xorist | 05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Size

6KB
MD5

142dee4d0f5e7f5cef251ce32bc0052f
SHA1

9ab68b46167b0aed7cb3eacc2ca7a1804b185955
SHA256

05e2eebed0f975898406d5ccde2c7b84806efe7c89ae051c1756df2670a3aada
SHA512

95d6159c79a323f430ecb4f32fb7c1f5a677839d5a1e3d0e9c5707997d2f20875c988a196f9448e4a4a5308431e6daa315736aad16b4b945fe9fe3478386abd1
SSDEEP

96:q1Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExnPnhAillj7jRmW+/bOo:Mzdrr1FG1WDCgmjPZ5vlXMVOTMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/3556-6217-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-6221-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-10657-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-10849-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-11160-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-11165-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3556-11166-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2176) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe"	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_ddaa09c6103bc6ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\multiprt.inf_amd64_a9b96d6c7813082a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mssmbios.inf_amd64_9fc7fe03de136fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wgencounter.inf_amd64_f496147578cad554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3556-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-6217-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-6221-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-10657-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-10849-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-11160-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-11165-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3556-11166-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-unplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\DarkGray.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-200.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48_altform-lightunplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96_altform-unplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_store.targetsize-48.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-32.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-400.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.scale-125.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\virtualAgentSmall.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-unplated_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\165.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80_altform-unplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-48.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-36_altform-lightunplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-48_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-96_altform-unplated.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-30.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-125_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v1.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\EQ_ThumbShadow.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-200.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui_31bf3856ad364e35_10.0.19041.1151_none_361ab30ed820622a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_de-de_d9073434864dd997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square71x71Logo.contrast-black_scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_pmem.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_baa1ca7e60214724\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.19041.1_none_01403d15a6b8a2fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-32_contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sud_31bf3856ad364e35_10.0.19041.746_none_859f3f8ebab96f33\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_10.0.19041.906_none_be2d2e04aea57ee1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..serframework-legacy_31bf3856ad364e35_10.0.19041.264_none_2f70839865657a50\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.scale-150_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ation-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_0cbb18f40aad967e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8e7e66b9265396b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..extension.resources_31bf3856ad364e35_10.0.19041.1_de-de_275d266ee55b9643\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.scale-100.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deliveryoptimization_31bf3856ad364e35_10.0.19041.207_none_a87fa27025b2eaac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3conn.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_edf0754475854d7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c8b2ef08872465a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_sysglobl.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_74379858e1441ffc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.enterpriseservices.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_f272a00f1bab8f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ci-wmi.resources_31bf3856ad364e35_10.0.19041.1_de-de_b36133a9fbdc77bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevwow_31bf3856ad364e35_10.0.19041.1288_none_bbfe125d1b9094cb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.19041.844_none_95c651508e565d13\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..rservice-extensions_31bf3856ad364e35_10.0.19041.1023_none_4166b463db472387\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_26106e404a36bd5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cameracaptureui_31bf3856ad364e35_10.0.19041.746_none_4bb997f4e1eec8ac\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-creddialogbroker_31bf3856ad364e35_10.0.19041.264_none_8c0ea69ad94a2cef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe.resources_31bf3856ad364e35_10.0.19041.1_es-es_0c772640c100dc55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-orchestratorapi_31bf3856ad364e35_10.0.19041.1_none_ef9cac72e793b5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_c1db7fa20b58746a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-i..2platform.resources_31bf3856ad364e35_11.0.19041.1_en-us_425905a3200d37f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_006e256a5b40b8aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-refs-v1.resources_31bf3856ad364e35_10.0.19041.1_de-de_586a6d14084ce81f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.19041.1151_none_23c0aa3b7bd960cd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_2728a1282da563c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..er.events.resources_31bf3856ad364e35_10.0.19041.1_de-de_4a71e4d4ce4a3c45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\filesnodeicon.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-100_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\PrintDialog\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_509ae3b5d1cf784f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.19041.1266_none_d375b5361b806b32\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Ring02.wav	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netmlx4eth63.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_dd4536dc164fa9fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-web_hightrust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_e95be31feaa25a13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\DisableAboutFlag.htm	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicepairingdll_31bf3856ad364e35_10.0.19041.1_none_23f44dd1a26dd9af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\wide310x150logo.scale-150_contrast-black.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ipmiprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_31cea91175c6b739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.19041.1_it-it_3e063f71f0be5330\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1202_none_fb3c6d3331975fa4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-rds-shape-dll_31bf3856ad364e35_10.0.19041.746_none_51ea1e4763906692\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\DisplaySystemToastIcon.contrast-white.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b040de60f13b96fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_10.0.19041.746_none_bd7cc408a2f67fee\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..r-library.resources_31bf3856ad364e35_10.0.19041.1_it-it_8b2a84bfaa22a25c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_d30a83ff81d13ba6\logo.contrast-white_scale-140.png	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-proximity-commonpal_31bf3856ad364e35_10.0.19041.746_none_77b18ddf81476f08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_1ab0646e3f323fae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-mscorlib_tlb2_b03f5f7f11d50a3a_10.0.19041.1_none_778d30e7f6787e13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..mprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_5e4466525eb51956\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\appcompat\Programs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ai-machinelearning_31bf3856ad364e35_10.0.19041.1_none_c4b20c812d897398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open\command	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe"	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.345345	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.345345\ = "GUSAZFMHRVMAMSG"	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\ = "CRYPTED!"	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\DefaultIcon	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GUSAZFMHRVMAMSG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7y1d3fjj3Fe8yhA.exe,0"	142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\142dee4d0f5e7f5cef251ce32bc0052f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
15d6f2eb85ea1e729e841a3e1b9a9503

SHA1
951cd610291146c36231903e4382dbfe3082fd95

SHA256
c8bd3f6552096c5948028c16c12ddca54585ce8b44e356858afbce48c8528511

SHA512
a6bcfb2a5309c318149500fafb3202a61e05f1024a307da80a1d0836eb87bebdc916b89e82f5911f63fda3f7a0401e68e50c43c369a4cc1d672653e99550f58a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
d8f8e6fee216cdf4178660345d13a88f

SHA1
2d748278d27ffc156e9bcb61bbb14c30e11097db

SHA256
41932d73967e62a6dc0ee9eec90f68c45d14a29011495c23bd16332d6667c2ab

SHA512
151ab01b5d8b568f960dcb0b37fa0068dae4d3a898309a046f4d4a74bbfe902320b71430e093335bdc6b7853d60882fafc9d1d41fd5d8eb42c00fff15b338265

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
fba35a39e0ed4a2da1a1a78ee6e424a4

SHA1
2e681a617934afbda656368be94191425a594432

SHA256
52aeaf09d1fdb78c6ec8d7a2428e79570d3dce4f2e15b2bb2b145596d4231420

SHA512
b9c76652a42bc92e03a1cacb1dc96378d6ac9e86e39ca95e9705412a226b25e69aadfc60d9346283fbc4e9961cb8c02d20e7a190b7e56f56d2eda9c23ff2559e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
51b129a4b165998b51c50866fc7cb3d9

SHA1
d42a9a48b39689cae3470f41222619fd96c5fb05

SHA256
e21237955cc4f28ffdccd8f1862810c435134442284d70c70fb9cba22956704f

SHA512
c98a3f480b4512036066dfc9f2f9d727e7ddb054f9da24bb2e4b27a1b745d7fd74e654d27e27e297c7023741d8578ee7853fb49ba7ee07755f6893c0d8ff059d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
2e8672337c284c6d55ac9453465f13da

SHA1
85625ecfc496ca9b96f3c84dcbfd220b26951f5e

SHA256
2239e26bfffbd5d75c7302900c8048e9618a5282255985c9433d33277a361b1b

SHA512
77444043d17c3e775b007d536ae404e8320c5a2bb4b82b159a6558f9f9084e94df4c318d44082e1cc4d3ce986de806ac2f17c3a9cbfb1f154cbd4a1f60590a8d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
700e9b645bb2e3179ba8e9ce5560aaec

SHA1
0331082b1500fa0a9ef962c5797dee838a0fc60f

SHA256
7d18df9599548de39073a53aa7da80c513c6b1ab7d6234a8e056d928ae0a2403

SHA512
3be2b69c23b34885f0b7033be3ad2967ba525240015c30e1956a52514ffb5f4cdff55450b4b136fab03ba0af4cf72b9b05486c1b1de0e349669d5369ac0e282a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
0fa6bdbd37bc117af1f19603d39b565f

SHA1
d8fc92e49a675926c6f4595bd16e9dfb1bcd9f3b

SHA256
fe8ff25a03e4f631a272976e5e5ba28b3cac2a0e7f31303c70d7e0f04dd34059

SHA512
451bb81677292bf41b81df36b3f88b4a0c5f36edebeb7888b0f50a5b63fc302e094755c471621e07dd575a62e026edab4934caf65280691d2849540070dafaaa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
b60480f5e52947a284d39193027d1d5a

SHA1
60fb972a05c4953bdf5b5b2887c8e75d9fb6b484

SHA256
b93e07a2fc325d735631993fda77748e0ee2485b56349a73815db0cb77c72b8a

SHA512
6a7fae75cc25c8191349e270babe0668bcd0c7e42832bc98bcc873139a35284165b844d8b283515aa81b3a0ef015d3a3ceb317901f844dbb47634fee4ce879a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
dccf0c87ac3e95323351e6dd205145a7

