xorist | f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f

Analysis

max time kernel
95s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Size

318KB
MD5

2ee7e57e5a8a6d1924af950af8eb6cd0
SHA1

05d777a1148bc27794aa8380200be257f7f30c12
SHA256

f3299275739be51696747d6dc00495487d5ec6ae3715403d94c0f6d01d200d8f
SHA512

0dec4b6b4b1f98616d2561f39332977e512e3081044007208219d31cdd94259efd7c29be0b63c243dde62be63fc93018ea5785998c9e859a5ea9d4e64aa3884d
SSDEEP

6144:NOJGPwedDE+EcIIUZYBwE57MynHkrAlHKNIBQrtf/EuZtS2Ejga2SWH:NOJaNdDEvIVwEpRHkr8soef/EuZtS2EO

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4452-6465-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-6468-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-10891-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-11008-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-11319-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-11324-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist
behavioral2/memory/4452-11326-0x0000000000400000-0x000000000098B000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_b98e2b928f71a2b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mppblnaadfiilnaa.bmp"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4452-0-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-6465-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-6468-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-10891-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-11008-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-11319-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-11324-0x0000000000400000-0x000000000098B000-memory.dmp	upx
behavioral2/memory/4452-11326-0x0000000000400000-0x000000000098B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\core_icons.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96_altform-lightunplated.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare44x44Logo.scale-200.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\video_offline_demo_page2.jpg	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\Mixer_logo_half-White_RGB.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\cloud_icon.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-100_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-150.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-32_contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-down.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-36_altform-colorize.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\credit-illustration.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-lightunplated.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square310x310Logo.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated_contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-200.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-256.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\SmallTile.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-150.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-200.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-100.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200_contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-u..userpredictionmodel_31bf3856ad364e35_10.0.19041.1_none_42c9bed4b6bd2e16\SBCModel.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bc045463bc0ee8a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Net.Http\82c3e57819b51d2f1356fb07c91dc768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f6652d0ae0453bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_103d7413f2fe0492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_10.0.19041.746_none_5ef1cc16910f181f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_eaime-traceproviders_31bf3856ad364e35_10.0.19041.1_none_a103fd6595542607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-aphostres_31bf3856ad364e35_10.0.19041.1_none_8950b7e527b7b17d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkicon.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cf820f327252ac5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_it-it_ac991dc48f7da1c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netrtwlans.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_424d19777fa7cf0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ctivities.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d2c815be3200cfdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..skmanager.resources_31bf3856ad364e35_10.0.19041.1202_en-us_8094312a5bd679ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-m..imedia-broadcastdvr_31bf3856ad364e35_10.0.19041.746_none_6d6bda420a63ee68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanradiomanager_31bf3856ad364e35_10.0.19041.746_none_1e05069df0a0b9fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shwebsvc_31bf3856ad364e35_10.0.19041.746_none_ee6266809d40fdc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.keydistributionservice.cmdlets_31bf3856ad364e35_10.0.19041.84_none_9dfecb817d61576e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..hlpclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c353171418dee815\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_10.0.19041.1_en-us_86ff07d1f74796b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0dab9281c425d8fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfmkvsrcsnk_31bf3856ad364e35_10.0.19041.207_none_2f6aab86254052e1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\ComputerToastIcon.contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mshidumdf_31bf3856ad364e35_10.0.19041.1_none_f66c6e10108730b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.19041.1_none_8f5ecbcceed0f1b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..mmability.resources_31bf3856ad364e35_10.0.19041.1_es-es_ad8c06f0ce4b1c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..sprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_cac6020c75ccdf74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\HealthSystemToastIcon.contrast-white.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-ui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_caff96b1df49c935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_en-us_611015c30d377e2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b65e99e944619c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-syncsettings.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_dfa657cacce503e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_megasas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c705ef7f26fe9ca0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobenetworklossaversion-main.html	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_d115a8fc33b9432a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_10.0.19041.1_none_ee35eb611ccf40f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.19041.746_none_d27ff5d28ffba55c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Utility.Activities\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speech-shell_31bf3856ad364e35_10.0.19041.264_none_ffe9a2827f7e0375\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wms.dashboard.addintabs_31bf3856ad364e35_10.0.19041.1_none_bbfa3a737efc9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasplap_31bf3856ad364e35_10.0.19041.867_none_fa6fcca80af19c9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ivebackup.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0c60d872f1e4810b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..r-process.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_71534b8b237a64d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1202_none_3d6170bef2b21a0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.906_none_d7310d900b63df71\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_isymwrapper_b03f5f7f11d50a3a_4.0.15805.0_none_ab0e406012c5ce3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsynthnic.resources_31bf3856ad364e35_10.0.19041.1_it-it_8fc1a9a94edec5e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tasks_31bf3856ad364e35_10.0.19041.1_none_3bfa70ebf87c4377\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_10.0.19041.1_de-de_232036f0f7255c29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_de-de_32948cb987c8f5a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_10.0.19041.264_none_33eed25981c6dfd1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_82aa44a90a28a867\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..one-updater-service_31bf3856ad364e35_10.0.19041.906_none_9fd6af8cc4b46e3f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1023_en-us_396b3db5c659bb05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\http_gen.htm	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars36.contrast-white_scale-200.png	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7e43dea81b00614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..nt-v1-api.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_86a2ff2b3472a3b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-imapiv2-base_31bf3856ad364e35_10.0.19041.746_none_ab586504a5d1bf2c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bthmtpenum.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_fbc41e40c93d2041\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_10.0.19041.1_none_5a2930ddc7290f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-switcherdatamodel_31bf3856ad364e35_10.0.19041.746_none_38fc188849f7d1dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DERGDLPLCMSTZSI"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\ = "CRYPTED!"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe,0"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DERGDLPLCMSTZSI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\CrhS61Hgr4mVybv.exe"	2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ee7e57e5a8a6d1924af950af8eb6cd0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
101cc37081714daf22d405541aeff374

SHA1
2578cebcb2440790e87deebd4395f2318feb2fd2

SHA256
cce7ca479c4c850ce4dcfcfa297b4ad5d1bbd04cc431e0da4e9d8ad1cd4babf3

SHA512
e095035cc5ab849ebca9dfa18144071f95d0a5f2aa260388265a9b15b7cc645e178dd78e1d7f93d44030583a408482e8dae96064fdf3f386f763f6eb9fae3748

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
3f57ae9c362264804e453e502593f7a4

SHA1
7ebad898e24a9b16d3a3d70cca626516c44ec282

SHA256
d27c392a1a100f4dc8240c7965545ac854df2435189ebf1c350fd48972e02b72

SHA512
2e42164a7a8ae6899c54a5cbc0a89b0b6ecbf58264ab2b082903ce3d2c9bd9b721b0ea4febd1b5ad3df4372db2adc70fd9204b68d6d7509670a1d37ed51cb198

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
ab9caa7b5fcf21780517c22ba854ddc5

SHA1
355889b52a4007764b2ec09bff70b7a90346b3bb

SHA256
40f7ed0d6d9b97d130994cef433a84014ed68d16f18b0efe851aff9aacbbc6a6

SHA512
9ec7450108c47175b0cec88e2912442ccf1ff348b1fbd5b617338a9bc9b79813f61dad045f64dbdef4c06086e65cb2e71824ec32097932b52d695b61d9127159

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
4d97245ee18fe79dc8f912d60ce9e133

SHA1
fc4418288d06cbe7759fe2522b93847103fc24a2

SHA256
9d6716d22f8db400af8f2d45788986b8ffe51ef22dc818a20eede2757dc9ec8e

SHA512
5284ff74e52548c03c48f910deec5a60c29ed75cfbbc8528d41e7204f0e15786e0419cfe9a22fd7364bfd46cd0855785e5f59667db8fe67e406deee3ebd7ac0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ba504ce257341bfb281ba8a0cd5e7140

SHA1
eebd8c517e9ad930ec2c6715f7291c8851b9d7d3

SHA256
d989a82437c304a71cc20adba3627bb999d10b016223e08af358566763202733

SHA512
1e60d5507f7bfa5f51ccde4c3f5b09a503b69d1b78a363dcdc8411d22db22efee7d5378b22efb47dee828a91d424f5a3336d437eb402a907b3a53e0f1f23ed4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
015d126e10a5716a5dec62c4b2199d95

SHA1
21468ec7e9202b01501cdc19cc85bb7b85eab702

SHA256
cc13682a16e728324614a971b348bce5cc4ca70faeb47f989bd5f295ab8b208f

SHA512
2ad5031379d0b3a680567819e30f10f151a3233248e85896e920c768ba8260f4b75f11c016a1fa8eafe51d086a5868ccd3ddba52e32863dd43a067132edf0179

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
be9f605e391672233f1c4dcc93c673a8

SHA1
46d12349028e1f4a1a82f879274c8d7ae8f74c41

SHA256
d4ea1c5273fd683d9aff1e8826d216d7f52fd5a12446e3676e04ce6bdc63886d

SHA512
bfd289b06011165e11e78c2151e5cf96c0041345fb25716a8174deb53e44bb5a878fa9b26b7c0b3a3deb8ae898f14490e8595f992e2583e2ca471204383c2ef3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
6c3f3e0ced6148c1589909ba577ae8c1

SHA1
7eef056eebab80b58d6344b46c9547cc34b1074d

SHA256
6d90c8f03bcc17f7527c9bfbba8309aa288d38e63f490a434fa9399a5d29a779

SHA512
0c9c6617665a46e737faefd657bcec4e9280d4bb41aa08a329ddfd4d3b2dcab55b195eb97313c7732bc43a07b22811cd2a642ed70df8586b3d9c8c201fb24fab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
67dae5ef1f3bcdb4b350a887723c4d00

