xorist | 7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Size

89KB
MD5

0ee053ab4b7a3f3d1c89a409cd518650
SHA1

d51c35fadebf4927cf2ca1f52636eb2a67536914
SHA256

7a52a1d1e772dd1c96d99cf859519228235e245d240d891cf529c3ba698689d1
SHA512

95d1ed6edf8a72a4452747c600a94b76f09a2ea104a7166178af58e122e654f6f3cb797b6dc026525cd1d23b8dd638ae508afe8b58a2d069293e70567471afa7
SSDEEP

768:brVDCBfXttVayxWxZ2x2EKLjYef+uCEPQfGpd3ALXRGO1bFsR866En+O+iPU+3:br4BfXt75M2V2f+ffGQzRbtFO8616is

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4720-5371-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-5374-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-9983-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-10946-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-11323-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-11350-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-11355-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist
behavioral2/memory/4720-11356-0x0000000000400000-0x0000000000434000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\43a357yO7m8vokH.exe"	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_51d6c57c66e3de87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpep.inf_amd64_2e156c5dc4231642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscompression.inf_amd64_2aa5f249d7ee104a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mbtr8897w81x64.inf_amd64_0d8225e7d2696ece\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4720-0-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-5371-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-5374-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-9983-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-10946-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-11323-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-11350-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-11355-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4720-11356-0x0000000000400000-0x0000000000434000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\VisualElements\LogoDev.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-200.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\[email protected]	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-80.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-64.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-150.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\farewell.jpg	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-80_altform-unplated.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-200.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-black_scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-16.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jmc.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-400.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-200.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-unplated_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireLargeTile.scale-125.jpg	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIF	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Mocking.help.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-48.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\DeleteToastQuickAction.scale-80.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\added.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Excluded.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-400_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare44x44Logo.targetsize-24_altform-unplated.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int_2x.gif	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_BadgeLogo.scale-200.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..recognitionadapters_31bf3856ad364e35_10.0.19041.1110_none_716fb22d165a336a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.264_none_b07f10045e5067ea\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..a-casting-shell-ext_31bf3856ad364e35_10.0.19041.746_none_adf410174fcf3c9f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3570318eeb373052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..orkstatus.resources_31bf3856ad364e35_10.0.19041.1_es-es_36eacb09bf93dc3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.19041.1_none_2a5f489c740a390b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\TextReply.scale-150.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_halextintclpiodma.inf_31bf3856ad364e35_10.0.19041.1_none_329576560426dc9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SplashScreen.contrast-black_scale-125.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.264_none_d1ce115a6e50bd32\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-mscorrc_dll_b03f5f7f11d50a3a_4.0.15805.0_none_e4220514d7759d8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_10.0.19041.746_none_c02188c3dc5104b1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ab004bdc37e3e27d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_10.0.19041.1_it-it_c834010e16ccdb98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mydocs.resources_31bf3856ad364e35_10.0.19041.1_en-us_f2ea0ec8f10466a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_pt-br_35e66098dcc078f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wsynth3dvsc.inf_31bf3856ad364e35_10.0.19041.1_none_6e36e01cf27b17e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_8b021141ec175d3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ce8e769486082449\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_29268064026fbddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_net1ic64.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_723cb7c2274c6878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_cd8e4e754349d46e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a334bd9c89cfeceb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nrollment.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_3bef52e9f4b5e3b0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_10.0.19041.1_none_9f6a7a950228bd2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\Gaming.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\logo.contrast-black_scale-100.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.scale-150.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ttingshandlers-user_31bf3856ad364e35_10.0.19041.746_none_a0b14842c7591064\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..cemanagement-dmcsps_31bf3856ad364e35_10.0.19041.1_none_2f7ea790e17c738d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\Icon_MMXresume.contrast-white_scale-400.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.directoryservices.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_6782eaa1a066ce09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..soundservice-client_31bf3856ad364e35_10.0.19041.1_none_720cb8fe4ba4f47a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-twinapi_31bf3856ad364e35_10.0.19041.264_none_a3937a58f9e08a11\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_10.0.19041.1_en-us_8282f480c828525c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_10.0.19041.1_es-es_d4729e40512e094a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_es-es_0a22b4cc2597af50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_65d5d9e3a4814875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-offlineregistry_31bf3856ad364e35_10.0.19041.1202_none_01240ae28777facc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_10.0.19041.1_none_d08d8412763560a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Reflection.Context.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fsinfrastructure.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_e6a0ab601a9e2343\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-input-synthetic_31bf3856ad364e35_10.0.19041.1_none_92db10e6684bab22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dataexchange-api_31bf3856ad364e35_10.0.19041.264_none_d0a30a74fc85058f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..creen-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_8053fa9663d0fc89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wbiosrvc.resources_31bf3856ad364e35_10.0.19041.423_en-us_c99b855b8edbac2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-desktop-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4dacae094eee592f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.19041.1_none_1c5807cd8d0c767e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-acledit.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0e076b9d1d4d9d5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_df96678d768055d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-computerdefaults_31bf3856ad364e35_10.0.19041.1_none_c6bc59819707b32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\PasswordExpiry.contrast-white_scale-150.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..-backgroundtransfer_31bf3856ad364e35_10.0.19041.746_none_f4331ada712783ea\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-150.png	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_intelpep.inf_31bf3856ad364e35_10.0.19041.1_none_736656abd04b5a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll001b_31bf3856ad364e35_10.0.19041.1_none_a289a9d950d415d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_10.0.19041.1_de-de_f5ecf61dd66286d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_10.0.19041.1_en-us_b21e7b8243d032cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_10.0.19041.1_es-es_452a1b2fc528b669\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation-mfsvr_31bf3856ad364e35_10.0.19041.153_none_9ca88f0919de3053\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fc1a27c8abfb9e5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.746_none_3f2d4097772e54ff\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\ = "CRYPTED!"	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\shell	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\43a357yO7m8vokH.exe"	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\shell\open\command	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\shell\open	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tulya	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tulya\ = "YZOKGZZVTMNELNP"	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\DefaultIcon	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YZOKGZZVTMNELNP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\43a357yO7m8vokH.exe,0"	0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0ee053ab4b7a3f3d1c89a409cd518650_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3908,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
1⤵
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
a8b79b9460349b1e1063a2f54ab3401b

SHA1
cd200ad3eedadf7a9032559204eaae1ca19d5e57

SHA256
aaf4f09211537a6dfd77cdab9259fdd4fb80fea9ee475b56a9eeddb60436923d

SHA512
b1423f01248cc7169395f7016792f3533e7d041c5acebd8e2fc9c5e562f06218162c21fffd2ec48efbbb4e17598e30ff0b5ce9e7c3d4297df0dfe78bdf6b9f97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
ba9a54c486ce6c95fe8b01115452d042

SHA1
b8f19098fe77d3cd1049f9cc5a0887d518f33c05

SHA256
f6e12f584932d3e0e2353552349462e1a658d2fb8c6d8786996359c330e38eb2

SHA512
e9ac2f82c743835bce35610025a3b36bf3ac4aef543004aefb09c3c0fed17053fa2a223bbde9f55231dc7a133090020a2284ecf019dba7c4a70bf04f508e2f7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
172d804d18a9368ae73e95f32dcaff6b

SHA1
f1393236a27588a738daf223ff43f27738383f0a

SHA256
584ad8081ce1e090c9d0b78de8db395b59ca7f74cc7bd0af258bebc26a8ea207

SHA512
e05bef723c4617e67687226dd9d6f73d14d73e8366a690b55c3c2210ce1d8881fe11df47e4a5e9431820d0d68314150cb2b4d41bc0a3af556e7a68b7d4542e38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
d60b2f9c3dd306d5f6e1511c48f3e67a

SHA1
97e107058de61a8fdc09a6ddd569da65db476121

SHA256
c654d0fd6c3a1f624e82081b91678cc5ff4e60d11b672cf9af85059191db9adb

SHA512
b894362a925e6b567579160abb7da7237bd0a6da95cd1387d0f7ab524a914b3d9afb185f638192b24efc4fcf0f9dc5e73479c41432c843a8edae8f3e7b900466

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
4915af537c5f42f86d082a6a4ad9f439

SHA1
f6a26b1329c86d0aeb84774f18a34c3d2debc807

SHA256
81b6615110f10f7583856269568f87972638826175e52c5040bf20fb0c194663

SHA512
9ff7a6b0c722b80b51e44e5488399547b5b7954bbe25d2cd3eae0a955abb6d9ba08a5e2479f2f82374180c95032f5aff1b5115d0230095802a877a09a2f05d38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
8dcb1afa6b0c626095d7500e8a2c8024

SHA1
0ca12bc880d5cffe9467898dcbae70353509c8ed

SHA256
3d663389cc829e2c3b6814cb95555493d15930fabac3ce436a075ebfcfafdbd8

SHA512
a63894bbd5b4f8f0f49b421b12bddc2bac41f88bdc77a70dd62ffb572a1a4ffda785322cbb81eaf592453462868a62a1026f641f97787f4180a7ebdc216acf9d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
fffbcd008604e707601b40ada4a71a6a