SHA1
0acb9b875ee9538396215b69165e99b85b9b9c5d

SHA256
93db5f767dfcb5e0ad7628fd919dddc13267f5eddedb54fb398eae7763b4b8a6

SHA512
d1feb2cc0821217c5f5c49dea4bc8fc439ac116e84bc35b9d5c154e57b02c295dce1b06ae82d24ab3c83f4fdf6a010d39cc2cfb9d325f58d9e583453ef6ee782

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
6e8937e809d2462755ed9838a057fe7f

SHA1
aacccdd083417431c26b954444dad5df17e8d33f

SHA256
d1acf9eab0575a3a8f7bdb24cd399897a68847b51624a66ed54f2d32a230c63e

SHA512
94584d279a6248204ef66d43a06c69bdbc07179ced205d6469bbaa48604886ab6f22bcb54d372202a5bf5b6baf3471e9f22e6522bc82b02c1c3a571b16503a3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
f96025ac592ebc92e66596f8c775a3b6

SHA1
bb16f498300b0c1900fd6e9d6846be4a17d524e8

SHA256
2142efabaadc89ea9a7c16c1593e39302ba911ad62dd9ed685e9a89b05f3c8d5

SHA512
530cb86891ac931c00a74d216bf513ab12e0bc3442fc9a3be73eb8b6aa8a063c7f9b1a086a885efbf1b39deb3a9552ecfd8b5dafd84c95cf7b9e4e55a8c4ee64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b76fcee2d076fc17836a1f3867bccbf2

SHA1
8f186d6232d01b67697cbf8ce1e997796d8edefc

SHA256
33fd6c5a4b6c174c9ab7afae96d05b827abef4b7c6c481161c5fdce3c5c68a54

SHA512
e86c71f98031b6a9105a5f8ea454797af15236a20e29f9f15f0856102fc3f169eefccf929036a062243a8b79d15e057ea9081d0e547d6b3fe80972bed33dc6dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c9cf3135f5259861d443ff216b6d7d45

SHA1
eee5f99453f5db746b2b35ccdf4cbefd8f7a3f20

SHA256
635699afd5c4021885e4c7592ca5e8b3e9fea01ba847270bd5917497db9f6267

SHA512
46bef5b04e2575d7a688dec86b7b3563af0a7aa1a9f00f7269831bc21ec5d49d4e6ca8161933b524da9139390f7976d82456770be13f7951aa797f772c94bdc4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
6081a1ef9fdab4ca5885eed0e5fef746

SHA1
f6db31aa5ec9541b1da72e8352ed8bbe9d97a936

SHA256
71fc5b6203557d60e130ace30a9d4434a0f1497bbd62e122f7db9937a828bd96

SHA512
e210a99bc63ffd744c8882bbb3f134bb8eaf7ad76ff0c14fa69602bdf44bec344aa90288f3cd1e5726f70fccf3c53b4a7aaafe69ca4987bf6d9ae773e11afe8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
d01cf9b1ed4958b1fd51a5060f099430

SHA1
d81cf6dcef9bac3ea03eec71e7bc4a693272f26a

SHA256
e55cc964836665d1c3d41f8435c9d5b5f5f750b7f919691bed252284a804b11c

SHA512
260f1f9c4b22e07d199f4973c265ba843ea58e90bda5a112cedaf9a9e282a642c46f7f3a4f0420f19906fdeec59d2b9988c65631811e403ef086c544ef881787

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
ce7ef7c22125a4e433c5ecc88d506f41

SHA1
60087818d60e1134929d90628d08a39ff8207303

SHA256
1e22a0a72d692b0bb20868350d5e894444baff44ef1cf14c5735fceaa5a96658

SHA512
953ed846df2d7af1019141defb0dd8bee6ed44ce4291e630b8adefc2630a3e2ac1a9236d0f391cfafca91500bdd878291aabca2bfebce2d4281ea7d2f2d463de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
8f479bf382cd3ca7232aa219e12d3f23

SHA1
6c8d63d3e7f39b42bb055f59d42f3bdcc424d49f

SHA256
92fef38b25ddc9b2a73a4191c5907e856f87d3a8bd228a41e74f378fef25d372

SHA512
436842977e2b2f99d0da1b0aede6d191a06783831f2dccc13d022f147fb4ad1029977de8deac1acb8ff739f1c9d0616efb7ccc2436e75278247f18f83a7f4b19

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
4e14004cb5661f3d5bc8ace254028b1f

SHA1
1ec4789ef624187c46b3805297ea7e6cac68f0b9

SHA256
1ff70dbef629d32cb2684a2ca4f0330207398596f01e002a07d3fa81cecdbac2

SHA512
3b9ba32d81592fcab5cfb607eb51c9a4e87dcc6beaf63057cd7e10715d762d0d9c4b58abf4da138c04d237c6ed50f3e9faa47a77f65218b9f53456b465958d6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
71a3feb96b1542747621185a7162d213

SHA1
c3c8baa4276fc474b434432680afbb24a9be9cc8

SHA256
69753ac7feb74fb0393c5c96861357a963765f853a94283016d413c15e34b1de

SHA512
c21b78f47c3d452b723560561a4237edbe9e905b95bf1ad43cb88107e04c664f91c98869260ca22bb6d3b9957fdd5e3e02ce2185b136b922dff1826e98c58a69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
eabd0529392ada07449a89a502a6fa68

SHA1
9481d42ae62d224881bea1d3f1ac232170e0abae

SHA256
853f563e85cd150929279ad46ec65176a49f872d50b3ff519cd90c7492db7258

SHA512
658491aff16061b4291b2caed80b4f8d32bb0ca125ab82d47b88e62a8346d849b34df753fc4d2203180e6342deda9a1f301e3e9d0c5076ba07a9e7b876764ff7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a734dfb60ed844dce0d1e0b8cab63e00

SHA1
cf4d1e8905e7e44758fb31c1d55dd3821fb62190

SHA256
e5a43a97391f95e30dce8540081edc3b5af9d3811e431f06ce436eaf45d4e822

SHA512
edd7a8a659e0786dff8005a71a7391c92fafd9b1f5fcacb681cb56cc9964e8135e4eba1c4b8da4fa5954e9c51490cf9a111555902ab61b6d0a3f231fd070d47f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4d06921e43bab55fe4b29bab5b31a5b5

SHA1
06fb923f9673ef6e0ed8866a05a89ac5847d34f8

SHA256
3d7d4d0929dfa81fa33f63aab942c785d784892797a54a95e6b08044186e050e

SHA512
83d00113b0f09d1020f41705ecf73455c23cdab4b856602379751c5c2c385b9339defd4c029b2c58269b639cf887cafe9342ab94527bd104170253fb59eec5e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
b06c3ae6b2754176cc5d975a7ab51416

SHA1
7fc1e9a8bc5b4c49b90a61a98287e28b26281b58

SHA256
b3cdf3f014b3cb75ab6ec00fef0baec7b3ff52ba09dfa89abce08bc9875a6b8b

SHA512
945bdb51d286a3831d65ddc5971865f2e4720483aacfd629e0bd124b81513318df3cae30582aab1831df12632af914bd6daf1b366adfccbe8770670eba5d017f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a669e912d9a9ae9ee671423924d25d21

SHA1
fbd64858ff53249aa75b4a6f1c089c59c7ffade9

SHA256
eb898ac473718d8551cf4064b74fa37867a9e092cd5457428311c28a9aa9c592

SHA512
2415e884f5716c0a72a95c103f59f28b24249ddc6ee348dcc255dee9be15ea6b703d8df6027d42a6106de7fbe410e5664b86b7856b2a7670533c4f4bc136922f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
24a3af0c98204c3020bbf000e1865f28

SHA1
76b61a987506216564a75c4e8df080e9a9f0df1c

SHA256
652c2485ee154a32291eae91611e0eebd9db7463acc0cff993d4d3a8fad8028f

SHA512
c04e8c0f08218fb79db9173e2890336c34db420ed1e8253438d8493514d17ec3a55d7531bce73cc94fa0556ca19f536256f6380b13ab633fb0ae39158471ae5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2ffdf20c3fb0deb58c58991faef36827

SHA1
c5ddd8ad88a41f4e9e42c2807b3803ce14da3b17

SHA256
5a69d73eec0d40b2cf80553626cd82790a97e648f6b6bbf24a6f79da71d5fe16

SHA512
bd8ff2cc9122eeaba1ccd0e3a6ee06086218ca0294874a9e14eedb508485b2dfbece4aff0325925863875e8d3cc4b66c9f6995a35679ae0b5210291c7d6bf198

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
2f981725ad3bde85f2bc409e303aa279

SHA1
1463eee05a03004835a13767c7d0350b32698430

SHA256
9d4ca4573583f293ef16c98ff062796fc2c2b7fb4e89c9332c49efbe05409646

SHA512
5af9c403733744f2804c88c249a1dadd8415e7ae263d059f5d5467c553dfde73c7d5ca41aebde4c99992b5ec61308a8bffa5a0a027ea5dcec08c22bc937aa8d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
7f4f9ed9e7fa82a5d262c504d9bb54b2