SHA1
3ca2fbd8941b00834e03b1c69509252219e2817a

SHA256
19abe963d7225caabaa5b6c8197cacf766563edcc5ac095301842a0ff833b5eb

SHA512
c7d7bf5f3c5ff5c6499b204426cb8ded4cb233bc8174caff72b59944dfd3af4fe9e01d8c7330892f40fbb614bc3c358e65c225cac42852e833dfa0bcef0a7c3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
c6505d6b1b5bbf4b8cbb464d934efbbb

SHA1
62d86568cfb092a717ff2206ce6b9a952f6b0161

SHA256
5591b5f6f57014b6ceea932bdee4d24e0a8d19fd702d659ab59a88c043155c4e

SHA512
52077d8114bb3b7b67f3f7309fc2d798137a18d5939aa8d0908f311d3f7eab9262f4372631694342a768686e9ef06a944ee5fe7e692164d1674c6f02861d9492

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
b849f416869142b59a8f624da871c6d6

SHA1
d0d9884fc7fa2338b323e6c5c3822814d18295a5

SHA256
13bb8226258c9763ed99d5f75b89eca2b59bb418a2202aa855ebd90c43331743

SHA512
6cc1413b14687f46005ecaad84b5a1aaf86db8d05bb9458f5691e934752b919057be2f63eb84ca9e587f31dcc6599c7f07a7d6c117ef84b36d2ee0eae51a3566

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
24cdbb1afa2619b172a1f87fba0dca85

SHA1
b48a882f3cac82efbed493a99593d38e9b0a54d1

SHA256
fc4bfe7082da1bff0f7c71bbd051d283a76c591892a71f455e56488c7f4f84aa

SHA512
5923e5c97f7057370833210a5a577c085d8d860cae7e049ad257b49a3c5401f332a0b80ff23e117c8fb5b1251c1d2403b72b1c340583555c8648bff9f77935b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3376e0fe8fb787f9ed8d70300d8670c4

SHA1
33f9e67bd0000fd5cd5f1a8d406ee5406570508d

SHA256
5dc29f69ac0bc7a766938c6a960704421f0206d76c00d1e402778fb0dd740b92

SHA512
1b62cff2118171eadb32b59df5492faa88027b6b940d7be231e0b682748b4159a1bb36cf3b5068cc821dae98c2fb554111f18e3e33d150fff3a46dee3faa5df5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
2053214523cd4ea1645926f76d5e0b2b

SHA1
b5cae1810b10a2046e7b1aea37bbbc9acdcf42a3

SHA256
74aec655fcdbc3b1c75248240ea56db0b6f02a2e6f98ffbd1c293396251b07c3

SHA512
7de51bfa9ae2332651fd316984ec2811cb350fc9d740b7e7af9e0d48f2ad94ceef835176bfc3bc0931c28615d1f03f20aada9b320fd9d70e7ce191c17fefdf86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
948545b63321c7db46cc14f20f42fb13

SHA1
6b15f0e8c4ffa914c1335b55da35af2eaf66678c

SHA256
f630853b61238486064a1fb30dac6726ca7cdda80f4a86c14350eb0583184703

SHA512
05eb2de93db37c921dd083c38a744e2e429fa0d66ef8027aa66ef51a733f5f182103291b95416f46b1c0d108f6608dac0a6ddfda3ec473ca25a8bb953b539b75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
d27e45cbc92d9b546038fa7990ca77e9

SHA1
f9a6f8f4d574f6855e775059f7e537de2507b8b1

SHA256
e5b80259d1fa02a7b2a5b6847836f9477f445551b772d2e7e22bd7d80db69e63

SHA512
263266b4e85229c75a2c3fdf285b5dcd62c30c3b793cc0a38c1d3af0da13ec87b5dc088a1cf6a66339cb518214868784de31bb209cb49a0f25415c3280a25d3a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
e1e50a622e06228de16a27ecfac298b2

SHA1
8d944dfb12f9ad588aa41949276ce7063338abc6

SHA256
f9fbe9362eca112af47537a9f9ba0599fb70bc074f837a106fc4b48bf3804774

SHA512
13c698d90f43de9e9b6c29960105539a80e02da3aee67dc573beafb47f0a7cf76657e026e2e5ad1b2915d5bff0d5a8e3b38134711a3a59cee4f3eea791bc0fa5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
f213b578cdde18db1edab2570447046a

SHA1
20048c6c7d9853627e263e988c5210a7b0124550

SHA256
0d57f19c2072915f2f4851d480386d0329271ac72e5528ba1eb7c6fd24969815

SHA512
0b7679bd4e710bdbcba182a8044c0c80702cedf12e2694357fe29c7c67e743444aa120775e2be9c2ec496b15ec8b81d044b0cf0c0dd9093e836bbbc4f22a0d5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
d5cb695d795b0fdcf4c787d5886eec22

SHA1
659264d232b50355d95c5a356dcca628b38ad172

SHA256
36035947eef39afda70031d891ae0b05e4f809bf919ea03e67ef50701a5ca6ee

SHA512
c44ad06dc52b26a183ac74ee8184ca0fbf98b8be30a59ce4b059886920c8c97ac3bb712165e008ec30735ffb9c9b38874d440098cf5cf8f09ee8fbd507743835

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
d31f2537f5c6e2b71620cd99069d9621

SHA1
b866780a3ab6cf20b35ab7bc3577f04ab09f4157

SHA256
04ca558ad577ed0a3913069ce9137fe5dee319c34fddcc43f88ff027798b6f3d

SHA512
4a359148cea6e4809dbdd1f203aea98149f7b2c3e4e119b83714eac89049634723196d5401f5883bf7152b658f80175b7cdc9e506f4215be831e214f3db75fe0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
c5b631bfb206061239fbd047382f915f

SHA1
f9d2af3da0e9d635b25326e5e1166dd31cd60009

SHA256
32dceba2565723859ebc79a332b2a55554601af87c31c9e33264250d2c2fe6fd

SHA512
7e64df3a7b9279a3fe7ab8220c4c9d53fda8b4481c01acd1cde8a40b0918ae88a13b7018e222bfa3e6d03811eb317f980e2a618249972e0f38cdbd89f80762aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
71cc2cee7ce967aa92d4b841ec31749f

SHA1
bd59f338901f243e63bd7e8c41b1feb9aa26858b

SHA256
95a47ff435bd33e0a41a6f393fcfb622fbba83aa41dd494abd3632f87de5eec1

SHA512
04a378bb5a508e0ceb3684d4536d5e7398f6fa06d92ccf510289c9e13e480266b62c02755b0180f9f0e0333bd9897853eb4fd22f19db48c810515416aaad9a03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
86ab855748ad99eab27a64f77066f3ad

SHA1
bbc161e2187095309d9f2b79d76c725202b32b7a

SHA256
57df724131e25e89ccdac1a8f33b6e5b0b8a55a656d186efa6753fb84e018581

SHA512
a5b237d2aff5a14c0373ac13b051d89e6b928acc0d6bd28a9b4165c185af7948b688065048fbe4914f671d8dec9e99b9148b27746ee581d69ce9ca8c793022e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
6a593bdca5e4b409f2d4c04b1b305748

SHA1
1da3f64238bfae2cd6c5a84b01f0984e072d7f2a

SHA256
dab302860e057b0c28af19c2c967448bb0507a3481fe1b34d2e3534140502121

SHA512
32ae444599536a8ed0a9684f9ce1d4b693bfbb847f910c7375886cf5b34e84cd1cc335aec597a848020be101ef4a41abfbe0c2aaf998fb8fd0efd934b2b6adb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
8c0fa1b485e7077e789ff7a9ac0e14bd

SHA1
f3aa9ec06ba461798f392a10dd0ad1bc7bb087dd

SHA256
c7ca5dfb4d28bce60e181630614aff38c99e97efa259d2502081d29c453752e5

SHA512
7823ca4335fa3e8a24c8f917188fbbea752ec874718760180cd11e2d388b7e3d52cc277282b249f3319743969b47a4dc27d6f90b393c7f193d1ef632e81be0cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
a4277fa865e5bbf38a4201977c502ef0

SHA1
ddd03429dc27b3c1029dba8dd929968128ace34c

SHA256
ddeb51cdd54b3c653aac3bca27e78a9d0b8f6a4416f2a5500526056a233b4853

SHA512
d249d8b097bf612757e6f4daf3be71a69771af2d85e9a58e93e7a9889c89d79c6acc9e73aa772731b613f25db88c2847102e43b61f1e0a65bebdc53b36123a39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
54c7944408aead9ecfcff770bc9fe257

SHA1
fe8c57d0a56e3ea4a8edc02f9eb17718432b45b7

SHA256
62c05d073f55c3834005e7ccff3b1379ccc92d5f137dcf258fca4d3849473a2b

SHA512
cd6fe1662ac2b217ee4319fdc8ba7dcacb2f6c293ecc589eecbc99525f1a43b0d52dbd16a9a729cbea393dcc6b0c7d865692fa3a91792f31df8585f69ad5112e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
2d6a015060c8192c57d374a12469862f

SHA1
8baa52c780276dcf8d23a2ce53e04652492d40cc

SHA256
744ae7dffefb824b16e9dc38f9aa83a26f5e3364a8d79b9181dfe0456a64caf2

SHA512
8f6698b438ef416c764a9026538a5b12e598e18f6d00d19c8fba0e714bf6395b05d030dedd7c3cdc5c9f003380e24e85dab1065e8251bfbd859d378923721af8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
47d98089cbe5b51bd2322a86667b7e9d

SHA1
595cc36345fa68daca62f5b473587eedc661382d

SHA256
bb07ec10a0f5221e6be26a1a0c98a50499de21e730b32729cd7a93e5ebdf568e

SHA512
57a8c623c47bb99b09c2701df5e8c300e27aee2fdbe5afee63168f27cb45139ad4ccadd0fc50f314d518968e123fd29a87214511a8568a092b78835569d0c67e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
48bc025335a97c69b23a0050e43bd1bd

SHA1
0cea1734577144aded9f51f30ca2e8c584ac18c1

SHA256
e63e17b5fa49c73db9008f79c8c6c05c6c69a6b2048f8308dd3e81bf3c7c2562

SHA512
0cc10cafd421c88b61486e7e73cc339f78d6ac70891bf6999c5de2e97c059b67c1d92f3d1e8cf2e11f9388e5b87c13b4af3c7da8bfb5a3230b46e0e9db2398bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
90cc5dccd80926a04a8e30a9642cd532

SHA1
0cd209bd7f4b5fcc774f19c44817b30fc79f59d8

SHA256
bb3695283deac29181bb44f8f4a1bb7fd3f297a7392b7417d8dd073adaaf1ff4

SHA512
6b4fde72032431f7d0f4c847a9d3895c7fa599d890d0bec702a4834658a2644f41d9a86f4355b5fcffd5f3faf41660aa99c2217fb9c50762e7da1faa0ddb5f5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
df8c6e904dcc12e1b4ea25981a8a656a

SHA1
202c2d70f7d5442ba162cb3faa75080b9da86de1

SHA256
a221ae431757d7a0fe9f5f071cb8072b33c508fcb39496bdcd9feea9e3caed19

SHA512
30a3ebaa0dad478a3279a51f6b451d64a79719e1968c3a6532b104d5adf21a3cabb2765d1c79e6e382be5dd1f98b72a56147113e38be61b1f4e63e725bf8c460

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
7f50b35864acbb4d4cca96ccd4cf7496

SHA1
aab60c98ad4699184247fe9788d2704445664ed6

SHA256
61205cfd8ec2f58ad7888fe6f26c6218f89f3c6b898b0e4fe9ae16ae6f48c668

SHA512
17c77a8c0501a4ad10babe27a544e3945970d91474c5103589c5780ff767ecb607f3d0334e4a45ff60e8ec518b91751418d44ad93ce6d3874b2c326a3e331f74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b2a4f7731527b56350410111a08314ec

SHA1
91aa06703bc2abf84f213deadfb973e71a77ab0d

SHA256
7ebcb6071e1466a9a9e95056a3245b1048d9be95eaf1a9f11e0b87ec3ed37bf4

SHA512
9111ced45a6c4fc9d804e652bf06eb12fbe9b6d78eb95754be5c1343913d45b00d40fca23eb9ca561304c7b305f806882e08d5cdf9412d1ea2b26f51a8cc6e3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
6bd9b4df6fc114a74aedfe27991518c2

SHA1
be7d1af0c9e6ec7044d318db88770ff980f01f4d

SHA256
a68d404f3082289aa8892906cfff2c962dd0361d9b3374a8463d49e1d22635be

SHA512
421317b0dd3a15f1cad8d90cccd4d66b8d8d7aa8ef2500b6ecafc7a3c2f46728c6ee20fb544e4fa2043f2971a750925ded4504da4f8e41b8227088c342528022

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
2e759782a9d0043e1e092715627ef330

SHA1
686749dca12ca2f3f33291ce574354ef11defea4

SHA256
0019d2aac258e2eee82f5563273eac9d228b2f085a4905caadde0b394f27f4e9

SHA512
9269e6c7ccb603f052d9b1931985eeb1de800eeb091f4fb68057be3cfda7adde01724c3f3f4de2950bda40c29e22fadf75b9695f578ea50ca1d1ac2adde27d94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
a03ea0cd1722286a98c9315bed14001f

SHA1
83a7230ddad1fc37c66f8f37bbc955762abf923f

SHA256
51bca6849a472d663dc6090a8dca710c45ba6bfe1d8a5244c3fd8e963d5043ae

SHA512
e973df4292462f8337c38488445bb500d814f7e61d9401139d4a3ca40af8d1cae45405279d61c42b0d27afbda50d7a23a538a4f725d71e7a1701f6da13a8dc9d

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
2468d73c746e4bacfc6c20c20514a87e

SHA1
94bc9f84e0dd727a65bf63737674c076840250df

SHA256
ec160d0a67a429c42ad36dd8ef0eeb32843391a77bf2a108cccaff8d09afe40a

SHA512
0f06d16b16da93f80925d5cf83a4a8b8c5a68d1dc1cde94fc6ecb7865812dab5f3527530941b33e276ab52296c5af07492c7691d1f78e2c98f54250c04e8c255

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
290B

MD5
bb4e8e17325a1c0f310ef380ac2b89d0

SHA1
7337c25f0e89c3c5e55ea233956cb4f81acfa7d3

SHA256
4185f4949bed6a2b059a1d64aec2ca9d87f0ed1bc5c27f94596e3fa449134ffb

SHA512
87fc497a83f42c54236acecd77cbb561bd8cdfbc1beec5e06b6a196519ddec11691af481fd55861499a47e42398775d2a3b04face0333baceb538b11cdabbb06

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
753a19577e04eb7b542ddb8e576d583d

SHA1
a3b264d244124dc3d043c8b5f29409d9451d1c6b

SHA256
68301687b846f845130f11764aa9f358737a53e8c2db6e237e1fb5018a18a90d

SHA512
d51941ca49c615389520a7ff6c8ba7913013990fc6d0a5c20aa0bbfc66ff6d79f0ababb0f603d5f8cadf7b5b3d915d6b1dcfeb782d8b34c66d6ad3422fabae0e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
bf1ce38f66d19864822d5c7e3e52654d

SHA1
eb10905124a805243c49675d5eb474a3c070effa

SHA256
6b0e9704b3805ff5e3bbad96610db461ba4b1d7fe45bf34b40f9458ce97ad552

SHA512
355818a12e09dbbdd0fae5490b5e21fc0d5bfca86f1415c1cfc824fec2b5d32a6e131e4b13e73277ecd30a60929b075a17a573137d63919d0a00d5b2272ab428

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
750fb24fdc188cea600bb2a7568bb518

SHA1
4e4bbec7df3a90e31d387dd599d291b000ad8cb1

SHA256
8c76fab86abc00ed2c2b32984b6e209403fcd996a181cd142656de8aec6fbe41

SHA512
d36a04759e7e10ad8205afd3dde0e83173f2f42f4b8da245b02ab612748f134f9b4c75a3675d4e104ecfa291b6dc337d61feb5258c62a5db0060d2dfbace5fd5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
a73b4d9fea8c0890f355cb4cb6aa0768

SHA1
2df6b32de9d966dd3d429653d84f439cb07a12dd

SHA256
dceeb953143961b3a64cbc7b2fffff60d0d1ed5bf29848f3b46b0db8849380e7

SHA512
59c3057728a47a7d56d0f04c59f829351dd22d11e8eee2bbe19382563acc2a5ebf6923680fdcae0365d6749d4e7e11f9efc4aa09a7e890790f83e4041d14fa2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
a6a8e2129700c67b44c272605ea8f381

SHA1
728f1de9631ad03179baee4a1c88885cd1752eae

SHA256
9e99eb818c1d6bb2989f49a0d5301d1e18bde463b98924941175218eb8c8ddfd

SHA512
e490537b1da3bf14442f43298cfda91987e32fa71b450380b93ebf62d83bcb305ec4b17da890e4e9969a397e89ef48653b01734be414c6d34e4764c65072e252

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
5b23fdbcacdb7c3ddfa6b3a95acfce9e

SHA1
1bdba7cf54f5ba6719d3577b999f8f1e6657b1a9

SHA256
22970515a886b1aa71adb5954576cde5c8fab367f54703c0476a5c2f95a7cd8d

SHA512
12d93026ac697aba58787826b4fc9cc3c668dc75f39c8f9724a78f2288565421e8acad94750a8cb274b76dcf99cd02ed8d352f79014a4aadf1fbdfb22856cb8f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
d94f7cc4ffe157d3325ea2bec7ffd65c

SHA1
943aefea5dfb5f59891d0fb2074ff436e7c21026

SHA256
0bba9236df76b2d85222206149404eae8b7be59cc3a987abb3b4729bf03a4212

SHA512
4ffd3d29b4a766f1a30c7791e5205ad79cb0569d558b0a8eaa5502e5109efa62a8a9ae827dd0da17cf985bfac0f7b7f9f1c9d2462b9c4473530aae39ff44eb57

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
0e0fbd9085754f82357da0909742ca9f

SHA1
a7c73c19343271d2011730daf7fc3889e0eeeaf0

SHA256
6a5ace0e74f1c98769e4aab7771af4d6d14f811ae7c5844f96da43c266f13049

SHA512
a45b1c8b735573d29341c4e7eaeba6ce5cab534e978933453ebe14c1ef3184b1f2cb7b02eb11d879c41348cadbd407396aa9f1a3039119adb8c3160995618357

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
9cb05b0223adf191cebd610000539957

SHA1
c5b38d2af59c7f6e6ad924c14927113b2e4dd575

SHA256
b1c3d1593652997539b11bf29f97c7bf8218ed8cf683ac4310c47e98fce3427f

SHA512
0f5b381adb85dc77f3a4848d153ab2dca6f8f3db3d6abb9853b930eda9e22e5dfb032558481904a2f3f4e667e166b8671a1bded4f516ff3799c12fff17f2702c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
bcb9409f48c104fff7e521851813b249

SHA1
190b7824b366e83751e502f64a4495054cfb65a6

SHA256
2ec63220549e0f8186882321ad2fb0ffc4dd55333ac74594da85684dda6ebc9a

SHA512
3f26915998edbe5e0308fa3919c4eb13fc10c8bdd4c36ec40dc8beb1ca08a1aaf650fdf3e3ae9c4c56c1c87d341a469f8334a17d702bf399e7a77e7bbabf251b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
c312cf892c4cbb3af75aa9e70b61bd8d

SHA1
badb4d2de5f206a7408ee76c3bb64ae81142bb15

SHA256
d9f7ce237ee5dab939a610713b22f9bca63d21a7158d38b3995544f5b6d5e607

SHA512
5e430c0eb11532db91a9b4843f201d7774a411b773ec468158a0e13a3266932542f7b254b2e1127858780485563cc5158d9ea5690617cf35cbe534c6f616cd94

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
e9b88fcbe5d4f137581d0796c3d68452

SHA1
8d51f53c90c5bc198f9600efad57a5b6385dafd9

SHA256
19ba228d1d374597763d2a9340ad97300f79ecd3304e8ae081ec74f51396189c

SHA512
c6c31a4a804e240d34ad5d5dcd30a9c56978b55876a43ab8f47b0532ebfe62fb0394fdf0ee1409594e3ba750be50e9fd9d9ccd912e34f368409ef5855d2a970b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e7e3793de608e0e66926f5d835a22253

SHA1
84405b8f899dadca9659f72a64a3e4b2f83e8788

SHA256
17554d01710b8f898ce0bb5ccc5fbd7e948a57963daa09e5f4fa8245d9aea9d1

SHA512
b0d45ce4fbe8f5f326d884bfa43435a96f1ed836b70fb8e63d10d60a1387bb0265fac0b06cbd1e674c013e8aeab624154982c9da60e52d7922ef299281065ed0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
4bd732d7ee16fc792539995ed0e123e5

SHA1
c932bce1d265529c9c830bdc11c23a4a7db639d2

SHA256
aa4a0b938f477fdb8612bd22a975efdaf40e85da64087f3a1c311eae0913052f

SHA512
a68c03d36d7b1c989747a06b0ba17e7971736926d31eed3004e6176bfdb9df40083f310bcf3a19762bcbfec3f767aabe946d1c7c0b23a73b17c181f181fd3039

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
77eacd268afdafc6fe6ad4a35411602d

SHA1
78c6797c3c8a252611efc4fce2acbd065f8281a7

SHA256
ee4cf8ebe474fc0e4a58896f4f267e35411760cc0d65d2c640a96f3c3adcd5da

SHA512
1d43ca2a4f742e587036e39dacfa0ff473ff8bc2c24bcc0eb0d449d7938318df7e138bf6219fb1913ddb1b36c417d8cd6c8c1490bee4384973dc4c13a4d11dda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
42769800f10bfdd8327a60e38a120029

SHA1
5a942e87348c23643fcb9ddea2fd41220ec15722

SHA256
9055b53f700b9fdc2ce55abc85ab99c489d6378e9183b09dcfdb28f1767eef96

SHA512
99c722ea902acf939fd90ab400744ffe8f5f4c36a385eb8ffae40102ec44928e1a298752a0cf566170b66167dd1108588375acf3d675568283f9daf2c23dc5d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
bac29db4d0eceae36d205aee85269e4d

SHA1
5ac28ba85ef216badb43525918587c2925130d81

SHA256
8dc1f8fed15c562d683cec55ace5e10fc4d91d2d18720a5145c846457e8dc308

SHA512
8e00969e1b462776a849ea8a6f97e36ceba1085269d7b59ce62f491047c5b8478ba9102c11d425a19e9acc72de62d4bbca48f064311c328062969bef649c0a59

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
01235609b5655d44a6d38e051026d110

SHA1
7975f020477abaaa0bcb8bce847ab646fc1834f0

SHA256
dd09445a1fae5681aea3e9a2f80bf093cd0a7855a0aa9d7deaf9af8bc96853fe

SHA512
107e503e245a32b22538db2bb746b8e0474992a2f2c207f19f34a7579114dc115d38a6ac06ed44dfa2e8b0fce4c6aa441be780b19d21f8be70373f228573a60a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
c61683aad90215d37c7fcce222192ffb

SHA1
929dcfc4b7194c1a01507c3ae1e92e60ea276b19

SHA256
f1f82c60eda038f374f1977135db1a5587bf1fe5fea9cc05aedc36960a0d20d5

SHA512
2a736cbaeb7727e17c4ea13d712e1681467a87ae88c0e9593db5e89739676f7a3d51b8997a48d201e166a75ad3bafc4ed881322c9919b1ddf5a093f99e1098d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
d549be2d390196bce9aa2405d0aa219b

SHA1
32eaf2f56b6ce9420ff4e389d473e61861dfdea5

SHA256
5d5a5e9a3c672f7c5e286b5cea00141912c01a011eaf4733b70025bdcbad44aa

SHA512
a8f7a17425ed2932f6b0a727021201abec9b58478013c6ac8cf8d589552c14b551d7da66bdffc793908aa44f05558d37ef1094cc20960d3e220406aa9597e04d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
fbd551e5c53f8bfbca821ab5711d926d

SHA1
6a288f21b0f85d2937328973a93de05c8dbcefa6

SHA256
621002bf416cd196fe93b0f78e1eed0891336f550a70bba126a009216396e364

SHA512
09214630af395fb00bed3151367a381103c24a7218e04786db92713a5924810b763ce93aeb67be8f2e92e4d753da265805bc5d4884afd92c16b98ac753e758ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
c417a9cb776145e5c2913f388fbbaa1a

SHA1
112b13f70624395e78c06f83a9688c3aab25fcff

SHA256
31151adb4246d64f77f75039128e32018c4b09e7a2c11ccac7229f819b3c3f06

SHA512
47bd46f38e72d527047b2e9186557ea311dc8ddd0aaabf0f3264a2d2e67b7f48c6d6e0613166c04ee7527a0547580234ab158039d4a38d0c28b5c149ee0b1086

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
fbc8a60166d2949b6ec32c0700a855c8

SHA1
ed3459c620782c8496ac583bd48cf852b7a329c5

SHA256
3e6e7b51d2d3efdf20fb721a8fc8c52efed105fbacd64323f7311f4732cad343

SHA512
8dde10b6fead7e620b6eee83f8d4aa01c77712aa9ac0f7ba8343a14cde319fdd4d0fb28b3353dbdd7f20086403baa5cc5c15df8657137cee709b3982d9092a66

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d2dd692c89c01f674ad8673a29182199

SHA1
b4744aa79b73d449305b7d38802819497e27d76e

SHA256
ac82b529a67c8f43275e2912f0aaba3fd8bd8cb63cf3644753614565a43929e8

SHA512
c40304c47d33a33a69aa06bbf7aede5d972e258b4c31f77f324e12334e65de27164bbc745e3a049203b4c6af376e68e70aecb09f52c0f44d9504c145eb7c5da4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
b018e87a248d3120a84773039864a824

SHA1
2d2f7c3107e1343c5f8377f2f844d7b8f46be862

SHA256
01e9b5bca2a69eadbdeff44932ee2b121c70a5b8cef1fad1ff3ead33c7dbe9f6

SHA512
b5292de7e3ffe00c462bbd6825b41c556ce55c9cf1cbb2c14196e3235a1688f722298d149aa90acd926f3f18c5fe8e49448ae64bdcdde3065e2a5cf05b01c9ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
0bd33fb1d8c3c747574a37e4e07944b5

SHA1
670c9868b00c48cb5c189a2858c448d8d177087b

SHA256
bc571c6080730c95a1f115fdb954b8a2dd3d3c8c65926a30d071ecb79e17445e

SHA512
8795dcc248086912cfe3f0780f65c63e9ec3e477dd55cda4852182fbb8a6f9e6fb8236443f5ee3d653f7ae49ef1f7da30a3d48a422d22ce79c8d1ce9699b919b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
1a901a92d7a070b7bfafae637d8ea1f9

SHA1
267042247a08f08b1c5262c107c32bb03862582d

SHA256
82b0a8986fc0d2c59ce3bc1ea535d71278f467a7109a84380a8e7d17d858be04

SHA512
b05122e96663a6476f0b31196ed3239f88747beae17b34266a39df183732d791becae0e554baa41881d32f014c496d67056d34fb9ff200db2e545f6059187357

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
eb37943178402512f7b465e2e1a44f86

SHA1
433bdad9c35682dceb4e4fc9a634be83de5e140c

SHA256
cd586388cb420b595ca45e498063d01dde5511da8b556777b64466a0729158a1

SHA512
51dcdd669d5466eb08a543450ef169aa65acbff29f9cc9dfc71c77c664441e2f36b5a09b70d4eb192e57c513d00eed5e5f7759a8c787f7ac7e469014889e1c99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
107be71fb91e32212ec27377004529f5

SHA1
7982a1602bdb657fe9628fb85f2ee059cf6998ea

SHA256
71de3551bffa8df5efa623c56f387034b785c2e3284dbfeb608b5de5e54957bf

SHA512
5275bc1d2390bcf45d9a5a2c274ffd5da3f3b27a44f2bffe82523a973a4189930a9d4f8f9f2a6866d6d89d8e2069db323ff7c1ecfdabb26fdb1fbbfaee1ffb89

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
45cf5a27556e8bc25a81854328901f2b

SHA1
eddc6b8196612116233a79b833772be963295965

SHA256
7793d45e8c0e59069ab5a5a0d537b2b3b24ab57883a66bfde1df0fbee96a8c6a

SHA512
449e848ad3ad663c991cb741c2bb1ed69f79a6254f71a8761dfc1e0b6aacd0c239d0f183e38caed67e599cfdf7a3182d21446b36860cb5ca4cdfbbe8ab039427

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
b7a2ef7d30d7915e385cb51329bc1a31

SHA1
ab4080e3e838e8c0cb94179023c6df0baed62a27

SHA256
0626cfec5b4d00616166456eba08b94ce4153d69200411f1757ab36beef32360

SHA512
2a2719ee7aadb071c2326a474adc4b0d1160b7a97fa960fe3ad8015a403ef5f37c8b5324f01e9877d006b0d8e96596a2582b750637ac22b038dafc2abebe8c56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
2e6091513ad2bab954a7c06e13ececbf

SHA1
238097467f262fd756680933a8d044dc0039ea79

SHA256
66bcf1b4137a0a9ad05fe8bcc4a0c31101eb38aea20313664ed2bae8584aaf31

SHA512
d335ea64a9788d829b9212fd156fb169c9208d32bb0f742f8f843b612cf4d950370dd890d0272304b699f19ba69dbc520e37cedf73e68ea550afb7bdad5529e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
ab045af86906f1b1782a2521eef55c48

SHA1
762d6fcee867f6230151a544e1d8792dfcfb0e7f

SHA256
b5da7923f8553dce40dcfe701ae9fc26d64e091130ab75f37b2b366b55b6d4f4

SHA512
3ab7e6306787a180ab81ea666f6668fb745b1e891408eddb734ce81b1729c9ea8cff1739faae93d1410c8286f927408301c819598a138bc636b54493df276acc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
f40de1c02f31779c73e43301db0a424e

SHA1
12277fb31b788a3030c38fd6246c824d3080bf28

SHA256
468d4da195c29eb021dec906b4886c28a8056384aab50c24a6ad17c4e5c18d08

SHA512
90bba5180bf5a4c0a5ee293c8b12856cde2fd65002fbf16c772502c5e50891a8eaa650da73d315e6c9be3575616681a7dccd4efdbb8e377716f146c546b7d2a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
175a6fb19035b6303d689f2e989bc604

SHA1
ce3156b2db12f8d2537b0e50f501361841c68585

SHA256
73a9251ff3eccd5cd061faf69e11b3fb999b99c3b8844310dd66732b06dd07be

SHA512
1cdbad582a8d05434c5de8264ebe8d4ca713b21fe31c83d8274f98da88f595c613bad8d39d2e50d18b4ea6f2f2566b46413a754596f5e2fe3bde54e3f43a9615

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
c9832728bae1c0a728129639223c97c6

SHA1
6532ec0e30387211767ff2424cf56004221c0c75

SHA256
b8b95f81522db1e194f8673c9d3847cd7d1d2f1c1bf9a6b83c5d8756cefe1bc2

SHA512
e7b109597488e1ed38a5215a96ff02b258d99642b54b07c6ac5e9c42277f04be87b453c3a24b1f41b5b0f07585346768bfcd26cf9900579cecc9784ffc7088c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e1ffdc201f48993e41957bb335e4aa7d

SHA1
d4a082df169a1b77ffa692e8852b5ea37b742b19

SHA256
e8d66c6858cb8ee72836afcd29a8f3823a3cd712d3caa3699e452c57f8bbc9ba

SHA512
ee3dc55e4577a33674afaa6c0f1020953e9c2cd756026a285fa2ad46e4ee6a20710fafb8b9253423264cb86be023e64e127917dc708660ca5585c4c0a6b46291

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
dbcfe345f50b464bf552f2f1bda28cfe

SHA1
4c1ad26da7c00f92be92f393537c1d00f93b6d53

SHA256
31b15bb59dc1bccc02c9194125d05dfee8578e2658aa16f2a56ae723bec07918

SHA512
43d950594e17c9d05f4b58b4017610655ca34e2c230f05be34577f4fd1f5028c9daa6cf35226f85bc039d0e7debaca36e4c5101ede575def2e860e41d757f775

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
96ab32d2e7e9c3c3be1408ec54c9611e

SHA1
2946effa1e31ea0aef966526d74714f14d4549cd

SHA256
111774be5595cd2a05ff5f55bcdb2d0cf4e24973fb82345cb69e7d8bae210b61

SHA512
1dc644735a7487337191a01a6c9f69be9db9e27179e7cbb58b5c6f46c510fe57dcb88cc496e004ccbed13844a80ac9c5587a4d71fc5607a797dba241016cfdad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.EnCiPhErEd

Filesize
2KB

MD5
c46baf797ddc33927f43557cfcb878ee

SHA1
22f54e3202c03344f6b5368ff80c9429316bdc65

SHA256
0b43a0ba9ac8ef0f4f7f5d2c1bfeeaea234b15c22f88e25556bfcdd3ef7af344

SHA512
66d9cbf141bb1541c3f93367910b7f4acbe70c18bef208a7373404755945981f60b0b18b6c9245064c812d5443f5b0fdb40ea5ae30f059c964fab1905605a86b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
7a96138502eb3b72dc4d31d75de9645f

SHA1
78aae60f68f35173b4bbf159f11c01292a68edd3

SHA256
7de486a566570bb742c2ad03d75213c5f116568b0fefa2ea85abe4be5a725cbd

SHA512
db6f934ed8b594026f924f37d57faa25b1c3d803536c8061fa2060a5d7c294c6692b30391b986ffdd5693adcc30bd288a2fa5bf7afe79d557439713405b884fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
8ed6fb0e94f785c00f1ee6f2e9ba3313

SHA1
6c9d2686b52f5572d06a92b50431a1caa289bf98

SHA256
4a81135038e3a3f8f15bb864cadbcf93d5ca0f4c9595cdfc82c6006fb55883fd

SHA512
cfea76918163e08a0d79605f6a2a2248fa0486221fd533bfa678e3e72f304c7371f1948b4929d42783094ef5d7bdd9d4180e168e255eaf659a5417aa61960b1a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
3e4bbd2288b5e70a8a837409c40fea09

SHA1
bcd540eea622dc62fc78c461bf1a53a979ad4777

SHA256
0c2ce866c2ed3bf81d3e3e829722f9d39313dc3bfb1ab8a26bea883db6fc2bce

SHA512
6dbf3af41300e52c004f426c2cd90909e761158bed9c1c3783c8ace544c889c65a91485322700a92834aea414318f2ca6a81b95fabecd9d5f11035c63e862f37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
bd393f819bd839ec9d6510cad1cf3cde

SHA1
8e4280397c4fbe6241c7add78a123acb34f71302

SHA256
e03381a7ce681f6032d3ac0c57924baf216e6273f0979ee0bbd8339132243525

SHA512
b9496e38c14073a2f65d9b5d0f57829346c87f2a6bd272f22dd880d26e8602603287ba9f6373d7b6e0c4f30eb094bbeb80f1eb0d01b682d4d088b9c6ff799a8e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
42d85339ac8148a10234777d32e29885

SHA1
ff2fe58225786a6bbaeeed75895d58e534179cff

SHA256
f53bbec66882f188d833aef48181d58eb9b3900ecf417775ceffe10e5bb9c568

SHA512
1e1c9f6537e1cde106ef6a6e3f53472408472f019b298d1c76824f956d16afa620528eac61692e11c4c18a1c4befa213f8b2a371f80239e439d6ee76e77835a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

Filesize
77KB

MD5
b516c9cf82447d92a2f70b4ebfb3141c

SHA1
7516fc0b69d74df5b5e1643a2ae3cd55bdf9adab

SHA256
d24f8eaf915ba26247587c9d4fccb016ebacfd6b38d5b112dbb7de2e4d1f5db5

SHA512
f26c50b8ac34ad54396132e485fae02402b0fdbc09df1cd6687c08769accf47f888e9edf81ff956c1e4bccd677a7650e15fb9658b9f9da58d122fb39ef417f2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
512c618db8b52888f23bedd0e163e479

SHA1
f8e86e5154788dfea27fee78a20dc166550870be

SHA256
6b8f7957090091c7d610d70930d46f73fca6308669c32162b1b5b9cb30c6e465

SHA512
c99fa434859061020461112e03568c5ae2dfb15e74b08e52e11372807b334de65a90014dea6d3a23d0b284ab6addd32b13c7b7264d7e0ba3b8516cc17809d99a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
504d5be6c2ca582933b7e66b4ca3d001

SHA1
72726a3c1833fce57e42dc5d26dd3d9494a8b712

SHA256
e3a99e4116ef946053eedd426dc7dcd50943c6d4cf3b52b08c1993cb7bb03eb0

SHA512
fbf38ee5e99988dc9a99f4f76228e3be2a3b0f98a91d9894e70882c20cdc4da90405c342317645dbdb31d5ed7ce3fc1352a3b2eb9ea4bb6188b8854f3af9be53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
29fc40a87565ed42dcf3a7873d22c21b

SHA1
e6426bddf006ffb97763511f0040e9a4707c944b

SHA256
e670dd370b7961e36abfb4ca23d02dae1b639d3c1d64b5e57a77e333a682177a

SHA512
93c813f82e04b236c58f0a687530a29d9bb60bbbc9652b2cd6a3af9484b75dbe617cc5c0490427d6feff523e2cee4b923d65e9f8f2cd5092404b765aa40240bb

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
a31ab37a36a8c8c2d5c02aca289640ba

SHA1
77ed23104ebe2a306d97aabb0d7e3d57b7103659

SHA256
1f70e95cf445f681fa76410477e38092a8e8034df1ce6add626750370fc5a42e

SHA512
014f35be97b0abd0fef0d7fede57dd4a9c69961bfce93697da1f12196e3eace3e27a864541319a04c5f6032979dd934f81361bade0effd441c2bfafc8cca0d97

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
95c0771d5c9a85c23b1398baa5f343bc

SHA1
94cf0fb0873998eff0ff6b840a125226a44847a7

SHA256
4710db84c7cd1122937683b543ca2d1e69efaa6aadbec3354117d67183e46d20

SHA512
e1a494cfa3a828fb9d79add5178ac11e2c8544d1f959887e11bbb075b0b26876b6c8d729fadc7bac376a909af0268c81c8a31c96c75d5d326d2a29d75092e20d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
049b3a9bd5252eb759d6c11cdae14a5c

SHA1
248b6cc1487c18779a63c07ce3740ab901904778

SHA256
e3b31d033419dbae20563da8560b2543f7788dad602e471b8981df71b18469cb

SHA512
01dee542cf63eba9b9ade62c933218e0899b690901c57273d75589bf21ed1b374eff58ff45f43461fb55ccdc98f82e5e69db8ffaad8f2e97ec44d737761fb4d4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
60af4693b4b8f801ded0b22aa3748e0f

SHA1
c2b6e78d42b7c9078845dbd5362546b4d18106f3

SHA256
b62551e546384d20f984297b6063cc8551981a77f9f08c5cb4fcaf84b7b312c3

SHA512
07ed0d9b5f2293ba3805da0f560216e0fd843c2074934f967ad6b769ee4acca214377a705eaa35420244a9e08bdb3dd5dd77373f621a96dd8b5693aa099c414e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
0415117e0e4466244af29e4c2390bfe2

SHA1
673b648aa17bc573d29164cdbc05e4d119bc6281

SHA256
e691becd1bce7e7083b931dd2dd72de6373d6fef233c955a31ecce98d5f6dd2c

SHA512
1f2fa425a2aa84fd16063a37325d68f614abd621dd27d5be59a1e42288e74c12aebf28564dbc4701ba84b1fd1aca699e14cdf79778d5572b87af40c028a919b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0dfc6bc681f1db8f4e8bcb646ed5b6c4

SHA1
96430cefb1dfa52db36b314dd14edd4840d92efd

SHA256
c6f707a5b1ea10660b51f4245caa59c2e8f001436ea941c1af286dd09f4f057f

SHA512
55904aafd560166df5277a80f61742d1c1ea33e6a1738402b7cd395cbba714ecbab118fab5c357286b59e17cd84f351040e50148691f1ab386642faf0a1b9f24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
857705bbcdeed32c50bfe1bd4c2cf155

SHA1
e0c05b4018199f052d77244d6c3d45a98d004ecc

SHA256
f85f237c20b73d9abee9f3cea955ac91befd5aad9570253cee0e6d92db00cf0b

SHA512
ed0bf222027639796c0e3f3d110175a68b9239ec480679ec7f0ac21596eb32a2375792bb1e97c10736e924fdfbe204ce53fc71132a1b4d06d6bfb8e57b40ecbe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
e59c19c3c9561589634142353862ffdc

SHA1
e72d2a4dd078cc992f5a2bb906136dbc8fe478b6

SHA256
e5fde3e582dafb08eddd8eb2de7f50b8047ab4f7190d99b04ec47d816bd02de6

SHA512
1e7c9761d1c3599dc0107670c4e576af63dabc925fb3e68a1eca628d3f78104f81b35060af2ed6f2b23e37ee5d504b64d60d58c7dfc5aea45b6f78cfd2bfc44c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
86a1fed106b1f2e34ccbfa8a856fc1b8

SHA1
4c702729693f1027e8b7c9d39d77bc720e00e67d

SHA256
69705338f676e8abcfe4f9b0218b8ce6fdd78333e27781abe5baf5e8a18932fd

SHA512
e31c6fe925e1e673b5028c10c0ce31684ff33983d4c0cee714a25376326588312b4754a24ebd12446f45ba69abd2f2e4e04d4a099601a63cf934e786fcb748c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
dfd843ff5eca2780af082806775c42c7

SHA1
4e50c7487e79ed4a85e182bee334040a8b6e599d

SHA256
efc14be3169701a0b3ba76ca5f70a8ea21535d2426cefd67af4f7ee30d1ebb96

SHA512
fe58ad6b46d30093991abd89185adedecf8f462e732149adea13f8202fbc242aa4d79774ad0d3823dd329e4ab5b12ad91f77b5e2604ace28bb89a5ea41fada03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a48bee5abbb6b421211cdc7e84939772

SHA1
167aa5f06ba76bb8cdbab83a03ae266916589a56

SHA256
f90ac92a953154eb5057ddba841891ad84b991809825362151340d73d412a2d4

SHA512
8a7a7d98b1f5c235adaef3cd730930befae77cd8b7fb66a08cd99345d763c34bcf579238b89f08779651be4ece188bf7bbf10a02e4554619c4c1f1ec112f3461

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5dff297f9b70a4f9dda274ad64de4d32

SHA1
1dc71791a407923c4a6a47d5009e9f7d9f7c44c5

SHA256
a4969174107d18d575bc908446c2df15179daabe8583b592d061c6e702354a16

SHA512
91ebb668a806c69e725e9c2a86cc2e7ed5fd461440e7a8705de8aff0428fdddcee3d2ba1d8f5c9d995cbc8ac8d15b3abc393ffade121f3cab6897b053e308291

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
925f665cec0b819229a5ad996758ce4d

SHA1
db810dbba2b148e7178fe5d584e913b70db4ebee

SHA256
863452fcdd9b6088b8c5bd723cf94e66748d1a7113f0c2304ca2ce8478019460

SHA512
00adfa32328678f4f6cb41948c5269cc82899ba32de3523f1f0af492d91ccab8b99b8447995cd0b56bdfe5c28aea37cb94f53e1e9dc65e1bf93e18b34946baf6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
9414b0b53dabdd736c5069c3a457eab9

SHA1
b45d04c56453ef1df8486e9ca75cb154a6fe722d

SHA256
607581a9393f392b55da8df1fc55f1ec2c27c82a79db68454803604b03049c2e

SHA512
5a5b3e096ef07b318c6dd4c89554f2d2344c6b9da5543c284465b160972291468153c8234e463c7f847d99656ee0b0c78b7eb72277cca551e17ac703308bf478

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
abb312e498a16a3538b18d241d1d8e15

SHA1
b71a8f36372435f589a4128781e089b8a4b57dd5

SHA256
5438c70522cd8befecaf22225d63497274d1812da5d4bc5c1cc9c201caa58069

SHA512
a57e2dddf381c104736e8a4ce8aff0ee250e525c085e18d9619dd4d4b1da7e8e0667a39ab850ac31453adc463f6b162a20530ce269aca5938192dc85ee8d36b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ef775c4895dc1562007ecbdfd2cd6315

SHA1
a85d7b9c88e041c8a96cf63cb7b9b27a30064162

SHA256
b18ed583b33efa2c17fbb8b854b3f2ec5a9433f171f8116cfb66c0b6f6ad3e25

SHA512
5504275602bc229fc96d5105985028472328bddb5c6aa38e245d282d90b2d14c5497ca69fb7e9e3c6cb69219d94d86b1b7f29bda8964ec7bc4016f5534b50ef1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
400cf7d1ae1d86a9dae456f979efba14

SHA1
8413f91b5190585c7aba95b698608576b4b69ba6

SHA256
cb971406619c23d4a79c963c7c69c549317f7cd54e3de4b1d8d5a88346bd34a5

SHA512
a5df4915edfaff45b27650a96c7e6945a7d4c47687a8763892f0dc625cbaa92f05ffd409751854d55f786b20ac7e03ca2a31e78933d4caf89c7f81b5939ea853

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
f87b9a27cb52489038eca0b0bb0fe6c0

SHA1
3f611f349d671270be9612ffbc78baad09db25cb

SHA256
26374217784a32595b4e80fd9bcc433966bfdfb794e3a461b38b10e88d2c8e43

SHA512
a8dd3fefbab6e3d9d259f52a2b0d6928dc91bbe834d9113dec2a15fe1703d069aea2a4d9d066b25eb75ba1bf2ef6d775dfeca804475f76cd3f790d1f650595c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a52365c250eeecc76fe498e41ec5ef0f

SHA1
66b8e6f9328548e191afa75b8e94e884f5d7b8e1

SHA256
25681fd73efa05b0a71fc3be15a821e0c65dc80a9171013d7b1f26254a0ed3fb

SHA512
3fb55056aed16a2a1192208fd29b13cf95ced88c00e544148cd811b7dd89f856edf15c2c95af8a4493099811edc978f1ee0b9cc74d97a7edd034eb68e59ef770

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b507e9fdfdf39a59270f279e0aeb816a

SHA1
f102c7c49f23f2403b4f07574c1752c839147328

SHA256
80a33aa8126a69dc6b175de84939bb4e0d1fdcf79a8122f59df9ddb415ab3384

SHA512
64e341da50d35f10c7f93ccdb8e3c7d092d80b9f8eed83d3f651805c87caab6f924741f2e43cddd733e23451aff0bbb2a53408083ce682cd2853905ce25e2502

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
06ab12a239537bd82957e315624a999a

SHA1
51d2f694261f7bfa68e7f35628727b3bdfe73dac

SHA256
56a74a1452e2221ca445deba76fcdabd8b36a3d3a4c4873f96c0e4b7c53e08c3

SHA512
0def44f20abba4cc9ba68a67e7637889cc6e2b8a79b90469da6c4fef96807cc0bd367057f5655eef12638bf54c30c2021b84988bbda4202eb88ed6ccfca9404e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
6f48028b39a042345823490c4cb97751

SHA1
64bdf5bd2ea1319371d2c2d707fc290dfd026571

SHA256
6aca63441fd8978a2f2ff28a4fdc0aeff6d6815d7015587a47f10eb07cc6f1c7

SHA512
241abb1540fa8df6c3780ef578b0adbcbfbaa8b177ae5c57faefbfae05724ee535c6128b09f9e7611ef5904086e8962fc5913209800541b7696cec1929dee186

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
be263d9b2102f3070ed14b6d66896ce3

SHA1
9be960776b2001ce2d3f7d08cb1cc2d58b21ae7c

SHA256
ba2bb35031b78203e760587285eb35d82fe651dcebbc984cf059fbf74e2641a1

SHA512
b6e082eb43640516d855782ec3e66a5037f865f926d91c72738c64537a27bc2f8e97df4c0c0eb535e7bb756cf79104fbc6644b110cbffddc39d2ca7d584a7bc7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
2e1cf55b210f0be9b9bee079c0b66bd8

SHA1
23ee7b3ae6938752fb4c6fadd518307809b70380

SHA256
7568c5c9f0625550e17b31510f9194f5ad14d976d4417d8eaa0556dec5c2511c

SHA512
91fd46d15318f229e326ed7f951c352e556ad1207580b308cf3771df5940f7511b92d5bf980fb50ae29014189ba173af8804455249ebf34ac17e4fbe60ff8894

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b85942e423e5244abb33c8ff14805b90

SHA1
1a8f7045d7f9d375d85bfed41f7c4b5cead791cd

SHA256
c42a8416fa7eb00a67185f1296a550cdccefbf406ba9282dfa9ecf0cc0c317eb

SHA512
f05aae4d49c99450a4ee751320669766005e92b545072e1a0b0009c433e738e2c98319adcfe1a8ffb2ed612792a843df89eadfc6ebaf6fa5771598dc3c4bc7b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
861b8ecfce182b979cb22ed96cbe1a0b

SHA1
b32e6f80846ebb5f3ade304d43e84c4daaffc006

SHA256
9b76d8399cb05d821a2504d76f087b0ad4d0aa768e34361290bc292a4a2b14bc

SHA512
810a22292170979f3ce12ac4bae0518ba6f061917662341bc4b7c2d798361e69921bfbdd725a560a9b5fd4c82b1cf2f94f61842673baca1d046bf964ba6fe6de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
4757716aa9b3ca87cd873665e847fc47

SHA1
531a59120cbc3166a2834a8792afc5f025edf397

SHA256
bf6bcfb5321905df160b3199960aef235fa90bfe4cb8f87a4ea3ea7890bb5ef0

SHA512
714673baa8c3c68c1ae5029ffac2fae03e5419902551b6e0a479e0329c26854ca1b6019a072faa76a28ab290f895eb0d98b86200f56de6d164b8d2d09c379e9f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
95d6cfce153a17ae5a5ea26351158947

SHA1
e8de7f31bc63ec94c53d7a9c060ec7c1c763b5c1

SHA256
cbf6765087aca2800995d7fd0fcaa7eb6a42c51a94b16972575777178fb0c34d

SHA512
7ec8dfb931cf4e709f3f86020f237401e50d7c0acf18f37a5eb6f7f2d1b49a25b7b31cd1bb85b85793f176f416d32ae37e964949c0a5736f07bbbfdfc8c3e0e3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
7719c95e0e2674f4761f3bdebe26e59c

SHA1
c3db7e022157c689f911b5732e87f5f64e7b177e

SHA256
19b1a353ec94ec798b5d8907160a980c4ac1f102c102d2dd0f2afd8cd7ced8a8

SHA512
79cefaa81c9e647ddde2018d339aa2ead397777c050cf681c7cf4115a4076c6f27547b8daa6169b67bd12642e27b2599ade7ded092aac586af2853e90bb33522

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
c2a8b50a3974f1acb7e1ac14e23cb1a4

SHA1
966a79dc17f4aaebf13936c9ad7f20098ec3516f

SHA256
b834279f6ab41dfe939d6504314d6bd65777ebd4aaa985ff7ed881cb67317fc6

SHA512
8f1af7dfd1a8d6694e2cf946bc6781da72ce35a8ed47bfbfc2a8989a75c5094cf7d6cd6d07657d15e92329b07f515ab2f0514b18425511d25ad497f6af406a80

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
9d2b818b072e1e41d9151b6ba338b56b

SHA1
03a207ea104fd7ba0e91e86684106cc0453365e5

SHA256
5af7cde37d06f6b16fe27d1f5c84c8960c08f3e87f82e7a18ba6af8a05202656

SHA512
867ad111a8611bf6f5f8e90022f0e40d238ca9117c263c0e30a5160c033b86b8e6ddd61ec61319ab50b154638762b8c941b6685a66497aa542f49478ddb9035a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
8e563aaa159a52aecc16a5b846a9b329

SHA1
870baad9815394beaefb9b3f8387893faea56f55

SHA256
97ea961a51c218e9f5ecd5d2fe97b46cf0945897526e37e48184bd9e6cf57fa2

SHA512
0c18cf7196f3b3c07c5381d843134f5d673345843b6d233fe78ca5cf8bf17fb8514aabb5cfa7dfc282363b2cd67aa7644d35b612bb31b45c7cbe4c9059e81462

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
208440d01259dc71df2ef02b5432e23c

SHA1
991407d557da4315b5b39b9e5ae2b136e9521be8

SHA256
bffa8f11067888376947ae6242d50c6b2e8c0471c5831ad4d5bb6a4c75d36707

SHA512
2943acc381c9b14f3146476c15f67f204e73210ccad5624fb69929c5b11a6e4dc8d7abdc3aa247f32badf3e1259698c3d256bea6e0ae00bc31a3cdcca68ee26a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
5694a3654d0359bbb3c505fdfbcc7eec

SHA1
487d66d03acb0630fcc95c1a7b5abf2407515a4d

SHA256
9b32286868161df22b418b7c153ea0b3869684661827743ca0c90a3ee98be236

SHA512
125b16cd55885a1f967bbaf600a2efa4704c6b593476228b98519b15872bfd1d3e62f3fa34050357573851a886fa97a14f2f05f3d82abfc0769721cbae4163a8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
07102701d05951b82e148179ba54dcd4

SHA1
ea397902f07cf74ce4e10fea7cc4ef06b5078888

SHA256
f262acef0573311ac2d8cce977760943c6db0684f903344ce2429726d601f01a

SHA512
08cbb5947c29e6b8d43677302f426eed438093c1b3124aefced39dc7a84dd04abe289fbf67736e2a4d7e95c1fa6eb9370faa9d2f4ca740fb8f37297d5e5bdc1a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
07f725ff68941772dc7719142fe32311

SHA1
23dd7add1c2c5cd423080dfa433952b311f93668

SHA256
ef3bd1503863e4f9ec8a4caf4ce526b410cb7479a2676844c79d7dbe850a4ecc

SHA512
0b278c1f0c72efc9dbd47525ce5ed627d875984737191cadaf9e8fa16b92e65d55af702f41b085e58ed3c88ad6a163f762d1ec98331e3e78ce05daa910a1f019

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
0b7a16a5076a7e2b861d5810c154fa1b

SHA1
2f2b65947009ebac8cc58be5e4e5b8778183fc77

SHA256
5aeee6c8830f95125d225bc91b53385484b26012cd5d66bcb1a8da777b09eb4d

SHA512
7366168cc3a94304b3817c7237b77181c48d293ef7bdbaf8b7599e9e463b873dbb2378da899d1f41695cdf21b6cc48308310bdd1e0732416936c89648115b99f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
1711de656de7c522e68deec38cc80cf3

SHA1
0a83c3532ae690bbeda20f2f9f6c2760b1db8924

SHA256
7d523bde63a77552f4cba662beecf5cbf29bce591497df3d1f1c04de39d6ce5f

SHA512
c712f7f6bce7ee2352fd8e104276d5db83a4cf4e1d495351361409d5ee06f3bf31ec7bc486bd27bd22ef6e53a8df7865877f8bcd8ee72abd6bcd4c420c96169f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
1a33e42f9d26e2c8c7cefc4e3f5d4d04

SHA1
bb467a13078135e63179c551d9134b5145e4a824

SHA256
9f881334d835678509473dcec42c49c4287ecaca1d8b0ad0c5a9742a5929b028

SHA512
450089f5d4538427a29193d0effed983b46999d6b6a97f8fd8d3a059e0cd4afcb64aeba5e2862721ba6d1b42e17ed7de4a19daa8461195dd124c8b8268f5e88d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
6225dba43010f0a566b91c6a9f7a9106

SHA1
517aaa8e0eaefda9e4e8779404c5d06572439a76

SHA256
2d11d311f121908fac6752cd7cb2cc92f88b3365466d6ae343467d94c414c333

SHA512
329cc3200ed0e41cb5d79e3577eb6e040aee942182f88775f2c9c4233bc63ffd2544c5bd49235eb2c6c63e09b16b8e6df85b1787462437336acf873932f0409e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
5a9d471527ed3d06e6053055f1e3e05b

SHA1
973ed65cccd4e46e9f62776da5149817975b2f17

SHA256
8b38f84d71e72fc8a3772f6bc60d61be7d53f3379f5f4c76f5863cabffb12f73

SHA512
dc2701edd8f72bec4e022ca898444948512f641107b603faf256ab5fcc6489d6fbae6f1148383067f0e47ad3b9a0a809f5c85311cc70155c7960fc2454324b25

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
4879422b744ee9b7622abd82a268ac8f

SHA1
1189f1738875f47cca4e2a8b10742cd83641b74c

SHA256
9981a40f9afc39945aaeebf42ffcd513d8c6898b5da67e28b96305c3f98ca9d2

SHA512
93908e16d58c7c9695cace32b157c4a936493fe93282c6c31d6be13608d6a636dc02cac38fa4057e18e9beecf60a327c287bcefa6f80be192c01736a8f830afe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
b6fe1e1b9ccffe7efc6c6b0fb1ae72cc

SHA1
9e7f93980c1d75782b91782a08bcd0dd26110a79

SHA256
544754878a82cca813e977ebb8317be8a7850c0a6be21af8a70e5fcec565987e

SHA512
0ce333400554ed319b1674ba998cad1b6805cd0fd72a01e5e7186feae12d12dd681c51ff7cab62c6abc7034217d38ed8a87bd3928d5d1a2ebb0fd719f6ac5c78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
419037c78c566236f822c3a6dc153011

SHA1
f0e1615db57abc6d3c2e79550fc8a90dec78df30

SHA256
90bc89bad46538f9d5166ca20ec25e9db9dbf8773a157925da9b5d72a734d595

SHA512
53a447cb430d8f09a9fc9862315dcb9729eb3fe617eccf55c8b4437e7904669a04b23e8b80b7c9984a1926a20d109b8f2827dded74fd2d1801a6f24139490465

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
69b0d991045d7f0471d3ae4ea0c54ce8

SHA1
f66be3a728c512921871c9822e8dddd5f69fa4aa

SHA256
79c15b6d8262db6a3844e4a83253432a00b7e270bd78402d8d82f42ac001be04

SHA512
58fc6f9c7d1154cbc44bcab097547628c89d1c6ae9057687ba194ce190d4c82bc5d5c94b48b3fdbc8df2939a5327b8e3903b9de275c0a1ffeb055129692bd139

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b94b8e82afc02710193bba2d28df8213

SHA1
099f00fed5db48e7947af69c0f737e76402128d6

SHA256
97ae66cc9ffca1932446c2015b8739c16ca93c13eae1db86c53aa6ef6338305d

SHA512
1d58250a9baa8f7480c1f4beab450b0645b3276ab996191731a43ec78040a81e35a6bb0036002091de8286ca124507e9883cedac49beb7b6b57b19308b89fb70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b3525dc207fccb46a9af764c0f9d9e21

SHA1
121902bb14217c126fa7f89765b957345a1292f0

SHA256
d36264df58f52f079024a0490a3a0ebe64735abfbca03a83a8bf426a8de14859

SHA512
64156372da8fae61294a533d23b2d679e9b1555897fc4c9cc397301051060254763df59153cb222bcd2391722a5060f5426899f00cb59a07d864d6f3728f8515

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
ca773c2ae33f1ce3611920c8f8349233

SHA1
131a1300a607ae1ae3ffdf02edda763a983f6c8c

SHA256
58e0506630e660c27b52a858e0e38d3598f83b3a28f8df78cec88b7b00ba49b1

SHA512
785882936c584cc07b58cc6a04e0f4bd8d57af43a5a677abaa27284a0d385dbe7f0900d70b12ce815114572906526de15fe81879ee4776d3a583b3abba3e73c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
2c875511b9879be9ae246d496391761b

SHA1
5b20c0d4a41822073274bc1e8d5464b49fcf98ae

SHA256
29d1cb2175ebef6177d9025a7ff84d8e72e58b3310fa68d483e58e40499b220c

SHA512
f9f5b150202831377cda2887cdc0fdaa666d991d568fc01a5b26d55b597295eb232863c947b415fff6699d8acaee0bc657585bb90ad508d5359d6a708dbdebfc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
3e67f37cd5ce5c88122999a12da73144

SHA1
bbbcc090d5ae13020d6e32eb27b5a8a7635d27be

SHA256
3e33d1cbefb50ac454e3c1317d46b9d93023bd665f22968c8d54d7e651d0805a

SHA512
08b48f78e1bf85b0e5e2e88a61496c00582a8d1fb8c78373084070be41336c93e70fb2e34f513506c18fb23d045b00e4ded975c7e34483df9551b8ee899520c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c54afecdbd85c3ed328d6fdc8be79112

SHA1
695fc1811f7a659615872445dc8c02917bf67ea0

SHA256
f55b186bf49f0b0a74bf102d121390071da5f3ae91face2f93e5d47d6799cd0d

SHA512
0ae9098ba264a3ac232356d82414af9ac422171cc46e359501725fede6f1545824009ff9f6bf478b83bd9e9d5856f4e92ee57e3ba8cf059d3b68240e54cd6774

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
f20ec9eca0fe2b970ef0f0149481b6c8

SHA1
f17933244976e9bcf9630f3738b2317447f53272

SHA256
93231c43d3b02dc878508ecf835a072e31792f3061c3942ab5101d3e121fc9b4

SHA512
7441672971f9dd6bc2508463db913c102105d35df2a325ee0c6f25ab3cca2bcd16d24d438d5e4e806eb9ad24f100129c4252b680699d5b5e3286ed7a53b706ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
8e8527f8315f98460c04cd0ec7ee8c5d

SHA1
6eab285c992967c02508c27aafb3d2ca46b8ee54

SHA256
35846a3e50dea5f2dd4f5bf57ef4d04e1071015263a48b377a5df1207536787b

SHA512
9ee2ae01d40ba11828592ed8770e8ddd9d6b66ecec36a5834edac75629f1fa3d969d734dea4027cc50c24a33b00f7efce7bb9a67b00e35a9c49b7b6d541b9a87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
f7abd19c974e72d8b1ea1d2c4ad9761f

SHA1
4c5ced368bfed396ff7bf62efece82e4fef66bf6

SHA256
c81306405d27f0b8a2045d216b6db077c7ca291b2f3494140c12e4fd3a2f64d6

SHA512
2690fc2c9653cd2d8db4fb489de23e1446ddb9e936717d71c65b82bb708223516001baf30c98885f0c5636bdb7f13229b6fb5402bf2285b8c417f11cdbd40a1b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
5c35c22b514d4924420b9067b6b164a1

SHA1
a775421e9abcfb95550d0efed2d8697de816bc44

SHA256
34b3afb74b01e413e61596ba8dc24e05af2964bff16b11c649d65089fa1c80f7

SHA512
6961106b8ea7abc4d06094eccbf7b76ffb8afce886ba435cb59f72f167d42db0202d95ae9eb565a55d7882caa597f41bf4d5fd16ec65545e80bece1d7e9b0189

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
73094494e1b42c5665bffc65f9ab109b

SHA1
bd9dab16c5a5fa05035899719434a7f901d784fa

SHA256
d7f45360744903b0d10ca05ce30e91e734ff0de9b651528b3fdc35ed1cc434a5

SHA512
76a6df2c610e6bcad923318f794dc81e2fc51735ff92f47920ee7dbbfc81a67d22d48e7805a538ec0987e4afe8c79ff58bfbc3a89aa032f7db271b5c702b6a4c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
033670f6acd536abbcb571077fb04953

SHA1
10d36b56ba210c6e9940f3ddb8536a9e0bab39a0

SHA256
727944f9522e9e97e8fd61726bd7b06787da2933271b14b66b267266ac9741f0

SHA512
766fd820e27f8b144a6b85b84ed061ccb031b091fe93ce1c7d3f7e582985fd4bf32afc53c8693e57110aa60229119a5dd4270a7306b6d7f515103e1a465fa1e0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
cf2568bb33fd28afef28b70f4042a3f4

SHA1
4084b60ae97fd60ada993fc0e6dc4e1c2378d2d1

SHA256
88ecb7e2e5a6355b45b31fbe68a904ec79d86f756915de650a68f75d5d022e51

SHA512
9c567cfca9887ad2d3e0b2b2c9f2b782db535229e4c76e80b0507bae0487fff280bcb8079e54a437234fb1c7627e8f5d9168fdf022339a36aa199d63ecbef0e5

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
edcecb7f4177337ad8055a95de183c5c

SHA1
1984a17f905ef1079182ac837110a6d6c04ba147

SHA256
2d7beace4278da912235e8332253cd24d1acb6e123c46101a668c9373ac728d6

SHA512
844b80cda608b0b68ecd36bff27bf2cd665013b7c0de07abad6eebf5b84a97fd02dc58e798d5ae0bb4e1d6a4bcc1fd63e7d906ebf55938ddf5d6bbe3d46fcaf5

Download Submit
memory/4452-0-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-6465-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-10891-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-11008-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-6468-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-11319-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-11324-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download
memory/4452-11326-0x0000000000400000-0x000000000098B000-memory.dmp

Filesize
5.5MB

Download