SHA1
2ebdb21446e643b162eae6efd5fdd6a2afa2b4ab

SHA256
61bce5c27b53d90ea7a2953ce5b320b1d35a3eb81ac4c4cc04fba46b8aad0bfe

SHA512
c28bed5aa8e3b691d7c4dd931dafaf8097269b8e2a49ebdb7824a7968026e45da47efb4fac728a9474c1e661d7ca2c0d00ee4edf42ae17f165b763eb42becc4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
ae17ee77b1dd4b07ad2ad2e2468fa389

SHA1
366dc045c986bb7fdeb0ce5f76254330cd5b0615

SHA256
c69391cb307453282a8aecef43d7323ca48b345d58d93b4d4189bdaaf168a0d5

SHA512
7230a5b5c05436c5e9ea4d86d2ee7d8fef79f94e5fc428f660aa23f9520d47eefbae3f7983d7e8aa1af0de85900e18018e5da01e87b003f9ddd5be69fbfcaf0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e8c5cd61c874db6bbac54cff30abb10a

SHA1
cb21969889e0497937b58c57c69a82963741bb4e

SHA256
80b8159f2a17e4931fffc37e294c65eb92ed5d09a01587b7f2eeded304defb4b

SHA512
305acfa3576251992cc1a016555d200c57ef9874ac63b863fd44778a9ae1c6c5cf3018ab640b27ee15c9bbb70d1c997d86abc6f9306694e8cf6168e881d8127b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
3398ea17329d6954c6f329dba8b26574

SHA1
ab53f0354a601260aa9dd8b68639c6182c31c7d6

SHA256
822faec2bb360160d54fd89dc59f83343d0285b959a951b41efd1dd840226244

SHA512
82e5b3aa33d317407761cd3ae7ee108a922af8834082169df5775d10bfe757dc382236aaed579c85a86a3894f1a1a52e8652a4cb16d6c7d78cdc06a83d476f7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
629c0beb774789318de69a96fc151558

SHA1
ee4a422a43705aae8d4e83465f45130ac1c8eb58

SHA256
3b49852544f3ceae9abbcbd2859fa04cd861284887fe855bf647486a2c7f5693

SHA512
9eb8d2e038f2a68b7d57a598873c3bcb7c48af0f4ad4c113dc1d312ec75e12e79495986ad2590b329b50cebe324d318b124dcac48b8993e6621a5705ab93b708

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
5bed43482cef84d5bcbeff1945bef718

SHA1
9a25e5602ea721468c85e89419a9d2a96f41a9e8

SHA256
cf1067e512a710fbfcbd51de0a470ed7ab0fcf82aa387ea526a3ff6ee5e38b02

SHA512
a61cccf18c5f98bdae94d988c748b04786eea0449fb162d75e86a513cbb4f58561a8c72c1c03acbdc37be54c56aa0ddab015576f8adc8d4133f763651e26f5c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
6f30b51130609ecaecd05b95ea38657c

SHA1
8181852f208a57b8fc58e6205d0bb817b2e7b446

SHA256
b8c3e2e268d420c74c912d2aa459b22406256dbd3be5452af5e7ef98c5856082

SHA512
2c411e2f4c8571844353aecee8e3d8d3b1910eb37a3d8e0c1220a8382ba3788cd887faffe6d9c5a5ff83311f1311c370437b7704546dbdab058544336f497610

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
d868bba7a73fd4ca0daaf205e5f0fb8e

SHA1
24b71de3ff712c932f83161d7f719a1333db6cc8

SHA256
7b47079a967d75e0d3b50af9d481171cb2a1b2b3229b078a976784ef0ece26e9

SHA512
7e5a7be9456086047cef7f9c00561e9a85fe6deb5e5e0842d8ae8b7e0d91f7a052d9389e68a64c654798e18bc623dd9eea5f204b165303a077140016306559ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a3a758f2438070e5854d137d10101195

SHA1
90115784e9d7900df734b3178fd55d3ce8621dbb

SHA256
ff93e464f2c4dee4529a0d362936ea19b8a379af5725afeb09cda42b7918da44

SHA512
752ca2e49df44c26f3a60e172756c3fbd3be225e5e3116c1cdb05f3f2b4316e500c190fd3b9ed94003dc25cf09bb7b0012a40399e12318b8cdf396a7b243bac5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
bb4dc3e70a411f3971657fe6d4b3a208

SHA1
e5ef77bee8a83ed765f366fd53231422e7457100

SHA256
ab39f431e72a3c927b86c9970162399a8500c136c2afa8a3055888366b582aac

SHA512
ac81d22c01f11d9437becd53a787516af6bef0493f7c92c986c7d48c9b1e62f948fe9d9960cfe29897178f71fd41ae5ea6642873e9ca04d5a4f643a6dcdbb6f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
434b3bbea0f923aeef7c226450c2bf35

SHA1
443e9209dcd48587fc35c36bdbadecee92d2e1e6

SHA256
3bd78dc94baf5e7e7924ee20e1c84e2d9cbc1726248c3535aa0e6fd253703ba5

SHA512
dfd3018fc7a904e6b186a24286e36bcd7d20c374c3a89578b6164fde5fe605aa11bac0a493646938a8b2b011e313ed05abaf1bae7801604fb34d0a6a7c922ed8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
b8983b34c7a89613ec83fe4f9ae444c4

SHA1
594ce0290a25eb08a1f5893a3c4b088da7605bb3

SHA256
b04652f05d5f583a5ecab8644f6d6d512c5e456e0ad080182d37b86fbf5713ee

SHA512
d283260492dd09eca84251caab95db435ef85dcfa4c6e76056018b030c0393cd7e5e0dcb95e8772007b76981dcb9c04fa1d917203b6837a46308896331b91904

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
460acf24427383b83b8a612cd34d4a31

SHA1
1bdec920c1765d5b88a09082aaf4e019d602c1f2

SHA256
375ea52c6be5738812fdb7a1b532112287f4438f4fb7789da3e0c0bf42de65a0

SHA512
b2d7d4e4489a55fb0cc11de25fd863315bdbfbb30346392c31aaeab7f1fdd0c07e66a107c3e289f720bf8c2aad582842a3d4069dc23a931785f09348e5bd8c1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
21cd88d0533b08f416e5380d1395173d

SHA1
279c3e395df65014e36ef4178507177b15a68480

SHA256
e0534c4a7919c7e0cf9aea6ea73d42e2245cb23dd8a3883fa070cc397e914e1c

SHA512
bd92cc963f6a3940146aae8108f17c270ed8b1554b6436f5051daef358fa2b7fc96dea146613677c58ee3c41e5a6663526983346e885af3cec8ba5f295c576fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
87a0e8c07e00330928709ac7737850c2

SHA1
4075ee76fbcc637ec1a67f66cc6cc4cef05171eb

SHA256
5fdb5231879d9466da622cd0f7217d7035d71bc5f8d72345bb4be97fe91529b7

SHA512
623e688543a7029e224e558263fa117f9f04581d08b70e6480d350654cc23ae998d100f24b99369acb456cc08371c2727f907427f30865074c50785dbe6e9d2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
d272915b95c8902490c41d31b11120a5

SHA1
61e7c9b64066d9ea2209ee726a1cf83a639b4429

SHA256
63fbbcaf0ae068acfe70504031510d79acadc6a23585cf7d26409be6ef5cc3c9

SHA512
63baf2cdb3f1909d14a6179fd451d5e54811ec269364f5c86be886033cfc12d6b36c62b9414a10e094acf54a2d63c699ed0a60f801ab0b6c2a303c88368d2b13

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
819673b44d96fe1355a93ec8de111865

SHA1
265a1d9aa6679f6d30cfc483cbb62e35f65c3683

SHA256
a2675f7094867d1dceafc2a0fc4c5ccd205bc840aa9da8e9d0da13129a282465

SHA512
8a3b0d0ccdd3a1ab3b7bbfcd7d6185532622b1977685e96f65e53c98dc3257d110c950180609c6d8356507e744e2aeac539a2b44b30ff0d12079490b93056bf0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
14184c1966c51fd4ce71a7a36e14d175

SHA1
c5258b2cc1e05c2a7a1b51a5c434f1fea69f799e

SHA256
586eac90d7425e63c6b73300105c16d4445b30056546b6461114d90a80c3a131

SHA512
3e6b2263604cb2f07bb7b7f928b1b994c0f3bb6b4e8316c955323169851b6ce17666588e0649b64b03fb2936cfda2c667b68fff02b8cf4b2665bd5d73602622d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2b7a22959b7b846cbe8059a114ef7e67

SHA1
06f1c5d9a7d95bcde75d6d2fe4e637690bbfe6b3

SHA256
411a75d860511115e6c913833d2a45ffd4f6dccef0fa4a0872206eb46e0b2dad

SHA512
b26ee889b87d3ad9d13c9136b1c900a787eb5167260dc396ed8a8de32d587df91cd33f9a7fd393ee6392f16bdf18e39cf1418fb635e891c5ed56a0042373f812

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
51c9d65d33acebb39e4af3548919f1f2