SHA1
7dcfbbdfebb09cf5cde3ea11d96e7350444ff52b

SHA256
2d8568d6623957c65940af93086da7b2eb5a8da98cdc15810d6d3bc8e782f836

SHA512
bfab9b5e67263d2b3d2367a689d4b3442e6711059dacf0a6b55b970b8d41237ee2f593be2aafe1c32e667bff6cad51eda8a7ff2c55fc286fc7d62c55380324f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b5cc3c2911f1567176eebad1cf324a9d

SHA1
b149e343924b471f6a50175b8d8e15b34469ea36

SHA256
4aa60f55bfee10c2c0e8405e8e44295df3896845f430d59c5f7d3d34973bf6f8

SHA512
e1efd003c16ca29108c86d189ad82c6d43f4d7459b82075884e518f4e173f72efbbadf0a8d076114ed5455176b71419d846254e9b75212464fa2b8f381a9213e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
47110339cd21fe12b0334ffe3dd30a80

SHA1
93734476a99d83aaa6f0fe160f79679249cbb8e3

SHA256
c3adf0ab7172181346a2c153a345b1414e27892fa9b5977b33d7e28209904dfe

SHA512
1ec58c93e3e5cda60b8b6974b67f14751dc6b2562005e20635e8a5be091310a6e91aa3f68a83e28cbbc9e807fe43352a9cae45217b77ebd09ba79ce6c6573dd6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
6c77037bbee5d4773537aa22bfb6dea2

SHA1
494d6b3061e263bbad4cb8e9bbf11d53c963244a

SHA256
a637f2b03ae25c3a9e53c005479fb979fb451cf1e5f2cdf45bc594fa22638ca7

SHA512
2380c45d27c5e685583f50b478a25677aad50a3fae3176195267b1a1d857c291d41e1bdbe769822a3d44b851f2fc9b04380121eee954af1260732388a9ce7058

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
be2f224367a8dd658328b832f32675f0

SHA1
cde528e522d43a304cc830eb63ac42614d9fc5a0

SHA256
4a3938d2aa1b68b36d64d9b606fb633cc3c3f7c4c7c62e5d20ce5f3cd9ff00a9

SHA512
8015263a129192281176463ac0f8204033b2b02e74c62c00e94b32ab8e0df09fa4b9317eb86b312d93a089f5daf03e1489e5c2f359f4592ee88242a1d3e28663

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
87677e149f1de7604d43a9621b9335f7

SHA1
4ffcf3754272c8d7358002afa8e870a39c464355

SHA256
8cb85b1dd2ad8af912c6ace3e5e10a07a96f8fcdd23cc0664d63458c27df7d67

SHA512
ccde3889e06ee68bd7a22918ad53501964d1055d4b7ea1368e11d040957a0f379123950d03b21a03c3e7fdf824ccc9b7ecae5c5e81338c42006d48da9499f119

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
196980acb30ef4d481de6757d770e91e

SHA1
25ce42207151c51cffaf766d056a8fb427d4f4fb

SHA256
5c040324fd2d9a694d52849bc57e9749233ea06c9923fba51c5f14593e571eda

SHA512
381cf4755feaf27c51708e14a9ef72f9cf53a999672a1f3172b35ea5269d020b3c96f0d2e2922bbb28bc5d01b5080872a8b8252a3add669e767a01f8f0f72938

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
db4a373f2de7c6d94818fcc1d860378a

SHA1
206c522f369cb71d7c31a40c11568cdf5e0b96de

SHA256
83621a787617c9c9462f050343c0878ea70b1e15e3aceefead45c5026c3089a4

SHA512
04f8633fe24a2d67bbaacb93297d6011c8bea686f354468d67eb1bf9a78d06467ed8b0e72ccdb700eb1c9a949eebf95b971957f903646dba283c0d7bcbd0e2ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
accd793e278463d0fb471a8c882ea87c

SHA1
7e0ff8fd2dbb62f3a1c9b6ec7f2085e09818185c

SHA256
c2fe5b9bda3b08f4f6ebbf83867b45925f9ed0cf7a553bd42bb87ba6f7df18c7

SHA512
8196be53c97a656e1958b106e7e90cf2955fb4df90439153751f2ac5d27155a19549bb87602ee645af84866d395caff160cfa63d412935e949bfbd5a036dd155

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
e85e45a7bd90a3b5c5cd8bd183f892a0

SHA1
50278027c501cc32bdd6b7ac41e9332f99ba4efa

SHA256
183124542f00a7081330b35d102b2f9ec35bdc78be9ccc98a66ac03a8c84f9bc

SHA512
96ec8b7d7651a8c06582eef312e6ba39516234b1f42626ef59c3025b47e365aca3e3833fe0974a4df387ad22dba26b522c7b09c3e6b7c39a173dde6545b028b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
5cef4a81365faf40e5bd299cbdf68888

SHA1
2944f66748616238528d42471e880d45c17d09d8

SHA256
2f0c6597c326ff3584b67d1681ec4cc12240b079fb31beef84451b57e44c9299

SHA512
8da4aa195e206bc04b90fc58406662b27df727f8f632850611a468269583cb318af32e6251595502032f44b4c05336bdc9fe619c71162de67ccd5c8a2cb278d0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
cb2c6ff57ab0f49769e6dd5129167cd4

SHA1
6df346b38a5e15207f768026e3a11bbc66f3782d

SHA256
81ad7a3ec80b489682320c77040446f484448277da16986f12e48c533dad09c4

SHA512
510c7b942edcdd628fee3310ee49c686917ea7a53b1c68634d50d081484f9b05444f901e9e04ed177945bf307e7b2eb049de56f918774546382c6b6f4df5e982

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
10B

MD5
9b3c7082c5045b9f3d55c51062c4438a

SHA1
1b12b65532161f2101cc65935d6f244ad8daac9d

SHA256
4e0e2d35818ffc7902f4c2d1a830a460c222295a880dfed62d63612cd0f6bc96

SHA512
2eeda80b0ac829ceecae0bd1af96e0038d9e181aed406f02195e2dd461675f543f26b709e9e6d7d849ad9dd9d8ab1c6a54b79cbe4fcbc16a303cb1fc08f7b306

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
02f3f26764e33aaadc910bbc1bf9047a

SHA1
564f85ac222a60dd4f0a4ab57aae9a3828d4a2fd

SHA256
aab6a568a776185bcabb15558456b5d839ebf7f6f9185d66987cf2bc9073ccc8

SHA512
949b85951002052d9ea0845999fc322491822ee78fd084e106a1900a96679fbe8495c5fc93f2b3d331bf7a7edb06361f509e1ab0611d58e628b20a1401615b49

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
23ed34e7424d12a295e25a193c81b18c

SHA1
1c2bc3ee79b1ef94af8d9ac1f548f0261b40b4ee

SHA256
8ece4bafc117f3467fdae251a05b9403feb911c5474b3cb6d36bf9018a060054

SHA512
4211b9057c9f64ef68df62a0647f51266378ebc41b55822786598d6bfe4941bcfa515f75b6ee88406d5f72903b9355d9fff3cc8c5b7dc823b8b8f57bcdf87a27

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
30c29c088d1fc5be8c5ee92f3c03f2e0

SHA1
2ede5643f0c8d344592e15f8f84043b15c3c5b65

SHA256
2fdc196373c6e0a125976b1086f31f16a4b689840ddd93c658085769149ed87b

SHA512
d1952a6e25e47002f7bfd95cc766d038c2bf3caa9629791d050c43fc33b9facfdcc4bbc66983771e1f5d46b42df7b83b4fa4d6cc15135527773cde31f89f618e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
8709a4b0e7722c4991e47ddd0d4eec32

SHA1
6c3fdd1ebe8b3522e724d23c9d4ec3c054a578d5

SHA256
6b5b8cf827d36847823a86fa2b685526adc4ae4940a7b960b6e7ae79f7723fdb

SHA512
65e87be8d3563df9975c1eb2b1dda6016fae5ab80488be0a9fb08c7c51c8207e45c8e7712711144dbd452b9802eb03d250795f6429584700c93198442c57b24f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
2990ddc0ffe9571a40be29343cc2ccf2

SHA1
94562c683831eaa0c600bf208f6c5b5bf2743ca5

SHA256
9c80272e27c045bd98fe3fca9029e870ae702e66c0f64f025affa2ff4d8699ab

SHA512
68638ebb72e588bd410ef3f7ea0bf79d56ba6bf9b3b4217be7a78353335c1f5fd4856ea25b9345f1aa2271382963038bcae84cab4a32ac6a8da759a3412fe26f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
db00277cff9ec5eaf91bb8ae90c6167e

SHA1
8376b1f5ff329a400617cd6f934a32adbd0f4aec

SHA256
e806ecb99415da63880fdaf758a3e791d894715e7c8dfb97b0887e3a7d487501

SHA512
19077460f943bda2524f5831d040113af7c36e24f82a4a1734ae78f79f2cc7e6e8a742dca647521429f6354cfa11def43bc9ab844ebb3c4c30da5833076d1786

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
51fc599064c8f155c9fc14fb8a5bc18f

SHA1
0484d4504825b5fc3c5e887990cef81862db2184

SHA256
c1a9db606c499bb405caff1351bc16a62311699342a661e148af1739d390ccd9

SHA512
b0ab22913a0bc603815ca07e9f7e31fa5109e24e2a3a3398952474fc4b12540b49501c6a467f85653dcecf86b4ee9730598d123349d7095e3c258fe093780009

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c9cd39086da163e0e33fe3a4774bedda

SHA1
b4d9a6ad2453592cfac4c9f86ac3325d4d6e9568

SHA256
15e69374154444b28fb4d343c04f4ef0da7e733ecdb71aff829ee3b81ef32910

SHA512
ce978cb93a8d4d87838e17173b8c8aabc4b8015d7a4829ba23dfd748b4c67512f83f0c9f4725acaf544b0d103c304ed28107acc7855effe4b34c81057c9d7792

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
8074aa8c85ac6cd680fd856fb4ad7fe2

SHA1
41de83d52b0dc9ab240c6e2ecf1092b3c4e3ab2c

SHA256
2c6cbe3241adafe6bc9ba6bd1ec9d205066d39f67893050932c529c0146516b9

SHA512
3ef26303972de413ec99f7f88d9d56dcf99e24a3bf28f07bcc13f07a027cf77b7084108b2d678c219d3b376eefb30c9e5bc8808ccd894306a665277fad3ce21a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
65e26494735da0d260bef3392e06c922

SHA1
4cc45ab075bd0c2c583706cdf047e40c2d8262b3

SHA256
04f8a2d2e38fd4ecb6d46e4168d1e2f146c1491bd09c171c41278b1123ce3ba4

SHA512
b0f44f5d00d6771a7bd68f0b4ab75054405f3db566fc3e5ab726530036991a323081fca9f3905ee0c66e2bff6b2ebb1b487273f569fc01d8b2e5f0d0f2f1dc74

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
8359395ee9a081eea62c5bd5a7f37140

SHA1
5a85495272a1f5040076f0eeee1b5544e6128155

SHA256
2ebbc06453fb1e69f07b006e3e66eb118a847e31e86ddb83355786c70b3dfe00

SHA512
2b0ec4d1ba72adfc9ea85ac3d1b5032b882a31f33e25ba41e393efb687b4195cae442152cc0f5788101b26bf446726d6d39e60774b10e0a71742e36fd8f9837b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
1a4a7df9fe04786565ef0864241178a9

SHA1
6615f3cd7839e3bdd0a6299b6345164bbbfb5742

SHA256
b102b884e2d81062d5cf19bdec65e9808e4c0ac18032230a9ca46e0052596433

SHA512
ea461186093bc2fe5cc35929cd7de32debe552cc089edc98c816bf176505d4ac7849b0b402e4d6938398e4f3602d6ccc6767da6ffeadcec269dba4da0245520d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
ce535e2edb5aa0652452d858d84610d9

SHA1
0fd1afa779f02b128623b47c146eadd6ba9d803a

SHA256
9d1189336c22348603585174bff78d8cf8d9cde32c7fdcbf381f533ffbe3a9ef

SHA512
25581a57e5dafc5762bbe55b930e2a1194100e3c6ffc3a4d4aae2600bdf0696d45be0c0e7fa93f18ce3ff3b760cf7f87d4c457b2023b75c45d21982b44954d50

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
184dd6066c7540165ef27750465456db

SHA1
6effc85bc54ee967f243ced78362f3fe9397a30c

SHA256
7f435c384c28830210e520b4de9bd90b6eb2c4eb65c08db69e054947e1f02bd5

SHA512
12eab54c49312ce1bee91c610afe995c6c3844961b435d70f13c04aa10dac4ca295b1a0c191e0783e0af0bbcfd778136202023d393bddd4ebd03ff00709696e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
413a059739f1c16cb752a3b046ab0c7a

SHA1
2fb3ae8a510979dd98771f4265e11cc91e3de9d5

SHA256
ca797e121de987064fb88c39027a168f9b3d12666db81068d2f1452fed15ea20

SHA512
11624961c5d6cca6c434e8f8ca951a41a447f31cac4dc0d6c05ac4ba1b8666506437038fb22b96d9395244ea5fe6c70182b1221088e7a3deb2cbe4d52f783ec0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
1702c1f505e8cad6bbddc182b2be45ee

SHA1
53e2bb1bd5e7f1f74b2185e9eaf945c0afd61897

SHA256
542c72d48aa959d85f2ecf9e55ee61fa72543673906d2bd17308e0f06f1fadc5

SHA512
1c24029be501d02f2bf4ff03c54370082f960ba3b1f4f4c68ec5b6357ac16e264540098b919b0ff330f93e2628f85e7ca181466c87e1b1d4ba36e8f42238acf0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
fb5e59a66670c47c241e03d07d628395

SHA1
1caa9faf8f8861a3e752a497c12ab82d5d64f78f

SHA256
0a87213d8f75d69b06c058fb93825e6e5b7beb582055afdb0fd19d2ab4b910ed

SHA512
ddedfe8f3906c68907857abb779d7e458f57b80ed576285682b010831434b71a5a9bc4ce2c4133db955fa4b81a69979b517b7d5e3f98a18dc9e2a83cae9d9cae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
c44da07abd5219279f719eead34c6f9e

SHA1
916b879a9b4f3ff234cc5d6be8f3edf86d11297c

SHA256
6d24770a22f8cd5ba57bbf863a8a3ac47a2ab2d73f3930116ee498cfe9fdfcb0

SHA512
37c8eb19705b904f1cd498ba7541f7b568e142fc11bb1ba05ab36961cd5e2f2c302781c872d34b41c574a83c59c29d1c5410e915885197944fd46a2643741615

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
5e063f845e08bc8349c2594bc9bb819f

SHA1
57e80776476b55df59276a152bc675e086fe4279

SHA256
09d9124b6d90b99030ac49b64e8ee55714a153cde9772c1581e4c9d18e423364

SHA512
2c06efe98d8c44dc67f6363f7a9eded1cb8c48bf68e426a6abf4c533ea27565a2e9747a9ec191b713b831d17afd154efa0f89e73805b6beac01e82af7dd742c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
68f22279c78d9979d8a2165d938cc141

SHA1
3f8f338d25bd6782d23581bd5cb751612c26c9cb

SHA256
d351474ffba9c9887eecde7711246ce94c3426e8c5a0556442dbdb64676785ad

SHA512
0de15041f28363135dab2f9f57800c094aa7aac6ddd04ed7682a43f4990283b9e73d0c8018f186dab0e80417861d4b958dfc769669daf39a8da9fcd67ba63ab3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
002aa81d6de00a2779270d22f9074698

SHA1
cecb2a499dd618cf34b21af7d7ba93999e78f8d4

SHA256
57a686b7fb02b35634e83fe55436476a25789f9fdc471fd1ebf65ce37aee4b4a

SHA512
d5e72c4a7000eb7a25c347a577566830513a017af8245ea353cee7a7a17743705a41d7eb056a9bcb4a7be446745a6069b922ffea41bd1c185e637fa8c2f173e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
62f65b5a53e943df72918b53d6fcee79

SHA1
5abde25a1aacf93912745e624a0197934e340279

SHA256
bf8fd0332570fdf59dc6c6594fbd4d386bdef71867583771c0ab1a0c8e0d9006

SHA512
684d078c173ab88192a956b1094d02e2c0f27be5bca525a950d688d538b62e7325d16af88204fe71adf0bb37de241427d2ffaf94af5f6c847c76fe6680278cd4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
9f3474bf3f60b022f9178d747bf3907a

SHA1
59d7e35da0aa89e50cb34330e39135c53ad6ba3c

SHA256
888cdb599e8343061b9cbe47bd263e96437931c49c96c890e9825ba301cc70b8

SHA512
0ace64124fc92f3cd9ac686e46a86464a52d6b1d1d8b2d5ab31272781c980662d00a6977bd983e0b1f13a95f135108fada84209617c022f442b27ff0944b9a68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d46c750dfbcf8f52f1bb936f64c4f122

SHA1
a6e357ef19856e6ee2eaa5413dcdb43c67544b3d

SHA256
493516661e0da66e2da1c508e694d2ac49c681e6b2e73cf903d4e2e24365856a

SHA512
0e1d6a018b9a80a483044c0025d01a0756119dd65edd1960772407366227db55770bed133fc56bc394fbe2e35292af51fc899745197ee2480f699598a70bbdea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
1b7ca3d5bbd28c72015586de63538af9

SHA1
d0ecd2af08e5c8f5e5e5c5e6a7adf6d34eaf856c

SHA256
3a377bc5d21293feb28664768af05662eafa6841b339c8cb2eea0db683acf60c

SHA512
33f7d4b2b01348d37ebd6433053aafac305ba280702ae0d2a1ddceec3986b9f8fb4ba6bb8030ef747cf19b7ead7e80745051d14c145c08e79991ce29c0a39c5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
dab73443cfc2686f3a4d87f868fd55cf

SHA1
ac166dda0644a5888f3a9d5bcef51191907b2720

SHA256
8faa18ba593cba0532ad7cb2527b7172a3f037647bf519743aa19369e31f8257

SHA512
0eb14ae452e0c3df483e4f142fb34cba1f16513c9ff43932775c4f12b0ed60c75c8e5f2db9620715979d9d3a07093e11fb7c1b27d4032f87927b0fc77d0b3143

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f23794ec876faf801a4967f49f306eb6

SHA1
3f87f70ce43c042997349562926af2ecc4a7446f

SHA256
d47fb783974234cb60506b99557ac6ef65f6c0d807ac4edd78b7d1bebf5f4065

SHA512
45d91dcb9d2bbf161587601e321d3b9231f1b4f5631cb3be4f39e82b3533254cf80559e0e7eaef2384905b8fb66d70363879812ab881a781450c9aaef2ba7ba7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8bb60d6d2db14d834a64904a3d4cd34b

SHA1
81b71a4330033fbf38d6e63f3cf0e9eb420a4505

SHA256
82cff149da88094f0e3fafa5973691d16caa948fb52e08e548e8b8b1f0562bc4

SHA512
af3c99d0f9455227e7e5686bb2b32d45a86f3c2e419e28d037964834b16c98ab24bcc8efd1f5bd45d31d0573228bf0bb53d85dd05788de60ea9bdfdec18745fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
4fc9c10e8cfa9c796dff8fb37b761865

SHA1
c508d22af8931003fbae9f70d77ee940bf655de8

SHA256
2bd3bc81a5eb9017053b56cd63663f19553aee951592dd5e5ced22b75d04cdc2

SHA512
d6860deddb25e9c19434d000187562616c3b6324e2c83c6ef9ec3cfd2120454a9a85b785d5b0df4e56d3c5492d20063019c37f0713d803ba7ee2217f56f11158

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
6edbbccbe7621e37145da3933d65f585

SHA1
10e6aa098f65f72e40cb5ba060855c28f7f58e28

SHA256
8ef78a1866dbb8a8159748682f1cf537b52992048beeaaf89d6f946b81bdc050

SHA512
009fbd4fbb0011cfe5049c7d17f6eed70340859eb7d77b49f7702913bad2e46fcc84092eb198bb233b93d49fe2c67801c67c1104495d224e21739fbc3ba55e81

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
d9086ba75ec36d79280cab83df7bfa89

SHA1
5af56e42c3dd70debc523c3db3f4bfd1effab72e

SHA256
acbdc8a58c62d90aec0d23216b63cf43b8b0fc6c76f5399103863e2dd6213a0c

SHA512
abfea8d0b5ca3d8cea5c8ca73cb2a5def0eef10bf8b69c16f9009e2a2f7b0bd9e4b6921ef1deba0f149da535e0316166cc40be4a888333fd8c1cc7c887696c58

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
e0db0c7a7c43e75d1874781a3bbb2eaa

SHA1
e635af8b9fbce36c2f17ea346a1446eb3586e0ec

SHA256
eec5091c54012b210fe81ebba1d24b55f326aa307e3a30ace0033ea1f02a6381

SHA512
9acb709ace7f23a3a2633e0ad4f62ec25c0f036fec98c64d787427cbab5039dbc3dd089634f57b24c8c1da66cd577b9e8c5327f034002dbb3ed970ac16feeef9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e2ffd2b8475c3d8fc178e70748a44893

SHA1
b6969936d19a649616ca88fd77e32198edeba9c6

SHA256
03de551519e60d9b88142c2b9ed3eda442c47cf7cfd5a65c78f871f3e14269de

SHA512
75d54cf3685dbe51eec2cdf0cc587efeb965ff5de81bcdbaceee2ea1ff104bcda04982eee6625779dedc568eaa042d0703f5523909ba76bb56c83757e18cdfc5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
80548b3c1f01a4e0c479970db645b925

SHA1
c69226423858a707b39502a8950d5c72da39c2b7

SHA256
b29599713d98bfa686d748859aedb33e78bef22bc178404990ff773d5258bfca

SHA512
9b671acda2aa6380df38d6ee658898351ffbb679a0b8fd833bb810f2c9595d51c9551ece09d1195293263f25a98ebe7e976208db1e05356f95f1411f8ece08ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
f602f50c5f30c03bd0c41120d004b736

SHA1
ab149469a1c4fcbc05f93398112e2d61bc08a5ba

SHA256
af9c9fd025e13540f97bdee37d3450c47fbc7714b0722025ca01fec1d1d187fa

SHA512
f0d74d67cc9a3b7268d6e8b67c8878471341dba97d1245c7febb00c1f2d010df032478a67f88c96811cf00b937234ea2f1f79ee1c7cf072ca2d701469177c941

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
d0b4a76807e5dc614f6546df52919f61

SHA1
f3a403ec8c7cc377ce719ca07f0bfe1fce3df380

SHA256
34386359574725fc1baf1c866829d9a65f68980611c322e703227e9979406db3

SHA512
763b380b8e41e13f0bd3c1b9b9aa797173e32ade20700a84acb0ff043137226c8c703d011eaee522b1406d6d11a72dc66a2bce672b48246a3880e12930993c1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
bbefeed0cf0d292e733792de8cbde72d

SHA1
c376e0cd430462eabdac34147acf9ff7922805c9

SHA256
b7ad086758853fe4468bb9b3620a41dc0cb161a51b10758230abd764d8d29f4b

SHA512
305fec42077a09984b342168c53960e1b10aacd4bcf6649605053511c4c10e829412e595096214c55cf719f5783a3c0662ed405176cede10ac05c0083afe50df

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e4cbc22bd3ce7e0f60cfe5cce273b793

SHA1
723ca87a1543245d6ab11021eb46e0ffc43ceb71

SHA256
5926913848f5651598c9f524d9d9d920e75ab66308b2e8fb00f27618f4ed59ce

SHA512
6f7118f03467c91f6279df09a07f5ed7418e5955a2365acaf4db41a9add20b3ec00a21d4d6aa7bbdc4e5234c9d48e27f3ffc1fe0f8cec1c46817d04dc9f413a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
48962bf57e51dfd5f3e9e383d3799532

SHA1
1082823e2cf5a379a0b7b523376d78ce67873f76

SHA256
e18fba17959851751b7422325de76fca1a8d2525e83baa18b11779d19d64ad75

SHA512
5f414da86a422745c20cd4c86b56f32081829174a34be21a004c9add8b1315236e2f1b40225186a8b7fe9c28accee5e92900bdd64d393afed252158241746e25

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
ab9cf0157a107d3f3776775e0e9e65bd

SHA1
a47640ebd8bfd950835bf9fda26f48d39848cc48

SHA256
7c168edbdc1c46b83bd5f858d20e20cb63af024ab476510bf808764274ce7581

SHA512
fd34a7fed7d69b307ef8d587f1bd4e5cbb16abbf4b8ea6f39c23237e776261de0c3e3e68b5d4b3c70a5bfbfe446d535465bdacfab79dd8ac9d5d9559f6c1ba49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
a8a3ce19eab9ab20a528674470586646

SHA1
a0d198e3c1334bf85067c4a0515eb4f5fe0c4419

SHA256
92775efd83ccb4ae3b31b646bbf4e69fd527ef923e4db6e3e57fc6a1729dd563

SHA512
ba85a328392f469adc20277616e44a8e37c3b61dba6f4e748aaf22ee4b9dbe602a993d2b13dedd397ac0bd87c2c23a5111d63804b82b683a058ac071a7293e67

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
22a6d3bedfcaa73b803d70f00d48ab02

SHA1
f49d55bc9a5e2b37cf8b36d8ce6f7465d5f873fe

SHA256
d9f30ed89795999714f308f8881d94566a992cc7365d46e0fadcb774e605638b

SHA512
3cbda2e81d4033439d228ef239b039503964f0570a182d795658a0018682cc777999c1be6feaf1c836f73f980069fa196f8cea0a79e392adfb85f1f21df4b076

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
884dc68c7250d5ec8dcef57a9c780d15

SHA1
c3f262af398a90668b2345a35b555b253d50363e

SHA256
fb55989e1d1a7f42f37e6f10670040e45982b819c79782d864ca1fbbf3bc0b1d

SHA512
93a707d4d3bcfacff91e33f37df6cfb828bab41fc4b827a36e21423a064e8a79235cae417534e7d0ddd609def86409efda8dcfe9232016214f7be7350c3741a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6ac1a4d0803315ca69979dcc8591e5d6

SHA1
f1b53fc3a46d01ffb5652e374f69aed27f014809

SHA256
a137cac0da044da5d88fe32dd924ac1f47ad0d640149c8ea19f2f6e62b3281d5

SHA512
a762a848c93b2c2a3b90f23a18d8c4cba3a1add78cad164ff057dd4aa73aa232433ebdeef69fcec0d9eb0ff4d750b29147b92a58df008a191ba6364f4aeb8d88

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753844819229.txt

Filesize
77KB

MD5
560b428f0028c696663e3ac434b46c11

SHA1
26b22cfd697059fdc813f1dbe1f20b11b9bd0b61

SHA256
735d6699c1ade074969f9b146883405e8c5a8e8395d10742b9b9915256e3d40d

SHA512
d2bfddcd237384b73139a6de8bd0a006f9ad257b88c39f5767b7e6141da99a27de459fea3da0c629496f9123e0d70be12dc679ef6e936f3de0369bbf2f1e2146

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754404913880.txt

Filesize
47KB

MD5
1f9de2da26c0eac5ceb082b528dbb623

SHA1
f683b509491f273a9768d2a72c93ddcb1d481692

SHA256
90f5d6d97f512613c24d57dd9ebe7bdc23804061bef61f53abdf42f515d79880

SHA512
62ce44cd3bcd98178717d7b58d3519bdbaec4f11865ba9831e8c7d309ac2dfda0f2d06c0f645389a27a85cdbcef4a3e9f4bac835a61e5df5bc81bbf6f6650f5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761474704088.txt

Filesize
63KB

MD5
5cb2469bb96f0f5c9584c18e4f5f168e

SHA1
c48946919cca96c8592bbe59dda3aec9d10686af

SHA256
dc515d5268f356cd9954a0a5d7c8775b96c5edb5138cc1e5dbbac2717918629e

SHA512
cc219b92c617b732164c574ace2620b6b004c6edb2942d893d4d151a053b3f8c6c49d26633ee95e07a6ff854872f3382c882ae25cf5812e1772232ae8a917de0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764101374726.txt

Filesize
74KB

MD5
fb8207c4bc4ed2888f90b0779f92da1d

SHA1
bba909f9efe264783c13ebc64b1a68aa5a311c21

SHA256
d871fe1aa9e05805c32dbdc85abbdb0b37d394f911b4b5b3097ea9267fc8f1d8

SHA512
20539fa6c29424ba6cf6f561989b396ef4b046e7ab5e7d09294815cc9484b17c658ffd78373c99496cb1afa58d3dd6777e501db752dc61ac0f317482427d3710

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
e469cbeffc8b579eb78027cc6ab91116

SHA1
66be3b16d720ed3ae0f2831d92ffdafdabdd04e6

SHA256
f1df443b3f89fc9c9f4e955543b01d677ba1b92d1ec269f3c5dd42e3b9090181

SHA512
be90235daa14af9c6c80f0ae19affc425372351c9cd8faadc1d089b71d6dfc3a7cac19efdc1e33047f2c67cf2db731f2ec7fb8c689e5f793a699f3daff82fdc2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1cfe2093b9bd1dae05f9b51f2cd907ea

SHA1
f9f411d96e1ca9a3dae63fd98a8df3c35c64836e

SHA256
bd9d8419dbc006793ab5fcbc045d996d80e3f66d5c03ef21cc366d19903fe1b7

SHA512
51ab9daa38d55aa756b006406072ce2c5f07acf8983bad1ad2973ded859684b2bd71af50af988eab4e7ff2e17be4052789802888872ea8dbe47799e7b940fb0c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
eb96a1e09da55f28c8a4a75133394e74

SHA1
b0c380e122602fb7d9c92633a24855129758de17

SHA256
28d7d4aa23b2c452c7217f8451b418573ce803208832ae70a23e38b789250ae3

SHA512
c26e2f2f02aa163158252576bafef89ecd0667948b6a2fda9c9f57cf1258255647ab99a4cdce46e89a097a944ddbbfd68df8d24f3633b07cbde773ac3ace51b9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
46aea27d9ad75afa7bf9bb90e0eb47a6

SHA1
5402231c64aa7662efd5be93a4346fb31812a33b

SHA256
43d24803a4512cad8bc34ac0ce86b9e5759ff119ef177d2af4b1fcb870ebf458

SHA512
aa9f24108f7295345d4014e53918a9653eeb4da41d089dbb8c6a522a8a9f9b270440437639e684ed4f858563baa9397dde283510bfdaa6e0b98bfcac13b5057d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
be7d0d74828bae3187027155199a30fb

SHA1
a24447a9aadf3ff6ae6c8308b57d68e548a88620

SHA256
034fb50058a49b77982c5ac9f2cd9f6bbfe760bd74ce0c5f86a76b34449ee2bb

SHA512
513c953f9875eb7f4cac20868faa033436f8afac8afe46a897181a0d77745762d200e9f8dd2b5b3b0d482c4643751888550f84cc51e93f1cfa91bfcfcfe69b79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d461df3b430f1e08b9142c316f9453b4

SHA1
da5b3a26068e5faf0e7be435b12d371afb042563

SHA256
5b923e200bf07c5040e065bd129096844ac60e55e046998b53450417f85e8348

SHA512
5261a1c91482d08ae19884b22ac5441bb4fa54ac9ec7a0e44239862931afc7130042e0e0031df7dc0e941a9a3fa5bf1aadf0c30ba2e7a93868ed33382d51e590

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ecbce2a1906dfbb2ab855be5bad964ff

SHA1
9341619d53c99f265d16509afea46370fb724613

SHA256
0f349f5921f8db8f867d85fa8bbf92f6594c0eab0b50ab2c54c82868b0b515b4

SHA512
756660cd7b5dfff22ca65d77bcbcd15ed79ce75fe24d5efb12f4293b462e0521863ba3ac820e98f4b9129f4dfe3d79fed37cf4a9b680282406be02ef397d200b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6cd5199e0a59ede05bffed012ceba5b1

SHA1
a85a63b98046d0907999a2735228bab49e21b024

SHA256
d2a3907754c72e22e1b27e900cb4cbe47c405d38781e561f7f26d92865950fa8

SHA512
2a6b2648e67a24ee2ad2c0a9f071b460cf3fb9a8705cb64c02f2c1dbe139ae8e5d30b3c290655692bd341cbc697a1dd7a3d4fc3081bb9dfa96e1a3fe67d28027

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
5f37e2a0ef382a83cedb0cf2ad03a91c

SHA1
642fb252678ac77b44b071322069d148c6731d79

SHA256
3200a89d5ba37721850bde7e2bb3073ea9b8bccc80ed0500af25fc7b156933c0

SHA512
f1c9160a1636022a5248b14bc7641ac932266cefd7e4505759a6de177677521d20c0c87550bd707eb806f9420ccbf42e69860c29d4686131ee121ddca03c3aba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5a7854f2b981aef28da5432c8bb6b6b5

SHA1
e0b914ef3a7c55a433e83e64df39dbffcbc2900c

SHA256
8a9f0efd99c587b18097cf40115b8a0d284af97e155d59327a50793ac77b0f26

SHA512
02fdb76bf99ddd4ce5aac21b8b4a20a6d019efd0cdbc1808c09a441f99b81c26dfc3c64099639c4c65ccb79fa38919d439374c9b80b90828ac0a53af1f836dad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2f68b245538184d942e5d99e307d7385

SHA1
d12597d2af73c09a892d3394560087c3b51a198c

SHA256
1a84d36c9794d4010ca8528568314b8152b2b5127995a01f9e65355b896331e9

SHA512
b871a39bc1c9250058a3194933d39faa29f1df770240ed731e0871b3ee9abacfc9d9443c763a0257839c18597fec7c4d8c3e66c63279f855acb839d60aada4d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1084a654b08fe81cd8336a34f3948627

SHA1
db31bde0346f1952678213fe38ca2735f07068bb

SHA256
d6f6cc9cac408ef9ba9188aff917cda40dcfcbd73d9fa1035e8c73f6be5473d4

SHA512
49d7b802042de12fa60c6289db0692f6dc1ffd4d85b5704e316b283fc02b5cc0b70fa804ac88d068b5e6025bbc0bb8666bc62880974ba44109ac31c9ba91700a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
5cbffd8fdb19021cf42ebd09c0cb6f3c

SHA1
b8c50519df8e515afc9fd30cf740509e84edc3e7

SHA256
876adcf9765c933bab9238dff8b118e2d754b51d13732664636a866297af8929

SHA512
e9c9b83e27d3d5923f0ed2796bdc1ff499493aa84fa5b55f099f7227ba0cee7012b449eabdad61d9cb5b46560b0bc87706a36559934f35045ed9bc7af8292d7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
10785d58f2e87df4525de0f6516bb22d

SHA1
4b6a521d46dc611002d7f5dd50bd8a0d4a15dce9

SHA256
56be9e9c4fbeff24d67b1cf6f20bc25c5b63ac51e5d3b1f5878b1476e03c679c

SHA512
cef7f782b000aba9aad3802ef2d3926cf654cd01f87432e2b1fed0653dac734918be2c2cc4a55eb6899af5f20348e8e8d4314ed449a41ab4379fd56475dd585e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
216f608341e2ad9c9a4c783e6131e3fa

SHA1
17de8668f7e78fc55abb48d9138d50e41251fe9d

SHA256
49e3a4391f97a86d153822a66129410041c71223544d7a5adb33813a89b637ca

SHA512
3a01bcf7a83dee94f642a1fcd26856077bc853c12d0306b70f878f78558903c6b2733d0ea1e21a121d93d09d5dd7939a328c130e2197d9becc5ea39746cd4d0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2218e4b58f176b57831aabe465c0132b

SHA1
17e2595ae6efca3a5fdf27bb2aa0f40d7cb3f48b

SHA256
ad77aa3d27c9d97d3b5f6d4a07ecd3ad6b60bc996c02e406d55110973f993174

SHA512
5b525acd8aca5e38bc185de2ae03baed7570cdf25eedc9b6221c6aa0b8959586ec7e4ed471a7b36fa1bfd6cbd31d10fb4fd506c97952f369d9e5813906cb2092

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
89319091f516c670c20f207963bca116

SHA1
bcabf58d641ad746273421c3de0c256e4118d804

SHA256
550b945493cc1bdd4fd56e5cc21fdf85f2b1e72faea6facc068d42d02122009d

SHA512
b9decca02ed404d4acd212d72a2a93901714afcb728f1e61e0a32f271d85d056805c62493306f08c1a7eabd606132b79e20e704b910288ec428c42b2bdb210f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
0f70385fbd2408bd37b4ddd74cb7e83c

SHA1
ec7acf70786723b251f6c8bb82cd5e5fa1269c1b

SHA256
bd1eb1332d9c55cd98f930542dcb5eeb2435c73705d90628e7abd5c3d15da041

SHA512
b386cad3cd5a340e11e23b6f08a3dabc0b6a09e6fe0956de135e47372c62b27ce384f6725c6ce62d26da557dc914a218fbbfecc620fa1b199c4cc2dc097d5d46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
f37f3d38892e9ad7b41139ee44c08ca6

SHA1
dce27d28b05d5b119ab67e57ea26608cc0a321b6

SHA256
47280921dfb7002707030f0c9774354190f77bd32d6ad64775fed1aff0a167e7

SHA512
9776806af47e11f25a66f1b8770bade1ad13ed21e80811deaf8f8b9940fd32b955a5513b60d2cee2df493867c2a35a232936d3f308916f49e9fcc5d98e00cbac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
532ed587db1c4e4f69215e3a300968f3

SHA1
08dc5bbec5cb4bb1230520fcb894b1877683dff4

SHA256
a95ba8c23a0aefae4ff4f86a0a272686de887b380ffed11824518f77621762af

SHA512
184d89fda9f20db6a59d1cff3ec721ee30b3f3bfbc5e74fe4509b7d3a6a435f54383612df63d4363676183b021b21e12f1a9b566e390fc8820932afd812b5ea1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
f7acf11b4aed1f9f64fb98233ef2ab73

SHA1
5b949fb5eacf23311137cdce9ab41d49de89361d

SHA256
45518794ce9dcb7ff2e3e525fa21300245e13c422e216b56dfb05de7efbff502

SHA512
7b4982449e19c4b146e202156666e0bde270a07a25b7b873193589183a160e571f58d0a360b578c2cafb58d731eb122293f530d1e82a2ba3a865d4d9bddc4543

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
86598632789646762a7479d4a8f66d25

SHA1
a317779504c7174a1175bdcc8a6b01877989e37a

SHA256
d5fc4669d728b4ace339235de27cecf15e5969d4f03982c2a6ecb29416025baa

SHA512
8a55858332e367df3a1db7c12c13ddddbe082e38fcd5f1281ea2d7ea669899660543ee7e906b0c24dd364fa34617df04fe505c67f3aaf477cdc9fad67ee19b7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
038f4d74229df2b3beebaadb7d2b33f4

SHA1
745f157be9bf71f25f01183f4aac561e3ca0334c

SHA256
63e158530495c651c6ba40821f14fc21c5b85f92634edc8d96929af25fecfdbd

SHA512
42d3730f1728fe0ca168a8de19a330d157c58c83b518a366e2f687030e57615c387d9237b9ed49945f7eefd09cf92c62447d73ca49566be14d0ae342b49fe964

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
fee21f1fd8d5d29e85ceabb34e05f72f

SHA1
bfabdf33072242fb49eba47cb7dc1a3649f681f2

SHA256
3a66056111a818821b51232c5369b6bd1f52cc842762627c7bd3a768dc4d0fd4

SHA512
60678ccc9f19311f80645d836639b7fb9f9cd69dd1830d155866633d266c8f521dbd05e771bea55c5e37ee73d4eff93856a845aba0c2a2c9c7a5272fa743a9ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
064d5c32cc0d5573e1956290a2932501

SHA1
f12fd6fade89a2dc80a3847882f6761bf57fa4a0

SHA256
505a4e817e1dab1b38a65ecfd2d1d491797f16e6e68470f490e4e28a129162aa

SHA512
2bb6201f75528aa341aa87d5155a054604aca9920582ca9c3fb437d045b32432f4e630e1018e8ed0673b9e589de166dc1c19509cf9af041ce4acf5e92e0f4357

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
c003f639e8234247aacdbfc5535a3d22

SHA1
c9fb38da0af94dbf573c1c666b3f6780df8bebc4

SHA256
576046f1e5f690c775227b96ff44e0a8a40a66991ab667771461d1ca63d91d5b

SHA512
3be850648c5054f22eb9d09c2055c5cc8d372324dd240893aa7871962eb053b597e4e1ae33568a87f23ecf80f08cde90438b1b0af83efecdd71afab325aa52ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e95b9267601f471be3683350e903a667

SHA1
4691cc39e3a58b7e6e11ac6b100ea97c4ff296a2

SHA256
e90c00b75e676d0c06c616b7d776c54d86b2275f2e964dbf227770e8f07c0bc0

SHA512
6f7ea1299d7abaceb7fc19775b3f33ad4a606b59a709c27ff4845bf95a544b5e46bdd0d6b526b137700ca45092ebaba7a36b6e889351ef79340511c647ed7b41

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
07e06e647d49d1bdaba582ca3ded9dd4

SHA1
135307bc66fa33ce4f2840b405cbbeec56da9d90

SHA256
1ede61caec40dba18202d2f06fe07e6f9b9a7e3904284a75b204908f0661d474

SHA512
756d40361603e983d2caaa7e1dffc14a08514a8edc02f7bab0bafff3f7d3ebece0e77ea3d7a6482861d400ab4d73281ca6e6cb350880426d77e06e121b599a79

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
53170c89ab2ae34237b98dc117aa3e34

SHA1
8605fc0e2e375da44bf9beea11325848cd47d8d7

SHA256
2c030a9bd47cdd4970aad071e933039938fe63df4ae0d71240067075ec34d1df

SHA512
12d45fb9122b9a33b82abccfbd4f5141abc7d2185b5adf7873dff7074c07df320eb7c8d834cebed6cefbe3a80d97837593272a39db1a7518c1d3fd2da3ac1560

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
31faaa443d9d69e60a2cdecaaf621e33

SHA1
3295a5000fb0e09ed605b455416776be343663a1

SHA256
73d8e17527a624b649aa429ca6a36b2e4cc92ce2db7685058beb9c8c775c4933

SHA512
162ec844bbd91533f9f8cdfa7d0ad1754d9223cecbae1979e781c13be87fba64ce0c9f3cfac1a47c6717a576b4e7ee21fa58dc415506c580078e1347faaf94ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
89a9ecd0ab6617b74e4e81319acdc6e7

SHA1
ead60a99a4aaa9ce9d1de38c5563c60b564b5fc1

SHA256
94aa6962c205302686c0f0346e28818e6ac54b47c9e7acc5bc90bf0f274cfada

SHA512
e8a0c8b19b2c8d1c33ce294e7ce1ae81b8dd030ded2c3226e07392c2c80cd73da0ef932fe91f4ae560daca0956186a072db3bbc4a35a9f38a5a5736dcaa55a1c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
6737a953f278a41b7198d86a88d0c7b2

SHA1
c33ffc11cddd0176c7fda1646f3b124d8c3dd324

SHA256
7ffad5384404d9c1d6e42981767dacc4d363e683f05fc1066cee39b6e9c9f21e

SHA512
091769cc5185c308d262a96937342e5f4ceab28625e49b56c68880fc2e4becfd979e6e7dd8d8312295b4133394c146f3ce79cb8e659c470993a5a8ed9026edf5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
ef1aa71f392664c140bcc6e7fb00fc67

SHA1
1bc568b8c3ed6a3386e8fb7564d714063ddc2c1a

SHA256
8a3c5932493ae9b1dcb9ec805778d95232a381efaa8e4d5ae0a1ea56ace98e96

SHA512
bf080b40653d217c57359a188a9adec852651f4dda4506493fd1a6a833b75b38ca98171691e21c41fd6c605e70c435428470a23934c02b26d5e0144829498840

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b5e5950dd081a41e26d6e8d5939e9c48

SHA1
9c389c4e62643deb9ef82081552042c836666ed1

SHA256
d5a22148bdc1ee54a8bf682f5321fb4da0295fe6ab92ca456059e4a27abc5e01

SHA512
07bda139171dddb431dce221542429d276416a3133810b7198d1624904364a62053540d366ccb9c5e2be5fae9ed6360bf1755fe6d2a275a126ed9e167fc1da42

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
aa128fc2bd8c827e0587c92300996343

SHA1
e30c84e13cf5f1a9f57ef4ce2f7d0545832ae70a

SHA256
ed9f4e39d88808a61922c6a3aac3da5ec5eff9f6be707e2a61f4a2f4c292c549

SHA512
6c6c6b5ba323f56410b054bd6925c8f69ca563f9310febfb3abe7e8acbbdaecc490d75609022d3bf1c218e3a9f7f1eea4ca99cf924f338c16db376d3e7435823

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
32c63fc7e73a5ceaf9f56716b36efa17

SHA1
a59b9bef3b4427631d363342330e2d6d480c6f02

SHA256
886966087c526d5460944b91e02a7c9c5be9276ddae474935e65a2b178129a10

SHA512
e2800ecaa108525c58af95095d1b39c35f3fd4223bbe4a76cadfb6992711ed8ad7fae373b58f44b338e6c892455dfcee1382463701722efb898dc74114067daf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
558d09b9b39f749eef962b718baf026f

SHA1
3e1710230825c06bb569e787f9922c9cde7a6072

SHA256
ffb4e50baef0c3da9c0e9c63e61fcd2a3095f8f86b2bb90bd298c50886f28431

SHA512
32eeb65176ae739e34ca4b3c8c94f1970bd3612d5aa7c049579b1a1633f33291c1f9faa412e83ac56838d8578dfc48081e5ec37dc1fee2a206e94c1979bacb8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
64c3f72f340a97b7ba3d5231b4b76e0f

SHA1
cae491467c1fdbf04b2591ec5d5f64f4132a2ff8

SHA256
e5db0286f602bad02890df319a0ce25b08ce2cf836c2ca49d6d9517363c652af

SHA512
9655d83841ce2ce6c5b0f0eb0507c451cc177b345826923b51931ab01da775b5f24f1d4c38b7afb7f8d2a33bba6e8a02d40409e6a74e23d253f5eaaf6b3da431

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
a0e177d5a2ff2e4a3e6c77f10121552a

SHA1
b1e145f7e0f8204cb4f2d5802f3bbed3885ff6ca

SHA256
8cdd26a334031befe578aef0f7fde582e60bac5298d40a6e88aba71d46a73edc

SHA512
59a05ce39490a98024742f2c7cd8e83b0a768ec203b9bc7d12111c59e96e6cbe03b6fede60b3a365f82a7236e64417613b7c92391e0b1fbeebdce166a9d7140e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
f53d727b265be6f55ebc54bda838c636

SHA1
34d189a4e2217400ff94d0266f8438c5506b8549

SHA256
e497fb16585d705c46b5ed64c1be21d805cde174e66be816f0b11169ae9b65b0

SHA512
3e0cf8c507a162286c8628ea62faf5a9b9d78c9a85d3f2b47ec115a33030f6dabb621f05812e052f070ba736fe730b7478b8d5f615875a4716f3d68937bf3cda

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cc24ec2a8f6ee2c038fa035df0e0fcac

SHA1
80e978a0fbbc4b4c15bd740b1214a2ca80ca778e

SHA256
13a40807dfa224040c09b69fe2ad1db0fcada49d0d3baf42dfc91db4553cd9ea

SHA512
e20dd7a61b75bf594575ab3c7a64a7677b12968a214c5cc0d7a23b0ad14a213f56fe45d29dba4500a487b509bf5c3a9918c5af1cae7c2f2de5a5e65e7d9dd82b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
53b5b2dcc4cddaf162eed09ff6cf09bc

SHA1
de8a4131c7193eef09b61300137e366ef221b716

SHA256
07db0367eeb86025beadf5f3e2c857a271c9768a17a74990e613db7f81c1982f

SHA512
eea43fad5e4c86b667f1c8ed4f9d35728b8b438b7f160d3986ccb23705bec39130c32d87fc698acbb3eef7b25ca3422f900002ce01d5a5f28686726476d6d453

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
7ab9ec7eb7eb3c26b50f28e4a24f8b64

SHA1
767b3eb7dad7dc952f3b37c6f7d4229f6159bf7c

SHA256
ac5485b1070dbdfbb3041a80b3746af8e3816d48ebae055bc29b4b0bab20b1b2

SHA512
b0fac4ae7be9b7264ba57b2b820b98174a9e1eea8d45cd7d85203467be1e7eaa886012f8643432b35578c1fd556de09f06c8ab79272cb07163b8614016e6f811

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
f57a4910b02b697c1c5ffff59d36ad87

SHA1
57c360d13b620dfeebea515cb13b0b90a29efc43

SHA256
c960c8d34971a572b14cd70eba468544353c5900a67af4cf66c8a887149cb4b5

SHA512
17402c377b73996d8474c9db078b0c6aeda7a095f879e32afb732ebb7de0260280607c7f090d1428e2dceaa5a879c06e62b8b0f39fe6d83d151f54231134504d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
a2affa4dd9d050c9e2eac1d1986617b1

SHA1
5561c0626ff1b2bbd7a0f19e305ab6eb5b29b045

SHA256
1d015a3374fd418ca3c7614c6bb940ad61037d0aaa364989ad5c0fb7598d87d1

SHA512
08ff8eacabffd777a3a6a10e4fd88cb7b327faf4250e926c5dc5bc2a9afee1c70add98f276f22c835602065e39bcfeccc9cf6c1a537c595d46440d31d81d14b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
1039e8253661517207146fcb5cbf5b80

SHA1
b2d81a80edfee37a852e27ca4ad0abbe50920edf

SHA256
c9b4de05d270c7d3c0d1b39779c8704c92e13d29cf50d5d3970cec623143d24d

SHA512
c102276ef8ad3c09a2dd720f27a860ed8ffe9cbdcfb40d5dd03cd8635529bd747017eba594b094c4ec0bdf34fca056c97e11da82e287b21db70fa04ed137ef85

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
49ff08ad9630f7aeb108bca643aa0779

SHA1
6f534521d77a8b3a903dcb76fda531262df1f107

SHA256
07b88e7b65dfa75ab5eabbf526fbf6866187967b60963b10fc96e83a95ddcb47

SHA512
4b6adb452cdb3a396163c0006ec7649ed0553ce5b32719fe3197b77598b572ebbf0cd88e7098bcb38dc8a8a9bb77f9320f75e6f1c09d067a7bf6dca5de4b3a98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
12e39ca32d3fd021bec11bdd4ad0ddd8

SHA1
557dce593c9b2c8b51a92c13d637eb602994875e

SHA256
25be455e989d33c41a67d12dfcdc0a64c7cf581219e8be5b0580c86dc756590d

SHA512
af9383751af0276344b9833e17269a759ea139635ac77c7fda5a6718f1e9b66bb2be4ba18b6887a09329bd8c22ec7950e7b6e65ec3df99eb2403076b208dae2a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

Filesize
1KB

MD5
b844db7883b4d06ecc2790ab956df2ba

SHA1
36beafdc95dc343370d5eb437efe0c9b2c62cc80

SHA256
26d39d1ab21147897dd228caf2f34796c315082905f096ce4169343abbd1daef

SHA512
f886aba61ddd953e8b62eef242f7f869a5c57cb5d762792ed6991e9d5f51d04aa0d43e1b1ef72d3b647ddab7aeeeb1eef0f8ff9549659f77ca0043148ece7c16

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk

Filesize
1KB

MD5
0ac00e988447c091081b49026298b4a7

SHA1
9ea186b3c034d85dbe93b4e3e98f09350e9cdc09

SHA256
a1441dc86edc9811a874f58fbdd901ca3237537ba31869a98ab48e6e2ebd38be

SHA512
cb58622e89670b1bf32491a699061b0553e81f33640a85a5dc97fba1668d3eb9cd82f8f616d525accbc99c4f8eaa59b0204ddd33a16c0daf23ba52eb8d14680f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
4988218e4734a5fc30876c9db097e18b

SHA1
45b9b27e347af5b5e0316cd3793773547b902448

SHA256
148a8ee132c36e75af5cd5ea3c167cd739ebae7ee5e557634f0f178fc30345b3

SHA512
745603d85219be0f106a37c5f25ec785cc4b2eea6b01692853a6b9dc5ea946ecaf9688e7b5a43f37cb2a75eeb2bdbfe766838e01d97180064753d3b6f0d95363

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
7629d106fce9638ea63ce6957f491145

SHA1
8af66448162b73e5180cd8b4ab9e6735e327506f

SHA256
a69af29670e946404ca2ec861dbc39a4566c02311bb4ae8ba17f11bf9a114146

SHA512
d2cb91e23850703efb923e05293861db88a141040fac7163b9617a755eb141da8e952fba0b53c279881ce5d7d10d802272f61ecae5c271d241a0fe82bd4eae57

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
3d1c9946dcee886ac5c46a6d3ea22644

SHA1
e3748766b7c14b58f33cfef62f6e758fcafde2ef

SHA256
61bdb48cfd3cdcd5b7eb4fba94b55fce470f406403bf84740dd09cdb973e32c1

SHA512
9f7dc3a717bb7b187f76fc24f7ed7abb5ed414952e160214ee256fce5347e9932d62a949ab65fc5c96c5cc9eb7cfdb8cb6aaca2aaf16b805222faf1830b71671

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
ca0609f4425b015135b7ee25edbf75e3

SHA1
39425d7517a9b2c95a949a2148e999826860eb39

SHA256
fa2fd0f76f4f81145ccb980c43d4c4338ff38081fd0b6737e5cbdfbe1e9896cc

SHA512
c524a48bd52a038165cdb52d6f4d82240894b8ff2bfc003751ede5956c16b4319fadf300ac362ea2559cace5a694baf2c1dcea25232b98250ad277dd2439bcae

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
c2ec223325ab212a7b2b846122d16a82

SHA1
9408866cfc85f270886f6539f6157ca7c55b1033

SHA256
c5557afdce5aff2d464832e72ec00b6190f86afc40e8ecb62daf0b85656f3795

SHA512
812e1eeb7539297dda45507841a66a1f45477734bab866d8b8776f6a16fb4e4e1c69efea8a2a6f3ca746fa1bb3f60117b9049d988034fdbf44dce9552e212ac4

Download Submit
memory/3556-10849-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-10657-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-6217-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-6221-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-11160-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-11165-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3556-11166-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads