c265c4fefd7bfffc0f572f1a3a24300c7bf45a76c87914126eb801989f4

SHA512
02078cdc7e2248ef8318b79bc1971cd4eec0fe4c257545071ba441fd2a81e558c8c444f19f3937ceb77a56cb5d51267631941eea4bfd68c774d834d2b84527db

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
9119850502a1e7d251b86609f4083bd9

SHA1
2c211b82b80416d7cbdce7cbeeaa2d6b24bfbef8

SHA256
4e11a0c8c860f1458d48c951fb8181eb447822403da2af81dedac73257cf2781

SHA512
1016a9440bfe19f063da983e53b51b78c1a6c6a41ba9a57bb8f26fa214c9e23934909bb32df633b88bdc6f60c7825dc35ff8097528b33fcb3d0c128bfd47c11b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
7b450e6e7e3f6f65f92ad6e5c9f5ee30

SHA1
7704020545716d135367fa39ff6a92741a6c0741

SHA256
e46aad40a1972c8817b1880a49d62340a198623d5e1012f54e1a82a8fcd9421d

SHA512
21839ab0eb2b4914768caad14ef1f3d65961458e38c9f86d4afe27eb7cee0b53b4619fd312737fa040c59377beceb4f6569a009758e341505e85c1fb12c20429

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
e7a67eaf2339564e9bf5345e4f0651ce

SHA1
cb4dde6cf0d66eb4298435895cbb565228e95108

SHA256
0c2899b35e06282b02e0a51f3bf3ee950c8425f847b1f837fbdfae20e88a9c94

SHA512
76d02da41ddd4ca0e856f1dafc8bf165e56b4b0ae9db063dd109903fe0f080c6962b38c19756a8dbe1df74d8e739bbbc4013231c8e03ed25e578bef8c30e12e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
24be392bc4c2a40c3d5997e27e8af179

SHA1
e0ac6e788dd56cc7a4d41a8abc59ceb72213da14

SHA256
62481ed863a7469ed4e8d8b35b2bec2c3723d17b6993b33d29632be5838fd1e9

SHA512
a93f642a87d1fde33f0057e40dd842f78180618d18b7d9c2f02ca8d907b952bd7c76a42d8d59662a7b70e9e633938e71de2ec57f9f99b45d41927531ace076e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
4d7ff330a9e335cc667e94905bbf91aa

SHA1
9155d8049a06e4363efb96595314a21ebd2d6b94

SHA256
ce4502d742848aa8afd0aa7d59e0dc8a043aae0d2767f1f75f2b4b4d4efc9e3c

SHA512
389f8f80f5e5e010db7d22a3f52505f7ebc276efe4d12637e9d8ea0506ae57526feb43600b5eeea453774e62c655d2226dfd20d6243a5ec28e2c446c1f990596

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
1233595301fef09fd7b6ce0797291382

SHA1
674d7aa3cc7d3970ac36336f1cd4561cc37e2813

SHA256
59ba16ae1f65169d2f455eecf810bd55a8b0ac181e71fc34ae8bb86354792173

SHA512
209fac3389aba58336cdb343fd9fa5a07ad2d294106b68622687839631e22666c9059a197d560669ef045fb136d355916d49e431d14cd5095506a6692e0500e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
cf63783d72293a0b248f5613502e9993

SHA1
513ca56e7b70ffc919276c6d565862f62bebb684

SHA256
84365db474ef5ed61a421cfe2060d0218845ae3c1739b2623a11005eced4db92

SHA512
1063f57f11d970c29a35be1ecfff3a74a8cb65c2f4e9dd3f2871dd918091ffdf19afac27ebce51fda33aa1e80832f00c5ac753af899f6edd298015cd0ad2e80e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
863b17523be60790a47bbcc623189022

SHA1
310ea2158a791ec021fd30feb5e94088d9f87fc9

SHA256
ec3a9627f3d30293e8737d1d811402939ee678e4c4c50cd9c93ebb12d359b133

SHA512
ce6e3e1231ce7ebe153a0565282f2c22a5b97bcad4e79c7e234a1a04202af2c7453735c3ff33af487e4f9873f5185d5b2f9f64e0ff1348807d5482742abe9342

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
b0cd68f4259b7ee729806e52aca7c30f

SHA1
ed1f6a66aa40be76adf6ae4cf0b85f58b669af4f

SHA256
1680d2c278e30ff0ec278d65aaf9df30698426e631d919df28d23fbac5d5ffa9

SHA512
b7112d15eb1f6d6408014923500ad4b02fe61aa023c64815d387e4a35c511e2ca8caaf2b144770dd13a0b12fca2555cbf111bf159f05dcd2606020a87814d7bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
11e83f240a79e343a36ce9e375963780

SHA1
64ea1536758cbf38054ddca01ff19688d42e9a20

SHA256
7833515b97fc00ad81c8475cec714a8b162efbfa3931495d854421eac297a4b7

SHA512
23cad699f16558d2150b86b020d8f973b2448e5f88199ebcc2baf3107c8b4ae7bea7ed77dc14ba6ff5f6cc0da63de167544b6bbc321fc012f896b0686bc7a6e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
0cb95a854c948d57642d86ef47620ef9

SHA1
6d71ef67ed9b7d0f3728c09d328cfead631c7462

SHA256
37350917ef59c533cf9b5892b31b327d2960e4421115cb10643cec6304e3cdbe

SHA512
ca4c692129c3b9d0eb52854bb03b7f95b05ac47a76b66ce197b0b78a353cf2ecbee336fdfc1e800de50af02af0f22572e7e57f0af5beb9473876431f66430c15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
4ea46e550510e0bf0a39297e62dea977

SHA1
2d5c0669191f06fcc3122f638abf153afda36f29

SHA256
7da59378f9e018d333262ce144f82890cedf85c8c5f47fadcbdba8ff36f08593

SHA512
2785852097451d3bfa9f3d8fe2d016d3b978e4ed82ea0e596d4419740533b817de6d08c98d9197a04a2a465f0fb0c6351f92e15ca7a4a53781a214ef908983b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
028afe0f59a778be7568cec1a0c3f33b

SHA1
848b858ae4a62de237a621dc735a18ca59ef2662

SHA256
9f8886927b3fbd71a679d55608e728bba87cb07962f91823300339f0f225c132

SHA512
ea12641036151f64f035c200f4c8c6cbc698c15f088870e88222ab46b6f5f83d5fbb058228331298863d714284f90deb9a1bd1187fce5e44a967d742e9dc76e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
86d274ba5abfb239a7415d686b457590

SHA1
dd93ba0bf4cbfb0b0d4dfcbdaa1f004643791692

SHA256
b8ca6e756e22fcbd91c0aca616c7f7bf1428315542768f055be1d04c2dde87c4

SHA512
ed462f334ce42d6a9eef0ca85a04f2ee97effc58662021bb63b9f86df057f4ca5f9b75a87593a5230450cdf6a19853941c74c1b2e62bea9bd8413473c82e7510

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9967854bce06c9dd0fa69ac6c54dfdbf

SHA1
4305f4577536abda0595aa3504885fe9a7ade634

SHA256
363ab70199c42a211c02235ffd078e3de1c3061b7c2453433df044db5ced5f6b

SHA512
973f1b5f7c8eb92a42c2d34438c6d04493fa43a1afe18381986f06e464064e0fe8ab24cd1135306ece93730017e9dd14a1bc6df32059563f6807e7b52fc1816b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
50a3bdfbc498e3720184df3f69e61b68

SHA1
09018d12c34c0bb170c8b0b58f9243d39f94cd19

SHA256
f1469b692bbc786a32fa52192c147c8017685a73de8757c8b60fdca0a12086e8

SHA512
6e261f374c048c83bfc0bace73dfa7866149c032bc72eeb1567e28757e391b37b819557a8b0f9cb3e1c032d07ee19f803b9743db1c8c07d421b7223a8940eee3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
325d772658aa992776043f6f2399ede6

SHA1
b082437e2d23abb10b88d3558e849d926fbf593e

SHA256
bd1809fb088ad9839e953dabf6a6d5e4678a69cf4bea5f50d3c0e91e714caa5d

SHA512
ea46074e46e11745cd6f6a30fa7685a28f27916523fd862da666a6791868b0bde9b5a9864f2f8425f89e2b5f53279fc1a8c5fc8b899ed394800eca12817264af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
827bec088093746209fca1156948eabf

SHA1
e9e3d20f67ee46c30d444e7f4f54b11dea9f7171

SHA256
f91648920e49353dd417f25991a8aca81ce4727d55ce0e0366deddd022bc3684

SHA512
2fecf91be63f73fd1575a4706368f583c054c8c167054099bb42c6f214be13ec4be1e79e35faed37668e46a9bc356497a0abf8e4313bc97b952add8bf7313668

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
a39d720a0d726a471a83c2af77ec3b71

SHA1
2a4f2530a856d7d643ea21476979e6bb9f516d04

SHA256
45f0d02862a09b8dad11c8a2f68716af8e5264d7bd38a0e943775f32d45a9fbc

SHA512
a7d2a7bf37f99a05faae165abf8aad514070e295872d7094942c8a59b274c6b91aeca6659a3880c694615a1b579b81cf84d8ade867b0a3e8122242fb0a72e2ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
829b8aaf512ceec0ec26e80e9be5b833

SHA1
22e7779584ec431b70fa3d2548bf8ece991845b6

SHA256
03ad09d7320e59ee11ecbdc7d3e5f66ff3bab771b58fe428c3b20c8bd1fe4b48

SHA512
06948b5ad11d1264c162a42268861dae3b11abbc9fa22b90d4b9a0c751d5f70f8f5634b54972dc2f0b5dd7c914409fc1bd5f52ea4cdcd307d92c6567b97300b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
af0499f31553d7338d084526dab44337

SHA1
ff3c08e17dbf19af6c08cdb58c646f2d120454c5

SHA256
4ebeaa15435f24ece350b1e7d965d0ba29aeba2217b5ab77b037ddd7406e3c3a

SHA512
3481934363e35d4a3aa62dca0f380ed99ec1ba37d84e9ee8327a1987b798296988f91e70f1c357570a2d54c3aca137c4f4c9c2dbe5571cac5512893dea5b0627

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
4767c93c49db27938062441c2c008b17

SHA1
16e10905d1d812440c142e6f4feee40a02f50bfc

SHA256
d3f44eb06e1e1190c83da0dd2129aa46fc09315815359452ae7de02e9b8e5e66

SHA512
fe388bcad637bfef2585d6cd5468ad64dfbde5167b4adc530a058f38b1f8def9b3dee85739f113a4eb72391e2a3ac274552b2a18b101e85fc5d85c529541406c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c4092f67c3b55083d167b7a75cb4ce2a

SHA1
d1f2a788a9bab9d94dae5cc2e31f808a30ed133e

SHA256
730ebd4d766f20912685cb79dc94ae893930d0ae18d01973a13576ea6716e9f4

SHA512
966e8c503238603bb1154aa073570dace7cd785f5fca7fe9aca2bd97be16dffbf30e9017f768876d78c24cfab1f20eff6f26dc468d88092b581db673689a7f90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e87cbb4c3b5d83480b914b4f117a682e

SHA1
299a6520b814bc948f310eb11226aaf6765de6f1

SHA256
ed4968ee24dbf80f44658173a4f792bbdf6039578e9a0e0648e69e1c43bf76db

SHA512
ea1dee9804b0f0423ba7806fe3a2f51fe2964b5b777f633c37087cdc50c73fd86706daa10da94e42f239e2e48bef8a3807fa6c571f064be6bba7f85725275ce8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
36bb0926f201eedf1282d82d3d5ca93b

SHA1
59d076f46935a3642b09e6ed30883675ffbdf985

SHA256
b9beec6de2a52a305a3ff02d143b6471d516739e24b3516182642aca0f64b4e9

SHA512
18f95979b34539ee24a8ec29dc33ad740772ca745f05f3f73843ec1a66ad829cdcf57ec196987154da6d4bfa866340df147f5f8a6a1c3960cb51b753b6113e87

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
5b307131f53693d7b916a408f1fc101a

SHA1
0c526bcba62f5b0ac0a427b257ffd591060cd83b

SHA256
5c5c9a07b93853e76bff41b0fae66dc4b582d009b0562527df98ee3b805c60c4

SHA512
8de57f6d86cf9849fab1438610bbc46b7229eb0f6638c31c6081c3ff4be00718c08be7850c1e5a6478efce3fccfb0b6efee588ed83f9f87b002763b58e4ce866

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
ff8666c8da6f87ee402e900b91250d16

SHA1
bac28e6b7a9629c6d3245944bb9420652736b4dd

SHA256
a8444766b648afb14cec0216c63de2756b94ff379b9df4e045577daad6fccd1d

SHA512
09c65c0b0624e8ee3b4434bf86465293e5747114e4f9ab0b28447d0ff6704c868ffb96bdbb8e4cc7c9f2dcc3b82181de06d6063af763c11e7e15ca16b174df6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
64a142586347fc171c1858329bb34597

SHA1
1af0c3221c989daecbc33c41778507f1b10ccf95

SHA256
b9b3da14d658f33be0430d1fc89a9bbed1e467ad09cb72f984aff567693ee318

SHA512
b3d0ee58ca615c69b85911f41414c9fdb27d7b726f2f2622aad7b01d25672d2c0e780d482e5df18117abbcc220d1c28cdad486639005e7aac658aeafea27a1aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
dfd93d35ada3eef2dd250c124df07444

SHA1
f94b27670a6f9927b15ec65dd818cf54c0bf9fee

SHA256
3cf9b2e5928332e3c6cf350d2ee961777d82d2ae54e87006ee4df944f46041be

SHA512
abc8b3ad24d556de98bb1de25158303076656817aa4fefb792f115c32e77358e8dc2ce35695db8953a9447adf8ce4e43fb57104b086cba3c2a6122899a9e3641

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
6e2eb99bfa105421b02ec7777a782393

SHA1
d5850f09072051f3a5d69f4fbd1576f965d5318a

SHA256
4c2b3e336dd1e8b29447addf2d6b5e5d9f3accf7fdc17615544b4b6f55e81cf0

SHA512
b9e4601836a7801f94d0ea24c66a0a67d6dd3139c5e250f6802086b33967418b2d7bf1be379f6cfb1d28518ea7f796bed7c21cc93dd2aa4a5a443b5c545f78d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
930bfad36bc6c7eb5f610560fa33a384

SHA1
d4890b8b56ca08c89592e05f3b488bd43751edca

SHA256
ce63fcfa46bbe9a81434096b891768a98285ae380e2d9ae0360ca5c6c8135def

SHA512
104d1bf0a7343c05d1d88c0749f078dae4b3d504b39007a760ed8b00a287909b47b8d4cd8e20a6af382f74eecf70f5e5c0a174b5fb72c487e4cf1edae97865fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
0465294a28c3704c9d7609194cb05f11

SHA1
5f6b76185cf0b18fb7914b232528b886ca3a81e9

SHA256
d5f95513f6efce0358bbf30cb076449a4a770f5262458376f0cd26909659ca86

SHA512
491351a27e1aec607a944c09b781939f0cc93472448c3c51790fa8a81e67ee6bbb1083b50341e8b13050c20b3a4c5e52200ca858a658a14d7166173f5dc21403

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
efc80932c1f78150355a927a97cf1257

SHA1
74dd3027cf38d976b066916e08a089d116fca00e

SHA256
0c1dbc062d78fc987ae912501ab367e2fd210811910effa6fb40e8c8ed94231e

SHA512
0dca5b3e9b3bd97a57bdb2baa8e0846056303bd2e9593ccbb5b81e7b0e76d32cae273644715a78fb29818bc912772fc88c6e5106ffc2dd4c360957c70ad737d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
8cd5d4a31ce29288b682132bf8d2e5b6

SHA1
5625115dc6fe2ae68450ce41ae3fded27c8c84e9

SHA256
33205d52c9491ea6ece9aebfa51c238dd51ff32004898f0a8df9c3b2a203dff5

SHA512
b60528a9cbf10a51b2791f4b8b000766845d2e4e4614072e4a37d27c1ed213f564ccd25c08801ea261b37c45b809111b71813443bf1b8f5df52f81a43d1f9373

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
4cc6d50d87a39780a08b25d509e514f9

SHA1
a9784bcb730625317c4e09a66135519e6a4576fa

SHA256
97b1829277bc43a9c9566750c53b18675dcd52f6e44408fc01544b383a330c36

SHA512
e815716ea9081636c54ffdecfaf65a0cada17cbbbebd7883e81485f4d6a3a8d830684354fc7a6f637d8823a66f7ed9a84662e7b18b882a0dd0ad9fd964b4cb6d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
7ee3a921c0a70865bf1f1233daea37fb

SHA1
fd0d881862e3d552bbba717e6055acdd134d03cb

SHA256
a006b757662acd871e9221bca267a93ac112a3cea70790ffbcbfe06fe83b8fe3

SHA512
e11adc1f7c0deae070b967a02c56af2c53be562db4d8de268604983e7a9ab170afaafca7f2e9a6b3239d84f5e33381b625aef037e4f6cee591e85f4ce04b19da

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754015919606.txt

Filesize
77KB

MD5
a398947f513fcbf18706377b5906baad

SHA1
f9e1424b899f7361bfad647a162431c49679408f

SHA256
848af500e81de44feb1acdd9904d13eafc84977fa831101d45853dba9a2fa43b

SHA512
fb0afbf99752924866fb456cf9612248b2a61f6569cc2fa323c604d1c45fd640e5ca72d27652f292f291730f92df32ec587a67b52b0bae633fa2f165523870b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754558884338.txt

Filesize
47KB

MD5
dd3395ef7d545aa01293798b6fd5c8bf

SHA1
f09c582ef3501631e404c6ecd39e79f293c0fec8

SHA256
b14db050d6739739d1a8d67a0b0329e6d20b670b5d9a846a82afcaed0e936bbb

SHA512
8c20aaad723e409f5f8d4f0750ef017fcfbbb4cb3e464e76af529451bd2dd05daee479f9a84c49d4fa072cc4d9a59a9611888596f4770e46a857858a2437b91f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761023232969.txt

Filesize
63KB

MD5
af21b0f84e92b37a9bd6f1c6a727f539

SHA1
457843e2716f488bbac089f338fad30e7224c21f

SHA256
4c42124f5c68293fd1df39247288084e9381b5e390fe56cbba42e0c3e9c76026

SHA512
f6a538db9fd0412dc0b7bdfa431518f884814dad84d208992117dbd98c2b81a80b119c6f2ae5881c42a5110a8369a7557c5b984b934811d3389ea5ed257fdbf2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763578088095.txt.EnCiPhErEd

Filesize
74KB

MD5
e9ba3a1c584fa991ca4cc7ddb226792d

SHA1
53ea5144ea70fb4dcbabe9ecdbccf89d8144fd30

SHA256
c838ebc3d6794bfb0d1d4d444a1d59c8d2009cb9b6eb2cb874615879022a4b23

SHA512
cf44c0f4913df948b98cdb2d54e7ad8faeb18d1d972b39764b4cdc94d07124400d750478ceea48778ad6f368dafe933cac5e96b568f4dec1055d98d7039ba9bc

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
5f2e10477fcf0c502d89a99760988cf8

SHA1
82ff7f1769336816c56a145b291f6f351a8dc9de

SHA256
b6974925eafed3b426d645b3ba38ca71f10eb3f91b2cb3aa55d08e84755e3e2b

SHA512
22bcd2860c50b7b4dd326f63e6a22883575c3395a3b3b7baeb6b877941c515d8b40f6b210dfeb5eba973a9dfb6e73c889a5f334a5f7f6bf1fb55dc1a873685c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
261e9fc6bfdb41fe38f482951cf3ff31

SHA1
dddc5299f2a081e93864ecb97f494d1539f73841

SHA256
cd275e62ec2db57d3f4b43bf0d374b503327dcd6153401a0d609039b5713e604

SHA512
846afe3d7b2c5d227d6432ebf6d87c4b2e68584a5c9d22f70aa3a0b1c6cf9b1f6b6fb680c255dd744b01543150944038b8097a255823f2ac1cd91f7c51390860

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
e09493ddb19d0ed5600f44ff7f2f8699

SHA1
4cc271e3812e2ba9eaf6dd023bcfaaf683e3cfe4

SHA256
c2c924deec3677318892635f116f5fcdc7c4f5c813c854377fff72afb9e545c0

SHA512
386d80d8a8c0524606e9c4edd16285fc19df1a03333a0dd7c8a42e4ead66d7aa1665a6917956e5dacb67bae6e23dd2b2d9d88e8eb49ff0db337737732dcb0ed6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
66bf6620ea398bb79b4f045dc6376f0e

SHA1
224413ac361c1149f26d100893369cfb8bfb8613

SHA256
30cc95e6e583cca670689c1faaf998f87ae69e31308b324ebbd2732b10141c82

SHA512
ec39d4496f2a31bd681ea91c4f0f3c7f2f829949f15e75149366b64377a48734d2329ab7a8f7048d81105cfb606a5e36283e711dd1801240c59a0cc559c6ec3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2821893a946af44474ddd8d586655ad2

SHA1
bc3ead5a3a01d89012023e83d7b6e4d518c8015f

SHA256
b27bb4802cfa92330fee8f9d6293554ceb7203ea9b79b4834ced2e7ffda604d9

SHA512
2a45f6165a730b6d791b58f7937f7effd0ed8342eb8176bf029f353b7ba05fd89fa8d01fa61183d1484c1e3a84ca61bfb0c2b0f507384b8c1bb278bb4b6b1c97

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
302f3cb2973bef4f7af5d1748e51271a

SHA1
8772197792d3349d08e489bdf9f0ad71b9fd9cad

SHA256
a5714fc8470c0f3745d787c6d7c4da346bd9b30d43a5e3153721fcd4b7eb1e82

SHA512
64e02cda4e3e83dac785cf4f0be59697524247a26c96d593240824f8326d7437e1f4898f60fde12f0cd840fc83ba05c93108cb40faf0a630e14606ffe6b4717a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
59284dc055d28c151d617f9a98479385

SHA1
5799dc0fa25a4f5c4e301fdfcd547c86d146ab61

SHA256
7e3f850ee0c90cf26a4428802f3acb59f0ce9ee8b1227b187da774544b4786be

SHA512
14f6177e230a71afa7191f512157ebcf75c8e1853005841df68f35d92a9e12937b965392d148aef8f7718dfff2905bd47fcf4bc1edba2381df42ad617ac7dc50

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
010fe3bcbf23c4728664c10b7eae8137

SHA1
061ece08b7975fd91f29b1493bce6c3582d039d7

SHA256
dcf472bba3a65a945b46e7d7d621e58729b6c22b9d957a3eb37991c6064063b4

SHA512
0522867ed8524277d15d979aaeed40183982d05e78e86f02b6adc2213508e710f121241cecb17a832d837aaac20b709e56db833486a0d3f39533ecc03547cacd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
87a0d9b453415425694ab5f776d767ad

SHA1
9ba39febcf7374f40dd962c87ee5bf4ca4e23b9a

SHA256
98c8af2f31f69d35b627ad885e472f627f940e102679d98599e8ab6edd0a0650

SHA512
6066c638b25365911575974c2ae5362dcc89db329cdd7d1f657b927b5102286e729aa6f036bd80776223bd2a1b220f92903a6b8aeefa04b729112a68cc2ee7c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
302e385157549af9da6fa68fb72a8f0e

SHA1
e31b60cd1123755d764ee24052973d611cc8282b

SHA256
8f55af3f741180f86e7c69af455603cc3259ff35a5f3d57e8d318f9218dc38fb

SHA512
c29b292eceae5bb40fb3c31a5d971decae780f0cf6b9198b7cf63cd1229fc3f71dd6e735437103ef2db48f6f99e1e88b1ff2592cc5e07eb332df8ab57520c264

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1da36ea563466915be0cc70f7d9d3fca

SHA1
ee739b98447c087e0cd676135698a3b05df3f2f8

SHA256
2fda0286caa93ba199ecfed6d932915aa7858966dbceeddacbbf2c169a789108

SHA512
61eda1bce5495c32f429d022addac1fbaa7d0903d0d9148cc8eaf22816a944cd7c3040cf98c387787856fff20b65e2b1cc0ad4aa00192245ad1e254a29b60368

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
83dcbae8c88bafaf8286fee27ac7be9e

SHA1
ed441730b2425c09a54796623c1c3f49d7c3b92e

SHA256
fbd76669a602e5867c44a6b6e274c53c31bedd7e1b2ae7764da1b8f111044f7c

SHA512
9337311764361600a0a54b450f7c225624b984503187ea603e9b1cd4bdd8ff89413194ecb39be409d0ba7a9cb0269510482d76b45d88475b66bb2476bfae9021

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b9147ba1f65d607ffb379a8003fd2aea

SHA1
c73891ded54cd93874cdd127b20ab0f5e94575f7

SHA256
1aeb0aaf1d778c03a503ca615a795e684a8d2017db697dc46048a5703c05558f

SHA512
47f67fcaf56a078f5a43852cdf66878d91148926ea9991907c719fe865df326d26858901e0cd9bbf78d236f62cab894ff37fdcf104f63e50bbfe8787cfeef4d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
bb0ed8a4199660af4cd051d5d61bf992

SHA1
39c4a6f4d2dbf363f799c26c0b682e5e812f3fd5

SHA256
c41a23eb872b826b955801520ea384621a6e39ab15eb3c8c2b918519afdbaa72

SHA512
036f05fb58fc19637bd9b16c9a3a607183ad69c42c2112c4c993b794eb3c75939043e91986c5ee2986c975f9c2b320bb8df4bcb5b5a817e05cf98c08392f253a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
735dd252487ed682e01a855df9d989fd

SHA1
30ba8619fccbf59762d7d58051122b0da4686a74

SHA256
d86ec28cd8672fd9be4e7a393de4dc87ee3778b73027644829e469fa205dc032

SHA512
097f87c76fd96015a4b840b5b0a16aaaa1671c1ce51ae5630e0c2972f52a71e25d3f63e28187c26976a81f3c10255826d9f4767db4e2716c4575fa60d36fa51b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ccb153763043376c79cf0ee4bd0d9746

SHA1
4fcef2841a4a147d5ce12b5f986276a7eed9e0b5

SHA256
0fcae41d61dcb510b8bb4736a22fee6c323131fec1222f6f03852f4ddf5000f0

SHA512
79574cc6df331edfc9b244da0f538bbd619de11fe0503537cce3cc4936a663c0e535720c2c285357fa194e5eedce3efc9bc9345687b212158b6486c1f5704bd6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
3349f7d0c24f857778c61b5a5ffe7227

SHA1
70f40c8c4aafaf5a67883a88f3cc23723c286dd5

SHA256
4d199152f07336d1d4b7db8124acd6ceaff2091bb8f24f99702be415b665a60e

SHA512
c841934ed6f27ee95313e63d77583e3728d050b4b77d3783e00cef22977519832fd6664e5f29e36d7877d18db4f67f9b2527f5b2dda563239c8dd2d9bd056434

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
34e3fc1a7e06025a2d5842e0eadb8e83

SHA1
3f6032c967d2e53dad3f3dc682899c2494509870

SHA256
a87d48cd8832ef6fd740e9dada0b18e9f3336b86487c2ca71cc29eab6e18bcc7

SHA512
60d55b2fe1484f07a3e8954008ff237f236259ebf3ed8e7c5163dfc42336158fec1069ac72874d74b5eb61194f6bb4c71e313f6fe65652c93a86a344ed4190da

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
d722fe6a4b7a0bef9d4f491fc7768724

SHA1
a315571199ced6a2cab9d206d0ca021990fd3f65

SHA256
c5d80de25288bfdf5af13d299a0d981ebb524e46b7d0384d18a828fd326bca25

SHA512
4bb269cb28d988953e140ff61cb1050cfa3ee0eeb286ca1f22a969be1167a3ed104aabbab29c1ae91d15998b105e22cc68fece7d92e8177e6573687e52bf8aa1

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
498a4c0720d9f82fe8f541486b9a3998

SHA1
6bdb555b977d9eeaa59c698444586834d69b7a3c

SHA256
3e574ab5665a86f2eaf7cbad30f16485f45a0a9a95ec9e2f943e2263ea73c51a

SHA512
b39b27cebbbb659e6a0ea50b69465d48463452f88faca668a59d3b4d16a4c49023b1e7f5927486f0419c413c5b3b891fb785ce028b140e4e68a771062d96fbb7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
be7d81f2442a9d7a594a060f6654f0b4

SHA1
3aec9154d8d78bce2f06dc22495cafe39e9db307

SHA256
0e28789ccbb00ea23dd202a59c6eb5133d9b8d2a31b62c3bbd5f4c5e7fd32328

SHA512
5585734f5b316c97d42d0e24ea94289fd5b07125420b3c9cb39f62562ccb7603388ea77730851e8036389c2fe5a704cd390d1b9ce2e0192145e96946e086c784

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
942b7b655bf9bbd0d6629f1c2e742f5a

SHA1
8af157837a1c0287c3c880a7947fb52474f51625

SHA256
01c1b962f588d672730939610923f9989c80cf24af2bf7b6408308b89e79388c

SHA512
30ef69a2b9b970d519d6e347e8634e8c5c7978b09066f0e277058cd2559c51893b8e0a036fca19aab74998596e343f6e18dfd779ad5451b7083fde7475dbdbbc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
f32e090915ff3a0082003637837e18f5

SHA1
df4b0439a58f6bc17fb898596d3720968bddd0e8

SHA256
717c537be92feecab4bfc5b5748b2e0b2c37107138b3ef72e1f6b721b42c46c2

SHA512
25301902b9ad491f43115ae04865e6f60b0c1707de5fb65a0f8018ba2235af48f74a0f03b6e2826a100c2910a266e37fe4adac41e78653379a135e71216e5f32

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
fe21158048a5c5aab62aee5cd05b2e74

SHA1
237304ae9b9e78f533f8f8f7747c04da09dcebeb

SHA256
04b547aca02070ed62f9245257758aedbec9d830c191df676b5232938903070d

SHA512
1ba6cf1c1226687cf2e648c2a77c2233097097d7222d0a65f6fcd29afce9a69a8ba4f8516da559285ac934c9e2a67ddeedeb7c24cbe05af56cb88fe1e6443613

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
33ae49640d9dac4b05c29c91e3d7e493

SHA1
4a77042d84d3dd29f4ce8f93dc7ac6dc73bf63eb

SHA256
279baac2b7403e840465fa3d3b3f3aaa7fdc8112146f41b17092e6196e1ff0fd

SHA512
a748084de51abf7dce19932d7182f318fff4e425908b49cf3f323f451d360a5ae3d8a843e1eaceb74682e4dd0c6f91a6632098b5563d385f7caddd2858d6cea2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
d5ae4441d24b66f269c105c93f947704

SHA1
902bc67315231e03eda6d792862a275ff071b3ef

SHA256
7badc33b93018f6b34a6803a05d1f538b43a1386adcc07beaa6c0c53e49ee655

SHA512
16b2c674a122ed6d68298d046ee5ee637fb0c53a6b04d9d3506bc2d574725a80d21ffa6de09088be7693f02151e843f2a552e223b013ec901cabe82216059eb0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
598264f5db3c3dff1e8538026dd29ea7

SHA1
ff32d57fe3a44fc5060986e87b35a1eea22c36dc

SHA256
803a39396cdb5851357799a3ac95713c98c5e2b129e22f507b257d75211e1907

SHA512
d1849022bb8007bbe5840e49e2ca21c590ab023b423e3be8461ecd9dbcb06940fb429a39f99587ecf749a31f47e15f3c3bee310977d2946417fec7aa99a565f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
d8ae595c79247d62e0dbea03c05eb0a3

SHA1
5fe86404034fccdf68eccb3b5a5751fca488d556

SHA256
d0022722906af3bf5bb9a8dd1f3da85e3fb755f5e160e0c7aa998c3b99211832

SHA512
e8e84d8707d443f8e693232e2dec0124a2a0f35d32f73d3b41d696c6c6e72d56c8ac6f1c677298622c7a84a274c50041ffc2d9dc99c5429407e640edca750788

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
1d82b0dccac02de35a590e1240cf0cfb

SHA1
4af6fc735535231eb04de979b652af9b9dd70120

SHA256
57e1b40f96b341c3c6ff96aa588639f3bf9edfce44805233b88c5973ce19206b

SHA512
d631fc84ac01911bc0efdf81bdd8cbf4c2de97d43dc957d128053053b6cc2e3f5469979e35780cc7cd6dc9d0ef2a1ca425ab3cd0615e296866e33e024fac96a4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
2cb0cff0961cd4d325ddcbf171546f5e

SHA1
a2fb108dcd96c2dc81b78da8ccd485becd8f4048

SHA256
054cda786a192e2e33ae607bd7dc6a9cb8c0add1a208a0d5ed337a672132ef53

SHA512
76616ca4e907c616dad4f09fd419183650f4562d554b5d67128d10702b0848bf761e702083bce2a9462afc43f7d0a3e4a44f273f6df06cdc3b3e6751ee200547

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
7cc9710502ce59bd3d51c8ec596f2d15

SHA1
b6da829b3ccf2019bc867d9c0c7b5a9af104dbbe

SHA256
37412a765db9a657794ee07025708162dabaa0797e8961c28ebf25d444320b13

SHA512
739fc0b7094d883cec19531223ccd1bdf6845a2d155b3869dbdf7afb9528d0edebf18dabf5586002d4aa74fb62d65a5c94f5a55c2f587959b5d1e9720b9a2159

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
412074484ea66bfc544ce0519ffb51ba

SHA1
031b4faed680c258717f95c1a45f87165d70bae0

SHA256
0d62577e8f527e66570dd496d7232dec423f43b44d5fdf862ec6681e8aa0fa01

SHA512
8d4cb1bc6650df9c8e6a5010340b3d50d15aacad1506b880d3c9f6a1c37977be1398defe2bd202f749b80b8e2b27c7da03c95ace4a4d4f4781fd1c9ee2928fc7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
989c44d1b01f4339b524c9cc8f5a228b

SHA1
74f674e925e01891f9e6a9d40b90233d196b6afd

SHA256
524e7709da62f1ec44f93d7a70c94128504c4ca3a8c9f7c51f94ab3aba8fa137

SHA512
5f362b9685478793fb6fa78f6898ec3e303c207aaaa793897500dc69017c5da8e68bb68d4335676048a4464378590b206432b4ff11c8e3d7c98a88c5f34a5d2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
99ec32fa6c5f0fb72938b63acd492e70

SHA1
d4b68e07e03c5fa43f1101c36eb3f1c1ff5b3df0

SHA256
a67c03a5a2e0190fb3b18660ce07151edceae66b4eda5a62800f3da34c229a4c

SHA512
3b5a8579ea885b11ec09a37d4f9bc3a045375d358ee0f151d586eb40f18032e58f46d91ed0ba58f6be3c4773f2d0176bc37bc875eb847e3ae1c42b665c850912

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
50643edd8385db01d2dae539eb76bf5f

SHA1
db1b07719644d5034e23727d097c7e387d47b622

SHA256
06952595b7fc77ef7df0b4f4ff6697fd8ae438917e3c4b241a2587d64ea4ba99

SHA512
0aeb04d01c65226078cf0ba2f9de3eaf66077f4c2861c5820350a42c60e8516717e96ead969f9a4f51cdc00387de1d6a268e1a7baca5ee34da908c9b54abd398

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
79da3d73f38b4ed4bfaa7b56b1c6c6fe

SHA1
93b3192a77145e67e453cb7a0681202b2be41d9f

SHA256
f982f9f931c8bc7ec4a27f25b7aabf5b87f05e6e812b7bceb67e737526899b8d

SHA512
28a61913d8a454429ce4373129aef45dc275c174c307766b88edbf2583a49120f56604fd36ae68477b37864da9f4bd985601c3ea76acd7b7f8aaf044316ba131

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
f31241b48f04e4fd06753da6dab873d7

SHA1
b6aff6e602400dee298d2fc7c851d745e40cd4ab

SHA256
1c141d16170463150fcbf95387753e720f5f8d8d18d79017b36cc4d1d3b46d13

SHA512
d8e9ed0977cb73df26b22a51274b49dafaec27ac067fd5a335982e35a5fdd108838c2a25cdd832fb3527cc9e16aa97f7d2fa347dbd43595ccac1780323476cc6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
2c44048c3183c85128f1b00f010e920f

SHA1
f39abcde4bf35db4b827707522c7473194a2803c

SHA256
539109d0afa3f3af568b32bf981a8588afcb45ffc40a374bf08edaf823628bc5

SHA512
e30a3adaf98bcf22bb5f7e9de7df4b2b35bfc9b620a3a9a17a52b65a9890800ee018818554c900a30bc62b624b017e5600cc168cfed57742f38ea848b8b01ca4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
de260b90fddfc54581b48cccb5e56bfa

SHA1
8e7fb4362b38e25e7512f93ded2a0f3ce2845a61

SHA256
8f11d5478af30c5abde59ce2e14bea04fc19d02d096b0cef49c877f447d707a9

SHA512
6143cc55508ec8c5aae6f943fa8ee30804b33fa9de10bf55f034626abeb0960ab630626f6952cea57d1d5bd57957888064dcfa57ba34275fcc9c648fd60a9499

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
50f1722a886120115fde0392f5b593d7

SHA1
1c33ba2de4f51eff350fec6e075ad942bde54c5a

SHA256
54ed2deb059c108601229e5559ab20436324203f46684d6c13e8c54b1a24d7f4

SHA512
477b8a276bf14cabb4c4f3561a0ee6c6ee3bb0e468b3a7133f88efc400590b61e1b5323a6f1cca0489976e812898319f999ffb39d309ef9a5dee34fec6121d48

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
578d2e5f3d7ab9c318469e6f07266761

SHA1
65ba3dd835373a0a91bf694a8423c1e32340db3f

SHA256
318d3bf838608a960eb8eb2ddc0e9e8c251341677cb36471a6d90020749f1c07

SHA512
ecb6f21b1d0041cfe8bb6abdd24b0c1954f31e1344383680c3c908330e217e61e290172dc4ea5a2fa446d11128e2a15f623444f24188567745b4b7edc6aa5349

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
aeda47e7ffcb0fb3d644de90a411db5b

SHA1
457504a14959f8b0f2e609fd10e50e8cf998070d

SHA256
27c1c6626037f65a2ffd3e52af0eaefd024c7003d85b0e4b149acf67064cd21c

SHA512
b91880290fe5dd45e2b83e7f4ef141837d5319ad4644eb2c47cda213725b7c293a61d206feb726bdac2790042ca0a72a5de2588e350b06bbd9b005e736194ed1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
79677f6761981b0ea5e7a2f35795e674

SHA1
c14687328d429205c80d178dceaea7d6589c4d25

SHA256
a940486539ff1897363115fa0b33802233bf89661b039af6b3aaf2de080e16a5

SHA512
58774a51d398f1c926a5ae486b54526d9af61a9bdff6f28f2927c43e71f871a1f8c496c1873f78199fc5b960790373664df8cf8a1ef6b5e2556ce5db41b8a5f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
e71168a4fa080525e76e16c5c7db558d

SHA1
bd8cda37a66722aec17f3d4787c2408f147f7fa6

SHA256
22624138da34d4600362514de243c55d17ffc17bd5a9a25517b5a078a46a5228

SHA512
9a44ae6195dba1a0cbb4f37fdbccdc778ebf0710074d9ad6f670c6357bf0492998a6bc1fc4ffb8aabf5a2d828f4327a47a1b6431d514f946e92187c8b2c28aa9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
2aafd963e1712e0c0e9d8770cb3319ad

SHA1
3a83b0806adcbec2364168f4a0f9b30c779c1ce5

SHA256
15a58a05060d930b3c51f70e46d0f6e66e4b4365e5153984f32bf5e480b66a0c

SHA512
0c5e9362d7a951a15bc7289d487f291cbab7f042bed2eedba3ab94f005231b481616588aedae077b013995b2bdd344ca75ecb5bd03a8cd022ca4ad8f2ecdff94

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b0369dd7386676dc6745dd7deb2875cb

SHA1
0c7ab71b01dcb6f30f356f2934e1b4e7aa00cb14

SHA256
d1850b6f27621971797bae0aa71bbaa7e0e0d69f81254ec86a5d94824f5b987a

SHA512
c467c4ddbb6358b8be8349e996f0b622280f39a4ca3c898546fa5a7a186fa323347e8231602a210834b2300baac33665633f80f96d840a575b5d16866245f4fb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
261efc79fc3b36f16d6e9c7ffbc4a6ff

SHA1
a2167f66a62c386a6e7a123a08c8a6b282250e23

SHA256
51a436e109cbed11e4614fa2533476e3741ae980d0fef834e469c37e0973461b

SHA512
e45bb931c291c3e1f1dfabcda3bcde3cc1f8c3ba3f8fcb4d431b0c02ec77c68bc1347c04195f7a81b17eaf04e8813ad262701bf533498ca5ae49ab06521c0484

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
2379de228b14fb2ef39194f384129485

SHA1
4a0ee1a0192fb9e50d51f52bd50524410b837688

SHA256
69dd2a9bf2a1989e44695fcf0c80ac657f3be10dabd0a458c398455bdbb16b45

SHA512
fa07ab350ecfade0f2eef903c4a6e46a5c8397f3a240581797eecc49fee327e3743f0c416114b1b99cee475d76438e1fba1d449e5c9e0d119b9cc2c7d7691082

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
b45a01095297bd1716ff577ef8fe584e

SHA1
642b93a2857cdfaee4142532b48b98c41d299bbd

SHA256
79d829dfe3270cd5aa8587fadb6e597067795e6d77567262d8640526ff6b14e6

SHA512
6d609cd2be7957583d060ad7417d46d3e73918f6e51155976adfee59b8e6700541e52a93d8a77d2b410314f340afe87e150686fce2373bbcdce0740c57c77ca2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
93538cc4cb9b6aa69ab309a7c5efd923

SHA1
8469f93bb988b90a551a510e39af7d678f631055

SHA256
c3039d708284d2d5d4e99c849faa0921cab1e8ced2e2c65d0be9d9be29a0fac7

SHA512
d179b5b179419959841fc58ff8bd9742ef22770373dc617e971c05c7629147e77b163a1405c40ed9241d2842f2bed6ccfe04e66c79a6fef355cde8e228d340c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
fde87a11f6a742aab0574cbb25ebe91f

SHA1
deac86b83a92c0b922f4d8229b30efe28d2d6811

SHA256
bd6178a7522308be2a124b30d284455efaead804555e866783ae62b28fad3acb

SHA512
bc1dba59916e08959eddb5ef8b93d4a791510859518b845929ad96c85f88f5c8cb02bc8debd03a29a4e5ae05291d4cf806a5033e3190761ef5f459754128d059

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
a459e1d9ec84492fe6cb785b8f505e77

SHA1
07ade73f9eb17f30cbd515e22e588ecb36879bb5

SHA256
48a669f50ce5eddf5bac75f0430233dbe73734aed662366ef75550a79a4c56da

SHA512
25bb4495cded21087549d862796f9a0f07d8d0b37bbf40528753c72b63cc1b8cb31d26b5f1e717792f7cb134daa95baeb15271d3768e0184f1ba1c2bacbe2b1c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

Filesize
1KB

MD5
f61a54d2d93fcc3c773664b569a1c185

SHA1
733cd136ca6be90cfb21be9c0ce5f0d885bc9044

SHA256
c30715ef6d09755ea9056952aa58b7f6922a751ce0a2595965a20d23ac40fe8d

SHA512
4542ad7898cdbb2d163031ec3c3fa72ad2cbc92b6d9d578dea46995538be1367dd0ffba77956083362614806dad994fa2f5608ceaea724479549ddfe425d2697

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.117_none_4d353cf1ceb5d6d2\Notepad.lnk

Filesize
1KB

MD5
bf0c746834db650ff8307a3eb0b288cf

SHA1
85c95cc960a4571d0c0fe104ff8d167aef28e764

SHA256
684979a57f710c07c3aafc40ebf949dfd8f30860bb9c0226f0a9ab016e468932

SHA512
d6cefde906e398619a0cfa312fa689fb0ad6cecff64400bf2ead65f56cf25651dfd8bd903acdf4e4d3220cedd237baec3b04dbed44a9658da73af72863925a93

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c53a9fafad6ac6512da02c444998fdf6

SHA1
adb10cc8a451e3451a7c74be42cd9fc8f3b5912f

SHA256
b4b51c1afd32431f716dae1d996d14197d02d49b1a0ca00426def26400e25eef

SHA512
bfeedeb37879a4b7d9f57c9952ca2bb97b39cc641c472835ff2ddfb5a3057f3b2e58a4e55f0ac79d5c1e12e25a9ab1da00312272bf95ab1f404a1dbc69326b93

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
e8df70202a29874e718981991ad96886

SHA1
d2abb9c0c38511190740a515c6d28560999e0891

SHA256
13764d14368d92a2534be2140ba878e2baa0558b08c222edc1d0fe2567b5b08c

SHA512
c72b2187bebb7a25d441843e8de2b63ba16a85b16548126b9bb0dc83ce5381409b675911f9c6d14c4e9cc50a4d766425eacfe031dba6cd7691f6a704f4e91b2e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
d7526bb0a1d53bcf15bac96f30ae3aad

SHA1
25087f0d6750fed7bf081d01e654043f1b3537b9

SHA256
df5c5186936d43837cffae29738cea5b26d7525ff613d1e4d8b839c55abf99e9

SHA512
d1e5b71f24e59c6ce88c4ba58bea4766026ee1dc9d45a6158bca8caaa281127fc74d4867e2a210057b35a4b7db08fda23f0970b943d2c2a7ba52e87d03d67eaa

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
241708dbcef858b6c572ea42c56416a2

SHA1
96c0351d3244db38237aed6fdd7bec286a30d5fe

SHA256
2412a1c6f74ef337b0e847dade1721f4426999c30357b65ffdf3715640274e50

SHA512
f092839afb20750c627986ffeb8d70cd37ce6703243afbde95d03f36d0459fe8f6978607f558a2ec836af23c6810918841baf17b22c42b594eb1e6d809295839

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
0239edac78a2a651fdd35212017c6d7d

SHA1
a4d52091e6107f18e8c369d221592a1d35eca167

SHA256
a9247618df08ae80d427c4b7d15e619df93c0b57275afd11735c43911b2434b0

SHA512
a03ec86eccec8bf7403b0970edb2ecbe341f6fc4b7416d92ff0ad685760f22cc10d21ccceca61208307f9046b096f607f97dd032c8ccedbf01c6183169c0ab27

Download Submit
memory/2536-10888-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-10481-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-5757-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-5756-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-11225-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-11228-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2536-11231-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download