SHA1
4c73f57f2967eb22dd25b21ea08aae3b1c041331

SHA256
e5f8e46f82893c2a55ee0646cb6e3f4ec5a18f9f5d37670efe5c99f4a6c93e49

SHA512
95fec9d99abf27bf9022393435bfd86edd08ad1220d5edc87ee7dedd6deea132c83db7230f833bf94a04fdf7653d8d7af924458e2ca108b3374e2ef2dc7d9de2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4c8da5a3f07befbbf6a137e883a681ba

SHA1
3d1fd26dc8385f44bd831ffcc420dcbcbb1aafc5

SHA256
84bb2c177808b314a87b285e72165a503db6482a026c3273209d6263ae51ccf4

SHA512
8e27df0d1ba3dd2062463502a4cff46f634a8a87ce2b5eefcc43e3e54628c9b95ff3f350cf4558d399831b03a6cf30cb687324392de1a02b8c63196d7e20d26e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
50829bd11e21818f20fef98b6e4fb9f2

SHA1
d888b89cacf72cb44e0f4c3b2f58219acd119567

SHA256
fb9c27375c06fa9f8699d2eb363a99d1aa0edb007ca9d3eeb0487068f0425223

SHA512
d20cfaaf8afac88c38839bca10a4fe677c447f4c0b756fce239987350277cb0f489ff090a6567392876995b649c1ea0a94a018588e6f2378fac47e00ec7aefdd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
b8e2f7edfc28c20249ab09e443cf83ef

SHA1
24a7bc21c4939f7e22cdee0e2f7a857e553e179d

SHA256
32ea327520be75be2f4c3966ce1d37dff77d38076abb00cf5a3dd98a10079faa

SHA512
1c8c5f6bb786c86b0a60d06d994feb9c0661d53ee68ae41d06ae32ff802cee9afaa5948d9d4060d0050e82f158176d05dfbb8e05c5c85ff41269ba03abb4c990

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
9b50676069242de03e440c0006ad6829

SHA1
bd72e1b225c13759178411c984daa4fa61bc9c39

SHA256
8aef3b3e7cf43ccaa409c286df2db5f7925a9466960a2d7e96d5df19204eab05

SHA512
ef41cadc0e5b0a23334bd635ae1cf528cc1b6e69fc227c4b8bdace2efb50c274e0f1be7600bfa291c2a2622caed204939d058d612bdf52108f2e344394f3ceff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
7678c34cf48ee4bc61ccb65871d0ca87

SHA1
7e45e7285a30f3d14f57df9e0e95dea4de726756

SHA256
81402dc9a9d489ea965379eb89937e51f483c9af122d0484a5f83c71c4066bbc

SHA512
83df2c9983c298c95de58e3723a50cd3668b6b5d91c772925d1e489ae4df955d61fde1c4eacf3ec62fffd5520fa91cc45a71acccc80b4a92db09dce127e6ed94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
3ad49d6c4a045b21a00893218b425394

SHA1
b632d3a450609241af324f8b406bff10655d0c9b

SHA256
d304f95d633fc7e63dca6b829df6ba2fb02976322c317cd9534ef081c9bad2a7

SHA512
aedc1abe4a8b433c31303c9677989abfc7df031c9b47aaf06cfc8b858dbac32b690803dda670a8a628779904d782a31302582a976e8f7477479c8d99d7fe0e0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
ab32aaed59927dbb0949ea508501cd61

SHA1
0caa1d1c6686f6bb199e4d6819549bf354fdfaf0

SHA256
6c0c69315f1c18102d363d1a326cb2c4cbbc871634fb5b0803af5f53e2d56d41

SHA512
be91a9ee9ae56a7b9604f193bae0ae9ac6dcacf4444a9f2a01655f537a5f26f068817877293956345b97ff0667b2285ab3c76dd0124310454e9a4be69cca726f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
bdc243ec8ae12d5f671c3ac272218a78

SHA1
eb05f34bc98192d0f2b8281f32b38efad3eb6195

SHA256
677ff10a255e77c24930d31366e6fb77e3f4bcf352a1798792d917919e844993

SHA512
b14fdd7646bd7d886dc09349fe5187ab30107e35ded650edd3199d3a4cfccbe5aaf9516a6ba6c8d9eea697351cce8bafa3f090f8fc6c7b64dbe59371a83a0f85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
302ed1715ab9f747855d93d8f14e55a7

SHA1
dfdfbe1d1a1afa12ad69f6d677775ace8171fc2e

SHA256
b6d450a8a446bbc0679ea50889ecdb5d7255cec21671afc1de279414e2ee7ca1

SHA512
308f0d574396047e736fa8941778d1f167bee58a317ec29a1e06e3cc12ca4990edc267f4728073d121f2247615402e75aa0336e401b75d7c50bc44440775e8e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
7176129ce9f1f3f5bfb965a12315b587

SHA1
a80f2cfcbcb30ec141b61f519e7d5c7633050469

SHA256
56ce00e094404444e31c468819b4fb1a0a82c86bc7e8ce73c480cf8c0dbeb0a2

SHA512
1f27b82ea5d540a16e10fb39590d12a44b90b31765bcced0641e2b8bfb9ba70c976e7cdb6c6bfe0040d4b8ba67565f59fbdb6e0ac640d2e6b516a25f3cc5f1d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
178e078be32d0c886ad9214b82b2bfb2

SHA1
600533af5658cce1649aef1301f99793ddd1b18d

SHA256
1bf5a0e0493e5c6ed6404797fdc245d7a2f0bcf43961df2a4304cf5bf77175e4

SHA512
d27fd416bded28934999c3f4e7dc39cc4e750dce082d098edd3282b8f7f3875387203881b94ddd4f135516764846fbfe3b0556b44f77fd7c01a2080e77c68f45

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
854ebb6b4036a07d6a7c34d4daa652ce

SHA1
b2583506c21c48bc3f6ce6344f8b91b495c0e931

SHA256
9b4e135c2cf89611902c6f45bfbdb770cfe8ee02e2d3068eedda30c312b4163b

SHA512
43b4dec0b6156804224c0324d54c883d9d5b91cfd01d1b1ddf3458a1aa88f3692d464b5f842cb1a10caf9c1652d95713e0fe250bb8a49cb49b5e68e884e9cd59

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
8B

MD5
b0842e1cd78968a0a45184737b83690a

SHA1
e7f46e9cd4cff096ff014b5e761d4598d850d06d

SHA256
a4c72df3b84845b820d880457a162f7ff6a1c63bb7543c1a8eb7a1355a14b0a4

SHA512
5d4890d1deeec8d568108e83291187b8d3e6498a9befd43ca9b075783c03bc89d08a829bf0dc598cdaf6447d8c787d46958c424343b9088061f46531065539f9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f9f6c9bfa95e2a113baad5ed9fbf8ec4

SHA1
2e7c1cb69f73a99efecc1ac63fd828af3174c807

SHA256
c3231021cb04ef64349560a33e1cee7b378dce95f71ea148f0192e975bc12c6f

SHA512
5732245de3e0292237fc9f361da8e09ed2e6647b2629fcec136fe1f10997d8fe727fd31c063c639a0279334dc1261b27acfab4ac7054fd9bc8fb2155149eda2b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
c44bb26053abbd72b93d750abdbfe419

SHA1
a2afd384c5a3795c27dda998f3334e48d42c6e2f

SHA256
1dd96df2a27a01b8ee61fea0e276c5226f46842cebf21acb8be877c7d23e9359

SHA512
85f072e0022c1340456c6ce8d8aebca416d427f614936642b6307bb6e5aa8fd5bc1f0ce1907fda25547ec60c5facdbf61d74b637393d426b7ee94c856b60b495

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
1c3ba6e0fe5c9626b68979ee6e45bca1

SHA1
4e7b644acdfcb3627dab29a312c546a647a6a8a7

SHA256
7f78fd32911221010069cc657d7756a68a293f03a5ccb2c14aaf5b4a0e97c520

SHA512
46c0e95db05d1a29a478ecd79ec02b5a474fa5e58baef3b524ae6e6c284ba41358b094b6ae23af2398e32456627f472bee1b1ba0e1f644fac3d8da3bb5097f3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
ad32de5c1fc6362254d3446e479a62f8

SHA1
7b34273eec7c7059e9620a7b2ccdbb870978848d

SHA256
748c258b7341c2e6bf47a1d1d951376fbd7873ac2356ce858b73141128718477

SHA512
adc56199c004e0cea2affae4444a4c2323aea5a8d5d03130346b9532ad7d33dab52341809bf24205885b4973ad9d56e0c0f7274f710a0d94117cb14f7d48fcc1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a8c0140ca0d8fdc5d06105bc35ec3466

SHA1
b7de676b8fe509be0c14adba1fe0a85ccfdd2709

SHA256
20ec0bdc332034f8e4a96357ec33e8c1e37ef876b79ebdd963f3d25c040eea7d

SHA512
e47a7de2edd95e69ce1d7d4ab30f1e1f2f8ca2ba5de20980dd94afe8eb86f6e00f9356d01fa7028aa50a7e91f1e47cba5ba448c3cc887e30db9a31bb3da3150a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
192284f7b6631e9fbe0d6faa98e700c8

SHA1
88b5de63ee67257a70cdbb436ef1c258d7ced3dc

SHA256
3b3a3a037244abb9a17d23cd9ccf25da5a03edf808810777d1e41f3bbe17a62e

SHA512
869bceab147aac775b989e44ddbdcf8fba159c00e6342c70b1cc933091eac48d4d2e26ab5184b4a95258c67fcef9c7d83aeb334c2164332309a572e6ff0cc6a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
f80001b5511e2111f2217ec31d8ac2a9

SHA1
ed4674d71f8f5ad5cfa932d5292e7f981ea14e35

SHA256
75642da4028dad1ab4ded5b12787a445c47a7ca67544c25c06b84648d6650323

SHA512
f58f802101b7f36575e220f71e739e76a6083103113afcf6d2f22ef85b681f1a33afb39338985c331975ef4bc697a1d08cc6400f9a60dbbbaf6e9090be47ccef

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
591ea1e94dc6cde173504414d244e1b0

SHA1
9103f258450fa559578166fdaa668a44d7c2a557

SHA256
176cc9f8436c4d6d0c7fca68820f669ddc92e2ef9e74e45ce8dcc6ee139f5acf

SHA512
031678168b7805bfebe2fe034de20fc81965fab63889a062e033fb464e460f7afd19986b10121c2a5454bd0fe2c22bd3f205fbf0750d55284e1b6f7ef776ad7c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
fcd0ad2c3871465f35e7b27d1f43ff68

SHA1
ac877e5a6ebe2eb8eb8d78ac0a760a04d0ed6b3b

SHA256
a839045e11593de45e29a1b2edda2a4367b4690c0d7e1e10822858955260d8ff

SHA512
cc8a80a5afd996979aed73472d357a0df90202d9a47379339cdcd491781fd034901622798ad0339b8e83bed3e3ccf965ed71d1f2b2745aa075a708b3fd752088

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
d67724b2f10effc777da1e16359b3fab

SHA1
81f4c50765e22e44f4d678b393c55889dce86090

SHA256
79e7010fa1a9bb63d773d8a9febb1f958f658c5869562f0f6e96c0f4fe53e388

SHA512
c565f2b548fd8114a5b115dfddcdee305e9a5d734a25f94fb73f19a291fbf15cfa2cbd421391f6558aa0a204cc5ba471af8a5d28b7a5e4737d09dc007d381f1b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
62254731083901cb69236eb6369f9bc7

SHA1
b0d9d3d943c67104ea4e1811a655c9748ef03e69

SHA256
1ab785cca5a90ece97322dbb9f738e7b74f03188bb73352c43c2d2a0352b2536

SHA512
3aea5e0638578890c61a5f7447b7a9760c88d989ce12c22d7afbb11be83c98f10c89f2cfbf01d4e97ca38ab38c5ca955ce7c22f0260b08ee0022b57bb7091cea

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
0d8e9a969a0ec8f5aec55027dd7a5a87

SHA1
f4e1588834a5b33561bc4a46f0c893ce1ae36333

SHA256
bc6536e9c327c0f89ebf510e2d4c52c43e324afd0edc687d9b31c752d5599a51

SHA512
2974fc569765cdc7769c846d0986a939cc1528e6f35e1bb8f54137797991267714646ff4512a522c179808dfaac6dff6bd5d17ba480475e658d2b08b6a2c7c82

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
ba3c6a5bc1d63760ba0e58f3668ce1aa

SHA1
2b3215d11b3988cdc40ac25ae750ed42d2f41e5b

SHA256
bc60913fab2067cfbd35e35a3c4acaa5697caddb2468592b56a35928c2a2810d

SHA512
12e6421b7530ff7e1ad86c5974c8d03040f2fcebd55932d6d5bb93a50dc03b2ba191c5403f491ccd230b09484df964e8549ee2ecd7e28796c0340bd894699fda

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
48706dec341fdb21b3a830ef0f528638

SHA1
f1f030c5dc0b30bc30553a3336c5075b70092e62

SHA256
77ee1ba13f1498c0f757b25a6b39fb23d8e895f20a8ab95c07665922d7eb8a79

SHA512
f258cb8e6559bf3bfc071d30a3a37ac12b87d55e856a57e779557a1aa6ddbcdb66b2953e3418e5d5f924e18078b1b2f799c5f07209c5635a3281af78418fde0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
e5ed6cbaf36529227ccd2b524586819a

SHA1
98046ca31624fc1d3d107b937b6dabee20aa8e53

SHA256
b9b870c583379e61efbeb74b9c39d8d0fb24598312342a0a0a6c77eba81672da

SHA512
312b84f41e52150705fb926773a462eac2d922cab4accecfcbe6093c9958edc2671c23a840c721eedff26a539214e0233925181a0ce6303da47cec5309db5dd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
8dbf4b1036dc7a2cccc6936e721a7a42

SHA1
f6b1bde314287ccfc5c1257165239424cf8c45f6

SHA256
f73cc00b96aef30af7d85ab2dc30f73887a897055b8879c6506bced0ff03a8f5

SHA512
affb75d0475b0b1c53abd64208f1dc74237771b7443486527d0ebcb9d0a4832731f080cff28f6e3d4e4d29ad5d006acb7be3466291642642960b0f53535e2b62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
449bb87b7a86cbd696feec6d38c18fc2

SHA1
ecb397ed58e091d116236472873a9f9208e6cbd3

SHA256
fc3378c9c4a47abc274efeda7ee6d62d7c95a7f4387b623d6edd38ac752e6f6b

SHA512
58d72e07d72b87781ba8006b948ef6804f84d558e785a0cff3b442ad863ba407bbc1b4f8b2f2fc3b3b5ae4e8977c9564ea162689d8a2d64122c347588db8cadf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
6cc94d15a2a2c807999da03bd7e89dec

SHA1
31526799e5efba5e8ac5c38fda5d371220a8fa7c

SHA256
e46caed4ee1e59a9f51d9ff0998f7d86613222743bf2ee92ec94fa1a80e70b16

SHA512
74e4c7d403879d8583fdfbbd4e4c028324a617738b298f943d64ab30e7114a4c58a7c864e6db1c7670463cd9e52ca071374491a2ba139385d4c010755af12b1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
d4f30e711fc63cd5a7eee4764af8a879

SHA1
8cf9356bb2de3da870e08f9be82a4bab1ea53d19

SHA256
70e75ccf2680daff774ace525ad3dea498e87001f187d89940643b17f0f7cee6

SHA512
f2a0fe81e0fac7af1cec6ec0f9b6e625136560041c98ef474dac7051318a3facd54275ec0aef3aa2927d43cec8eb20c6a4d2e4739e44ae7daa428f7d2b832157

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
4929f50aa892a77c3441f2d05d2a6b05

SHA1
d6c919dd106cc8daa23b77fb69fa2985673b4fb1

SHA256
bbd8eeee576072f6994b874f07c34f75ae27fd17001cce6f3df98b89136709f7

SHA512
3f4e100e985b50f6b5cd09aee2570858e7f803786abf11b19d599cb22a571d572599c5270b91aa20da20dd996bb640f6a09383bf7ea7d1d1823454990b063856

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
c27aee9889de6e0998eb37f785ce2634

SHA1
02d707f60c2974d29843a5287888bc99eccfc795

SHA256
fc8113e122484c5923717ae6bc0fdd4db25d9bb142090cafc7ecb2eb83a98a90

SHA512
4757f3598d1ad8f22ee01392fbab9597fd2c989d83c16a79fc0662bf737d581f8f877dd7280d7a1d4b0f277183fdcebf654ec4f7cf0d13a07f5c785baed3d8da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
e303f282d2f25f50790eb9db6a37ef7c

SHA1
5d6dbfc3dc1be3ebe912e485d5a735e38a9adbec

SHA256
3bc2f68b00b026a7335e2d7aaab707e54dc8f85f8341a34f3bc40a8016874dd3

SHA512
1f62e48a36ef7d170d4ff3e5f8ac9299f0f2ff69af87a9db5f9ad43d272f13748f79425d0a0d9b43d8035918c3875941375d99e93d473ada3eb09d2a1ae2837a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d5b1964fb596f26ce525386cea93d09a

SHA1
f175f111333700afc437604ece00d7e915470043

SHA256
71c9150cbcafa19434c8d9ea2a44a3e620a79862f083ba6dcfba8b7620608690

SHA512
cbf3b99d3c606f8ab8636798c4a6584a64fc118ea23a59098f6182963dd02d66eacd35e5988e9ea27142dd3ae1d085547b763860f4cee6d809962234ad25ae1b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
fd0990389a28ddf9ff7e476b71721401

SHA1
e14978e02dfd57deb031dc182219cfdf8f065805

SHA256
b7d6507f26085097c6201174e1373b3caf1658d036d7123d9d090a609046d3a0

SHA512
2ca7c2fe3fae44fd8fae304b30148b83cfdfde2af307e40e6c79e9ec265db5075d0eced7c49d0c5a61df709f696acd9bb71c351daac08b31b2d9e392661edfb7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2f5012d5b875f63adc0b50c9d672a18f

SHA1
8ed7034665baad28b842f1f8f131766c7b54c559

SHA256
3070d1939ac57cc2ce1e0ec344a5dde59851b60f53907e9bc28dfbbee11d1d93

SHA512
bbf9997c359b02b6d2bb4232a06eed0f83246e76dda6426db56a75bea9f3b0a05a60133a5769d3898ed4a807cb77a451e8144a3ae742ce22e651e528f412f41d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b29b84e2ef6bdad2043ada41364d4003

SHA1
84e9ad2f0abfd7b3a0a2c3032057b3da88f1c75f

SHA256
ea3d398a9aa19605a29fd1c940399fcaef1ea9d4fb576d3e425c632476d4a9bc

SHA512
a348d30489039a9feeb315c1c4d877395aa43db2b4a6553e942c8b1bc8e4b9506a106b468fd64a782aa5a3ce764939ce8b2b0ef1fd55f0dca47a6bef880cc01a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
b9da316b920179b4d27ec575970f945d

SHA1
d61799dd2494a7c1c2c242dbb80c0abd40ec3fee

SHA256
bdf723bd44a3dd0505761511229b073a32795aa8b95ae9df619b8199c8e4370a

SHA512
e56efd8a3ee69979f473fdf883a9c74e01a8554dc660cc6b7bf1a905683f3a7b28b5e47b4c051695b1ac2b4621d9b0af26975f1ed7e78c948344870b522917a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
81383f1842d6e96855b7f607ef012181

SHA1
2f2b92458bd32093f16e1014cefcf13a76b64c3e

SHA256
fad93ba42f8c2411eda317f85ae4732424ccfa87ab4fc5b801d8952c50d42fcd

SHA512
dc7c94060d3a7a8ba753213686c03011ef91c3181fc3be09ede81a980a5e869b7b8396040dcb29f885ef65cb7342a216a7948d219f745bc78a4cc6ea0fd27f5a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
79a51e53ffd98015101ab6ffedbcf2f4

SHA1
e11ee02ffe5feb90082c06c1fa6493db8112f787

SHA256
d2fc96518a0a5e6ed5be9fc2261cec983ff2f7c4fecd85657aa59ee5afa52746

SHA512
fc20192622a5cabbd70f38bd4a6ce2e2414b335a1aa135fc37b7bdca741db288d6b544df926337608414f075b4b7bdc88894020a15b9e8b52f9ce3c952312d9a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
368d6ab566d4d41601f0dd809d212ad2

SHA1
548b2175aa7c5638e7ddcdf17e857daf680c4300

SHA256
f217c5b4fd2b8858c0cbb04e13fc66e247b208488dc444783698f7d9312b269f

SHA512
9ee92cedd3c8682a4859be2f9f51afa83b91b31fc024c329644bab619ec6c8bc603222bb8a4a3e94da8bbef574baad5df981e80591507561ee9db2ced95153da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
1f75ea0abc1f03dfe438aea9f8ff0cc1

SHA1
2e65ed3bbab328e8acbac369e1c0acb15428762c

SHA256
48e23ba1eedd9ced339b5ed50ad4d3abb2de869c92adb450f76ce3e4f9a60740

SHA512
5bef7f7f7ab02752c677c6b9448d01a7c6ff004c77a78c04b11a8a9e4958141d1ad43208b94d5390d7424d69dfa4a1e64aa0d33d2d7efa1519a65a974e423eb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
f4c96c79fa87fe548f1e858601c97283

SHA1
792c9e1a8ae0c4d372b7a872d475bd27a2a420d6

SHA256
4ba526a4a129fc1d424b2d7289daca38ed177d573a43473f7227d6a5d7d7cca8

SHA512
9da2a5f991c4b621c8160661829afd9888cba50c41aa592b697e8c1fece8c64aa2ccf579217383698b9cc9b4f98c3c7ecd2ff0528d1bde96137e6e5671518864

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
29178a5e5ea45206c861027bc4e57455

SHA1
678489f09c6802937cb2d036db0112363d813cba

SHA256
2dc1fb709095ccc0ec9079f3b3f3b6e2c8ed49dbdb2da5a7510581ab5fed362a

SHA512
1c0bdcba4de12ff679e5390c89e297ef78c8826abb9889a38a0a052025f2298de5d2555af223968777665b7f382a95adbc6ef75ba299d70966e54b97ae682923

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
377e82c07be7fbb3b10d4d32e43306ed

SHA1
98da94b70592aba2f55e4601d8163638e18c0113

SHA256
33f89c32fefbe7110f06c8a1ad70252b8ccec566e35e4237990d9e91603b3249

SHA512
b696891a672287cd52ea1baf34c65de8430376dc045bf39eb369b54c6f816eda19a4fc79b71549f82dcab657fcf623b22c415ab5092a6e3d93b15ed32af02f27

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
57c957dac69fb9d0c62e3f37b8540fc3

SHA1
9d8403ca70bdbaebe163fe012eaef490b1d60a59

SHA256
a990de319bd9a0d936883d45defad799a0dabea5fb56aff303f9664347c6b116

SHA512
7f34e203176bb2c22345031d604b5708e80e600c4e0b0a600bc22f70146cf054429534448017c9d3bb8c1ea4ccb19a62e454dee7b4cf7ff9bab60aca576acec5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
64437f48cca94b04efd5a3c8850fdf74

SHA1
9f489d642b2755bb82a713a4f347e46a804fcdb7

SHA256
1e9ca2b1cb3e0d9de6cf4a118f661e4bdde270fb2a346ac6bb6285390c51cd1c

SHA512
b5c9fb4eb3a12629c2e058a08f6d2e395c44e1c6c2107f8a2c0a428cee41994fa813d1e8ea9377ed02c4f02eadda92a51235bb7c220b6b5347ecc116fe68d2d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
eaae21e9b0271894975e514878bc7881

SHA1
9f58e37a9e77afca7a9754faaebe83634b228a55

SHA256
9d5f74612056c73df5d13e880648ea6de7b205e26fcb2b04414e258b966a4699

SHA512
4082df7636b3dc92c6f2daf94d037ec67ab6f16853968e38a465bda60fe7bf838d7e986a7e99fd109e6b89d08b32d7799d8b5850d66b7707d70298d88a8f2357

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
bd1716bb3e9304a0417d0561ec402bc1

SHA1
1d5d94358d269d880627a5f77104b8368c0f44ab

SHA256
61a269d559d1393154fe13cc3c0f440c5292694cf0888487ae6e621e9cccec3a

SHA512
f180d62974fc246ec560221526e38ed67ad772d6745cdecac42a0058786aa87bb21bbca42a749155a55ac9e055c5cc172791ad019aaa727a8b20931d5ec8127f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
9d63e37fee2d7f49d6fbead73051bf85

SHA1
dd0a323bbc12744bb89b0be01a5c3c1eff471901

SHA256
583b113d875c59e1a755e29d063f105a006f50b612c3feff0ccc8184ea99bb51

SHA512
103458b6ab36cd0fb3322846120545386e49dbb8ca5bcce9613e6cc7c9cb569eaccc9f3ce6f39a8fff44422cd48f8b2c199b260613fdf21f5bc6416992895d3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7058255879e92f30d854e40c8d7eadf4

SHA1
8253872387b2987c7224ab41649aeffd70ec377f

SHA256
5d8a08546464cce5b4dfccb9134bd4c615a4c8edd6f42bc1b21c6c78e4a70b98

SHA512
35a0e2d7b16247d85cab06c85e38b68f1367e8f864a544ff18d30c41ca964b843d1bc2cbe530941e09cfc049f02911becc464ce71273b5b123208a8297bbce68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
d710cd7d3271e6f92297ae3a5c3b71e4

SHA1
58cab52a072ef06b54bad3dcb81640766595f968

SHA256
8320efe2dd3611468c455e0e81b4c9a713630808faf8e4776778722d49c12e6b

SHA512
8fbacf6a24feaf1cd11f9a02cf83bbd3d7083df7d6f697d2171a7ccd5be9746fcc84f8803f9c11c30888de24ece2bebf55a37656a53018a16c62a973d49b71f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
c1c47cd29412251c654bd8f391629d89

SHA1
08b6b2857a6d5e9609437072fa34267ac1455756

SHA256
7cd39c6f81d49e57fa99ecb44fb0cfba4f9b01cc7d1c16a07d4502e4bd5de9e8

SHA512
09ecbf40be327c990f4b86fadf14c1b70b4c8d8f74e710b33fe6175a5cc02c4306b4e0d840a1e874c1224e24aa1f62496faaefb81fd0fbc3f4759473e0e16156

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
912ec0c12595539c09dc2960657485c4

SHA1
ab8173568b107f0d396cd307311a95ba55092fa8

SHA256
229fde8239ade85a2678a4af9f1ea5b972267998ce6b92b76c25404f3c0f92e6

SHA512
582a3c2513a6d943e7ae4be3f0a012fe1d728d7415cad9ab4e6cc2c37372a2971d1143d75d9de551a2b99f56379f9b14fe9ac409c5d21dce7943143503d106a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
563403671e58b7133cf461f7bf68ea3e

SHA1
7aa8443fd11220fa8fa8c4812ebca028798d2033

SHA256
a47d3b98960b9bc485b649a0cd48dd21a3a123cad59f01b6fee2f958d9f2e388

SHA512
d0e0ddb5928eecd52dd03dcfd87c5774701bfad87ca47eac1c7ba0706dfe7c05c5f1e2d2ccec6deccd50cff23fa8297ba3d5f73e04b8a83a062a216732106f79

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754239318725.txt

Filesize
77KB

MD5
26c86c333f1563fbde3784eee636ca34

SHA1
ead07dde4735018786ca7d300cc2447a78b837a1

SHA256
312d6ea89eea0ce1fd2a8dec707cf4f5d92a329b73b9411d69e01a613b74b79a

SHA512
983030fe0b87b3702ad21953a412e64cab653ecfbcc37f2d5817701cce214c59dfa9818333e9f9960ac7359586fb8acd2a3e4769bd3d0962c9b3fa3b411c5844

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754839716209.txt

Filesize
48KB

MD5
26a048a0f34d987fb22f746067ea738d

SHA1
78bb452308c95bd34fb9309c78e1388bff6894f8

SHA256
76db3164b5fa5751861bec8f8f1b1cbb59af6facc66fce2aff0de7c14e7fe767

SHA512
8846e35762753487dbf17e5994b9952677c0e60d8e41bda9c20435de2a49fbca39bf4c9d47f65a90e83f0f27fe09f2c21837a9b679a874f31f9852caaf88e9ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762722977757.txt

Filesize
64KB

MD5
fb9c619174f79baed1fe452490c32ecf

SHA1
8bc1a067b220b15d078ac4f4a88691f5aff53bfd

SHA256
3be7642a282d9f10b81bb957e38f7d77bc25bb2526ef2081f0b77a995ca785bb

SHA512
ab3973e3cfa612b916a794919dafbdb0d4cc18b2a6aa694ccb93ca7133f89fdd960af948c1645538a239791c4d1cf0b530fe3afc808c33a942b76facc5e7a5ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670765474574461.txt

Filesize
75KB

MD5
04005dbad8b6e979b50824e45647c0ff

SHA1
19d7a0b1f7b30e3c32d5029ec1a42d6317e5cf94

SHA256
75aebf8e375444f878d5b5138f99b583100dc56fb739600f487fc2df273d60c4

SHA512
cc178dbaca9261e154f5dfca4eeccfed367b2b4d1540e9d82e243f68dcb43804ef22e429c5b3982c3eee1006a625b2026007026eecc97f646a9b150ee46d6150

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
457c260ae410dc97bcec8ee94a977cda

SHA1
991e36c7ac802683c3b24a9ece6094329cab66c8

SHA256
2a15ee68ec201be7a064170461ddb14491fe51a5525e8abafea04f87b982ad6e

SHA512
fc5ac6205adef06dba850244177fcf80ddd0892b5c7946639b4a9c1a14bdda14e9244c75c3dc574c3a74f018680e664eaa9e5a8b76c54004c5b50ddaf067ec6f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
58e0658ef04bdf9cdc7b7e0ce0ee92b2

SHA1
7031adaee254884ba3b9470ca52425939c5d3b94

SHA256
cb39a85d3f1655ab9a6364ebe3f93da7d4c9ccc922902e6227757ebff559f287

SHA512
1022b3d9498eb105ecb6eed08b691ac8649511d35c0be84ea6cb162d535ca3ff0d935c9fcf7d90815dc17b938ce3ee6508785a97050de9a85e665a44f940a4ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
2e008dd09779f81d85fa782a2d3de703

SHA1
7a0790f9dc1df6ae52ccc60f0f40e07165db03eb

SHA256
7d15c8d71b5170d3a305ab321aa4982e5d248abdf74afa0ed303cf759a866750

SHA512
83fb971be5318871fd280b44c33ded63d2dd498e3d8712db23af54fbbf9170469b3d445640155c7be04ec11601d3ad93d6803f33196642a7fcf2489b91fdaa75

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5246efb2e362f7ad660643c155e59531

SHA1
2911a3d1ea2cdb977c62614790229a98da6f8c7c

SHA256
1444ead971d3b040f2508a382770e8c2adfd07c0281d1bb52f0cf44f70bba9af

SHA512
86fa681708249a5e5f856838ff2dd929793d18b98a1f2fd81d6403f3ad53b2b9e6112d4c93cf9f266aeed46cdaec020e703a16fb11aef77e06da507b44199dcd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
83901e0fcb58772438edef1d4ed95f20

SHA1
e2e39f1a7fd7ea0eaa72b37657cc67ba026f31fd

SHA256
001c69fc8662bb1a3f86197518aafe9a82073169c72c79577007083de257ad0a

SHA512
0877accab39270820da7ac3ee368440e4ada1e84067329e174269f0aaf245e191534a51b1773ac78df6857b47c46e58dd9f110e93e222f146c38858968766269

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8237e7345e793febfc71527cc2f11465

SHA1
030c72e365d784ba53780dade12ac77c355ead38

SHA256
2e056b75b4652f53123098fc5aac0beded6ca91b180d9daaf6d07afa165df350

SHA512
0f984e504a4c454f2ff0bd37218aa2d986dca50af15a1ee01ea202157a7d679af7e6872403b51e27eeb81efda9cfeec42109969f24272d13dc667dd3b1c95f15

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
2c04e59a3040b223c8080248fc3c4d1a

SHA1
8ac50f1645c72fe32e73ab249c6b89e7ba65fc53

SHA256
8caac80053827d235b5e5a5bf3ecc6253cb4a93375685de8e142b5d369972f31

SHA512
aff984cc51e73b3d8e500d8dc16e7e50ed269b05b1319d253fd9c3c67749fd08246018fa99767775e0fe20ebe9b29d65191103e598cdbcd65e6afc21e3ad07ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
739eca3528258690bacbcdcd20cec3d0

SHA1
ccc4c9673b4825e3000730eb2a45c33138014b9f

SHA256
317f363c5282e6bb2d3cae2ad94d561771da11472e5f5468867293c10664bc3f

SHA512
585e8bbf3577649c17a32e1a4591b7b70c01dc41fd6a5a1828c11ff1e93ceb8327aaab756de65b8255baeb612ce2803f2a8b825addc0732eddedaf7c3a41715e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
435a7d0a8ffb995138b68ae1b83b0103

SHA1
6d58d94d2588688f35c0eb74c4f5ba7efc50c091

SHA256
eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232

SHA512
1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a4858bdfc6a8c2f77c7666b9cba76f0c

SHA1
3d6bc50e18d155c41261435546c028e9bfac5d9d

SHA256
524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de

SHA512
92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2a579493b50d3232891d751ab198b113

SHA1
27650bed8bbce3d8c2b79b4fc92280cfa7947bc2

SHA256
6cdb5078b0773039d5f1735a2730c14447343ba077da58783dd813ea42e98967

SHA512
7e4d914de42ce67fabff9468971372a9e1b5870a77d4eb73ee7947312c3cdb87f1fe7462c85944e7d95db3a3570a1557a9b84e96ba3ed2109b73a34e473344ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1d05806b41054bcd3d6472fe6f821090

SHA1
8c6d51ef20509d3867043f3b788bbd7c051c7d09

SHA256
081339e7041f7c0ecc6499dc14a7b92c0d8286692569d704df6563da388125c9

SHA512
1732624e1e878ca45e76f8c573776d2c536a1bf449eabcf7620f39aaffd31b6069b1ed0a2967a2ffb2a309adadff7bfdefe09f176c46cf11e5827e356866d934

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
42ab0a080a9423afa6499e84068bbdd8

SHA1
df73670f4fbc13c48cfc4d3c6254ef6f71a91efe

SHA256
91cfe2abe0e4c71d8f9069a23a1923874a61d1ec252806dab395b9376b150b79

SHA512
d0a397f4a6362d1e8d869f9618407399e8401994aafb824ba3c664e8cc54e7d5bd5af7c463198124f9d66d4c25afa89ba4d7d75b939afe284f1bca6efea25066

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
8ab0e44ce34b923c1379063db48c008c

SHA1
80c9d685c18d43b8c5417030b33edf49ec5c9651

SHA256
c710dc3e970787f6fdbdbbc8f4523efbbf48ee0ec9eda969271baf4ab5c4b11d

SHA512
027102191619f2486dac1e7cda14850a8cafd20d168309ac4ee3dab44f3fd4122a1812e3fd4bfeb9c344d9e7cfe5015b587b92a9b6d2d1162b7db058a93fbbb2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
35cc7c37dd3d3c13c60ab5946e79be8d

SHA1
7ae8725e7fc56fe79a37c97bc49225fe9c66cf06

SHA256
c31c505683ae458a592b58225d2670b1544b448f5dcfa9ede2177414b6318f1d

SHA512
15bcf2b06bd81bc87bfb1f9084ed3004d9b07c6ac9113fe3326098cc6f0371ca86257b9f705eacff877485718e3bcc0c2a1ddf201a7772fca133658b06c3cde8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
8a3af5c8b24a87b73324089c159029fe

SHA1
b875493cfeca669fab395469d8478af2628d3ddd

SHA256
b6f91234d9f4636415e92f0dc6dfaf44a72e2e44816bfa06230127118b2453a8

SHA512
4d866e621401ea4517348c922e70206e530cbf023854cb96ed07083d37517a15a4a63ff288226390bd4655caae37a4c226a77f401e66d7386790691d915d6952

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
bcc3b6c03ebe33a84d205897e3be4a95

SHA1
9eeea28105a1ecb3de8fe8a10c7343aaa03c5162

SHA256
0ae7a5498903310ef3e4298e4469eae5f5369080ad930298e4d7d376ef315eea

SHA512
04fb85b418a5e5b9f1101f9638f4fe6c77fdeb73936967f1e975e8de04f3760a1917e83f700e7de04b8763cfd4d401715e9fda9094f4e8f4dfa6d0113d191ddc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
4137a9b8114a6bd3b58838c57cca8e10

SHA1
cdb963a604d4139d21c5e4c2236c503120cfcf44

SHA256
b0934e081b7b58f3970c1fb918f0b773815eb2617e6cd2dcd48b66350cc6d465

SHA512
ff821930550e50bc573338a0b29f4308685b622e380ee17faafb8a2d3a2d754e4c89ce5e6481873e962673ad5472ee94b86c1b7a71d1726a4cb4ae8357f21a7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
337d462a5dd385bb7a50e66fae9383b3

SHA1
8b35887a3a4255ded24e47375270900065b06410

SHA256
a21159af8e5145abc9e684f8da8560bbf8c96488f8544ec83938b5df1e0400b3

SHA512
10ca3bfa9265e5ef468bc97d650ee9a60d8a821ff57667ca5dcb708a5f61eaf279b3dcefd14308a1e4e5ea471d91d883af73be8862fc9097a8b36afd4fb446f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
afa3648b09d6a89e47ad8d7080d7dedb

SHA1
4b54e5bf8797ad5efe0eb685bd53fa761800aa35

SHA256
0782c796f701a6e7426f0f50ead6dd30581091e2946a76d163733758da9dc488

SHA512
7bdd6b2e088b17e73c9e749d5a7c35a2ec4bd5ab8bb61e9e31d877b9bfb68c45b85ddd879406043710e2b5f28f20f12147f59454f87e4e864a6eeb2c08856650

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
d89ec17d424f35e6adab96e9b00c0704

SHA1
4ca8ec880e5c2e0c85d253d2c4f670c8b78b4710

SHA256
3d9571b0f97d0e820683cd136e7959c09b7795d73be557cd99a7f91154e3f4f9

SHA512
91bdeadd9c778c79d4d1a6864b4296dcdcb8fa2ee2623c67a46a4957f3c3c95cb5cca0a79837f568555ca9f782825be0f58598271a06768946eaf96f3ccdaac2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
d2409a37df400edbd5be974829eba49f

SHA1
7e78dd539ade0072ee1d543bae51c698897caeaa

SHA256
99a418623af9696b91ee4a2e9b07cf1de738d183ba1f838f9cf6d56a81a553cf

SHA512
933f36ee9822d7c233189ba1f74a3df5e6a543e5576779f3ffdbaac5e04764e6fc88109804877e34f64e6c61a15297bb75ea83b1b1494afcfe44d52e1ab95c16

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
3a35f54011bafce445b985b5cca9fd93

SHA1
0b707bec3c5d6d3767cdd99adeaf68de6218bb42

SHA256
c2adc02720ef0aeeaac7755c18f7fd13a7c91830c472c7b3d982270464613869

SHA512
6e42b2ee7d230d22760ac1007c12725c4372a9bde1a9fa9656c69e8163929fea954b0f8d538cf3147e46a00bbb67f0a772cc3452c897136aad3cda203625d51e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
27d4b27c97ad3cd7861bbd51a89998ff

SHA1
64532490d2c2b563bdb2c5f7ae4274c09e361f4a

SHA256
a8ff08565ce36c26c008f4bdfbbe195885d92daca5c025f72007adf0353f0a48

SHA512
be22d9d5d1a765e8572443f806dd12d3bbed1c2ebf3ad8ad8798b2764372ff0dfec27e96124e1d0c1df127b2fb6681c81c762e108d10c48be51bbb9727eb31e6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
ecc2cd2c780ec54bfc416123de42083d

SHA1
ca5de2454d51d9adebbeb45a66585d2f911c15e0

SHA256
2b85c40c0870c89f1f8b5aff59772dd82a90fc61da3f7fd451cc62567f39fad6

SHA512
43344d85bf0b3dee6e62173f8c95a37561bc6b22f40c89e6911bb10e7e50137226ef499297fb105794f35e2523b95083925829e509b722cd27b00c240b7d6b76

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
bb0ab5318f3b6fcae7ce08f0107afd39

SHA1
afd3359ab05ebe98064f9aceb541b019edd1ae27

SHA256
41a742282b4e10ee8428b26823d56f7fb8178482fa6ff915bae1cb0a1bbac17f

SHA512
9c246d53f2f958e895f5c93baf164a609482a697e0e0ca89c213d16924f8c3368222ccac0bd524aa9f42695d74236e00bba6e7ecc8f6a9f20511a5055d75b6a3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
f859f91ce6164050a3b83dd5058544af

SHA1
bc1cde0310c16526beb33a120619e5cda64ff9c1

SHA256
e2369b9af100188eff2f5f93e3045ea4f1a31270a606303a74b94fd772ecca39

SHA512
b5efea0847c87a369a1b75c937cb629da28204695f4f32ab6b187944b4f39ed710487e2624ea1a2950a0eb919c8944c63017aaba10d5f441f477fe06cf2d9f19

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
7ba19571891fe380dc1a17782060f20e

SHA1
8c59829a666178d96d3c791a4f868a9649ceea47

SHA256
af65d66d3e1f1c7c0ee34806f42446b786248fe67542a1c2873ededb8fb4ac0d

SHA512
d0fb42004825dd6ab2513fb57ccf3cbd151738180388aa18ed19fc72142dcacf98801d91344564d0a302924c5fe97b520ea83db914449a9c743384aefc707dd3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d33b25af0738024aa24f7d906ef73dce

SHA1
c063ae1f192ed6d5baf1f41067580ccf8f8548ad

SHA256
9865b86213aac6429195dfb81b03c07771735ac57752f1b2e60b1d49b20e6fe9

SHA512
63f1c1f90e56fb28bd7d0b0736f98976e341296e94c8825fca3e32028bd43233e4749bc4a3f41f9133e10b7c35b3cce1860d97c8c4697ecb5cb910ad8940bddd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
34c6fa31f82058c99927cc9afeae8828

SHA1
f7a3bdd7f4a101fbf01ec3bc0175aec69d498e7a

SHA256
325c4336cbdf8140ac3957e762ef397ee5108b74c8be8796a630a8202cfef929

SHA512
b5543060c27363ca9fb23ee63a74e785292466484d818a1542e8d42ff03d1988537ac7f5010959d40056119a19107dd46000163f83936148a47b23be7f10a324

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
2e2b0126f512f54f120d113411b02446

SHA1
d75bb54f4b93c61af4f3ee0b63988beaf1857369

SHA256
0919a69d4e301509e73e4a0b08418d63a8902bfe171075d99c1afa47cd1ff177

SHA512
990688d9cd24b45b0e98fd289824c31eba3f3da750231509cc68e35e9d123b536331e27327c8c7ec25e21c85313f6efe203cbd4963f371e93c26d5481b7a5d40

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
0ef27196201e7fc2675765eeb6bae414

SHA1
28ce06d6ac26125d5684e5be0290e5ed6471cace

SHA256
fe89cadd834ca32f587c8d02770c7952a951825227ad9bbdd185da5972569d0d

SHA512
4f1be948a6554c1ad43259c00cb9087295492d214c8d77b861a22dc2c83c380d38aca917bc999dc8abbcad1a9cde40723318fb43a197784398927ea74ce139d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
e9f42cb59129067828087b50bdd960fd

SHA1
40090f552b85e98de448c4b9b1cdc598a0232220

SHA256
6e11050f2a71554a658d055abf1ca2eb4cf909c9b9aa172cde17c70f3d3327f5

SHA512
b9ff9881c295bfa9b0d37c5a3ff14f789aaefc78c943cb325f19c9ece6350af6689d8bf6e8171237d709dbc99cadc10072b84e3aab1d7dac252148f830efe62b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b1ffe14dc0ba846d1af7059c18b70c2c

SHA1
46a911d48af73601f68ebfd7fc809d9ff11b9da5

SHA256
cf8b61a58370177637fec58e1db3904c169ddcaaa1841e7b0cf2422f99c92b36

SHA512
3f98936fe617614bef9fa35a2bd6840eb1faa76862ad246b5d6c445a806a79466608062a367a6f18e03e198b78237034ca2c109bb3dd5acff2950ecf2c0cdedb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
6a42575601b128813fc65a84410c5575

SHA1
20d1268b452676e4c8ff68a538c8d2662ba98856

SHA256
c8125fefda3ae3e69d9cb4479493f74ae76d70057f2281f09123c3e6599fd9c7

SHA512
ef15217aaae2afbc1f18f546a54f5953c7264d677d112e96254fb7d98b24c6eda3b0eb47de263c8699d247c386753b8c7441e0cfa095e359435291a50114d871

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
c3533e63ccc974fba78866f20264dcc6

SHA1
9a00982bb408d82e7425a9f0a7afcad86d3b3542

SHA256
ea788c8b80b2795a87f892df57eb86cee1f61b35017fb2e4e78c794dd9ade1a3

SHA512
92533eb9ff87716ab171952f0b66c056ca77baa0816fdc3e2e1589e624383a1934f8201438a166263430ff39c7140f2fc09ac8be0510adfd5e1fce4e0cf8bee7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
7bc9c8b90115741d6d30aaebfab5f6f1

SHA1
4415610c2a14cf1874bd12b7aaf5f084ea260aa9

SHA256
e2621c57f804321fad41cc3a2c1feabf5d6198e75e3151973b6d88ada96dd3fa

SHA512
9a0e8006c1ee80eb7afba67b52034286a1c3f77789d3ba4e800c49c79c8e921c8b8a9d69c0e8f011e5df1838f8e65c4c595f42531ceac0f3f8a1ef560096d8f9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
5d2a177a3e9538dec8ab51d2bb6e01ba

SHA1
818fe36015d0ff96205ba66570876d273d8d8b38

SHA256
276f28a83385ca0754554a64d402ad1cf1989dbc0d323783393d2441373bd748

SHA512
9dc0a15e0887e4d68c2bb452cd8db5e59151915c1e0f43106142cb199497b9cc7ac95c265852b4a148b420e8f09d70f446459c3fb10c9ade49aed887a96ef17d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
73177e51f18073bfbdb0edf3241c1fe4

SHA1
a4984b7e5a540766568b7fbc45339c6db7526e21

SHA256
b638446e84c76a68c5257b8a08eadda5e0cde152900e785432b3523613688682

SHA512
e0045b86580d096ef3b9444d3c274748091bcd6666f3b2af7400db840337a47ebdf08d7281cdbb3f1073d5f41f81b0e6c5d08cdf01a888c88c3df8b347d565c4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d7847850dfb8502a45b7cbcc5e114869

SHA1
49260411197d421d872fa46fba5f38694c9752a2

SHA256
2449ddb7380dc94b03c50edb8c9238bda447b1d1d6f48d51d82a5a87c8785dfc

SHA512
c6ef28f7afb08f50cb7aebba937d6454c97004cb22ad9c294ec036f9ed952b8faa709b401e899300770b8fc60830b5b6aeb27ab897710140f64e5500922b5ff5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
718423716b8a9e113b5cca0fc10f54d1

SHA1
b61fe9145ffa8eae3e3fdae0a1db0dfe224d27be

SHA256
61c80de642fee2d0c05629f9776f7bccbe2ca66180f4e96cb04f3f4a60e257ac

SHA512
0fd198df57a3e5682075e4a169008d527aff2481f015d4b05c3d77345c786522c4b9cfc2b9938828024cc0b9b00ed8aa20a56e4e9b57e4954e6f85a77beed465

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
38ea5da5e0cb140641695566f9d9166e

SHA1
0cbce34fc540e370dd78264b3ab4ad3ccb64b5cf

SHA256
3354f61fa9ac09f5ec69dbf81ab7027bd7265cda2973140d8691ff28c7276215

SHA512
89915c8e33710bb35f18ff05b692dc927822ef2854c1c5120b216f45511dbf720063b36c7987759b48ae0ee5b610b3a5f197208ffca9c860eb76795bdac55169

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
6aed61775d432fa63a5d0a90c1b20962

SHA1
60c71d33ff8e8c7db409da3c851010fcf8efc4d7

SHA256
b556e86cfdcb3ae0f7e1a3640030317b4b2847bc6457df873faa0143483de83a

SHA512
453f0fcec0e3d5cfb5036865e74669f473635461dab003c240c7278eed4d322048746cc48490893f3a441f52099b8d29bd575c8784f05aa2e7aefe6e92c754c1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c2a6f15ce13e604e1b328d069b3f0d68

SHA1
bb1b35bc393baa32a47d2e7c9e88e385d8dec559

SHA256
a03a1e8794f3678a3ab5d4b397f2a2570914c7c1486845461e0775ca2b6d9793

SHA512
bab49a4d76c8bd251a5ff2c2f5b07e4ad56bc36d776e9854706a20cccca1720411d707d9feb00da694a3ab5a6bf044e56c08f67af761ffae58db12e99ede6baf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
d9deac7c8090c8395f2c26b149fe9016

SHA1
8f334ade00b152f6a8ba56b4e70c8d159a2fa096

SHA256
9cee766acd304489f3fb3ade4f58b3c8f9a1f4dd7058e72385e21801a70e0747

SHA512
0eecdf0a0d5f0b0074209dfa3505c6950d7401ddd0f2e873a171127b9f1f8e768f2e15f1ea204072e2dd0a3a7a509a3ea6ee27d15b52250657ca0c334ecc3b01

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
550ce4481e46274bf6c2f6e68e14aec3

SHA1
11a5e8636edeffedc9d131c4483efe56181cc550

SHA256
f0cb4c4ac96e510ff25577670a0e6fa2224c8ad1028470d1082d57b566ba95d7

SHA512
1641dae473b35ca47fdc006f48cabbfb41dd76cac30fdad11599d581d15a01b619bc58ba33a88926a00a3b3afa8f9f85a8704d57e356a573eb016039876701d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d79780d930b153b23ba1c0360f15e598

SHA1
2eb36250e287fc23f925c7a70e8b1407fcfff30b

SHA256
ee19289587c1512fd89bf455f4d9ca71f42e6f5022eb3af05256b8e2f317c6a4

SHA512
ce50c9a4bab2672e8b117ee2a448c0e7c16c2f0022dcb41858e8eb0baa7d239f0f8eed9f0d09964467870da6a0f33dd92fa884350bafd24f2b74a3d4a2dabb38

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
ff4beed6d62349b541c16b7590bf78b6

SHA1
df7aea5a32bb248a691bf188a07c93bb353c2b3f

SHA256
023ffc4fdaeaa96d630ece212d0065b072187919b40d72af83d434c9928a0060

SHA512
b825246c2c06b2ff8e8336da5277e84817d45ae2cf932c76f467db35dbfe92df19b696592fa9ab3a5cb99dcf1905704a5cec42fc73715b75e9dc51a0d6472f4a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
1296cae7441dfb4c7a2aac74f782456c

SHA1
ca956ef39fbdb67bddeb0bdc127bc0b8d9abe94d

SHA256
d6a167e427b54b7bb547612b76a614693950771974116576609b8d644d88f207

SHA512
b48d519c4d3cbdfef5e2c87e94041a9de0cdcf86d512becb5f4defd87d23c26e7b629618239279dcd34620063e3f6df5be8b6551acac1a66c55feaf664597c26

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
015f438341bdf649e086af2caa4fe1ef

SHA1
039ea0fa206b081f253ddd5e09d97f53b0e7bc7c

SHA256
3ddae40301f70248b244c0e4612341364b1595e4962eab54fc8eb7cf120a32d9

SHA512
66cd9afd4252c9cfcdce91dcdfc2e49ae370e901c1db6cc555b86edfe7ca7c3cd232394bd79c2152cb96d8a6c5bedab92df364e104380fdc3f9dd7ff6541fbd0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
fd570ec39df8ae19fb87c32c5661cdfc

SHA1
47e8b48e8ba8eb5e3eab180f6d3ce14cb9d93d7d

SHA256
3fb6cb166a26d2db8789c37e4985e01a212b082749ab658401a44cd9983a1a24

SHA512
a96832bd6d06c635a0c143271ef92ce22cb3a09fb6a9aef8e0cef8ef8f0e1cc4920bb36585aa251e196cdfd3deb25c689937960aac7359f30f42fc5eda82f9c0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
204ce26f63650b19e9f746a8285ba0e4

SHA1
112879c4819f5906b779e41c0121bdc94b3afcec

SHA256
03898086efd908042e2f3879b89da29fac039d9b87e6d0a90c6374f75b6cb597

SHA512
6d280ef7dd2ddd62f0e734058633f13ba317718391a46a8df8da8d3f67b2079713db8dea11c9270ef506ee56c99d54fe668c1f29c176e90ea6e694b132de2739

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
1d8ab42c88e60f7e87db2885938ec042

SHA1
fb6385d5f47f0262d247d6a31b27e4b45990102c

SHA256
826be93ecbf909a20b01c6205955daeb1fc0506a8493b88393343bdc3290bd6c

SHA512
056dd4bc13eed75a9c5dc2c90e1ffc1681dc84f1fd84b5418a5069952c7a455a6fb657e7ae1e7a91c878eb67683272832bea395440ca2a235e1de87fde60541a

Download Submit
memory/4720-10946-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-5374-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-9983-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-11323-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-11350-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-5371-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-11355-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4720-11356-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads