xorist | 917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Size

18KB
MD5

3463f7ea4c81675aa0c3e61e72ec5288
SHA1

d44431137e8e508860df91e964c4ddc0ba6e2658
SHA256

917d5f2567bf5f1bacf27d88fdf66b147fd2e5c8eac501d8585bcd8b6809ae19
SHA512

7788a94e3b3147f3c302225e808aabc1871e980ae674f6607f4899481fd4a5b4da66fdda10d3de69a148c4918c46000e6c21e862430fba198376157c47798307
SSDEEP

384:xprr1gkDCgSn4sbFQ2qZRFxQYzubaQxd/UGW6keK0WLNB:rrVDC/iRrQau9K7

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 6 IoCs

Processes:

resource	yara_rule
behavioral2/memory/872-7124-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/872-7130-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/872-10866-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/872-11251-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/872-11292-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/872-11298-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pbeggjmoobeegjlo.bmp"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/872-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-7124-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-7130-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-10866-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-11251-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-11292-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/872-11298-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125_contrast-black.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-125.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\32.jpg	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-180.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-72.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\82.jpg	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-72.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-logo-40.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Snooze.scale-80.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-40.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\accessibility_keyboard_arrows.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalStoreLogo.scale-125.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-125_contrast-black.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-300.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-125.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\166.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\YellowAbstractNote.scale-200.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_edge_permissions.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\iheart-radio.scale-100.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\GetHelpOffline2.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_altform-unplated.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-125.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\SmallTile.scale-200.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-40_altform-unplated.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Content\SaturationGradient.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-fullcolor.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\v4.0_3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..nextensions-desktop_31bf3856ad364e35_10.0.19041.1052_none_d591ed56c6ab6093\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wow64-legacy_31bf3856ad364e35_10.0.19041.1023_none_6aeab5d4bd0371a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.117_en-us_1b3572f483fa94f6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_10.0.19041.1266_none_1aaa6e59bbc0f13b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-vidproc_31bf3856ad364e35_10.0.19041.1_none_89ae850c4a540437\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_it-it_577ffd5619b6caf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..onfidence.resources_31bf3856ad364e35_10.0.19041.1_es-es_109d94d71a64049f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_3c045b5253f885ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..cachingbasebinaries_31bf3856ad364e35_10.0.19041.1_none_00477c4c5bec215d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..remote-provider-dll_31bf3856ad364e35_10.0.19041.1_none_01f677b98674e6f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bootux.deployment_31bf3856ad364e35_10.0.19041.1_none_f4025a506f9e9f01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_10.0.19041.1_es-es_af90d642ed6b736b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_c2136dc8e6a2aa22\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\forceStorageCapState.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_d93ee361fbbc8f0a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-30_altform-unplated_contrast-white.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-installer-wercallbacks_31bf3856ad364e35_10.0.19041.1_none_abb87404a97c8365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hostguard..t-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b809fd845d97c01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_es-es_2d6bea4400ef996a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msmq-runtime-core_31bf3856ad364e35_10.0.19041.1_none_0b5286455860a946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..tymitigationsbroker_31bf3856ad364e35_10.0.19041.1_none_aa8d5dc2891e1216\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-300.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..cemanagement-dmcsps_31bf3856ad364e35_10.0.19041.423_none_57997e21a0e0b67b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73e85422933e8c6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Wide310x150Logo.contrast-white_scale-100.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_it-it_c4a000dbff545745\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\Assets\SquareTile150x150.scale-100.png	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicepairingdll_31bf3856ad364e35_10.0.19041.746_none_4bfc8b1a61df97f9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_es-es_005f51d360ae9f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.dtc.power...non_msil.resources_31bf3856ad364e35_10.0.19041.1_it-it_40c042fc14fa32b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d0c1549546b1c2f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0baf56f6f50d18e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.packagema..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_f65a912e8f0c345f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.Resources\2.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmchipset.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1191b113cbbf70fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_10.0.19041.546_none_77f06efe5fb68b86\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..derninjectionbroker_31bf3856ad364e35_10.0.19041.746_none_2869efb22a95e6d4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_hr-hr_0e05abbb958aae06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_90676172b39d3cc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..anup-task.resources_31bf3856ad364e35_10.0.19041.1_de-de_6f69dadb8c567ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..mmoncommonproxystub_31bf3856ad364e35_10.0.19041.546_none_4b068094b04e0329\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_prnms003.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b244ecffb8a0e9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_60bd0d662573a530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_i2c_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0aff3d9279d9e5ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..tx-xinput.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8aefe84b223b04e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-sysprep_31bf3856ad364e35_10.0.19041.746_none_48aee8a27e24b59f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_es-es_d2152ba9c199544c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..lperclass.resources_31bf3856ad364e35_10.0.19041.1_de-de_3bd739481dfd46cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_5d8c50ee94ff78dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.Management.AutopilotResources\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_11.0.19041.746_none_b2c9d4a6b8a162fa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_7ab11546ceb3decd\HelpIcon_solid.gif	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_336ef53c1e3fed6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Management.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d5cc44f8ebf9a0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Apps\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_54fc031bd6317175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\ = "CRYPTED!"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LBXGYCLFZCAEXPG"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe,0"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LBXGYCLFZCAEXPG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\L1o9m7si2knIS4b.exe"	3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3463f7ea4c81675aa0c3e61e72ec5288_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
0dd43beabe10fcd2454f36c326bbfb46

SHA1
0c344b3bc322f89b5c70b75b72a0f7fa8c7c5787

SHA256
02f3dc703d910f1139ce97d10994349d93441873299bf68cf75187fe964c4a99

SHA512
9413db59ca9aaf0607e863074eabefa85179b7bb53bed5c12b6f6ce40c13de7bad0d5ebed7b8c52b2fb4b3cfc1057dbbef440182f12128ca64fb96f3b6db626e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
a93c04ff078e6b89effd4c6b514ed825

SHA1
617dd05d5a0f0542d73bd766db8f7eb13c927915

SHA256
9e0a420bd50cabe6dc346b35912f33b05ea305d0ddd98ef763754105827f8343

SHA512
891b6b9d0ed751dfbaf77d7e5653c972e04835d5bd5c9a1a0d8f82a0bdd049c25e28c5e4e635117d79bb96a4e5c86663a5187cd708a48d0e655e0f9242b06819

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
4e02b5af4993250e64bf1a2f71358590

SHA1
92e31a940c19a7207503b210883e433d4a8a5b86

SHA256
8894aed44655190415711e34ba7cc126d97304ef9d2dcef297fa39d0b82abd91

SHA512
a7c3b6ae89efd1c227d3b5110214ea751e58d59f6e39f11276f9a8de1a7d54847f90cb314da290f183157dfb59f02a622c431c3d4588c4f6f6b180e2802bb917

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
8d0f1da0c44bc9fcb20d649a857f4f04

SHA1
e411db6f5bbd272ef4bb505143e791124f6faf78

SHA256
5a15be2b5435c4c58d02a38a807791e50bd940173d725206627b3eac1c2a05eb

SHA512
2dad49cc1e830d33f581757f1c0bf1b782592ff78f890f53dfb4d70b56b8e4e8d2349c6dfddbd1b53a36c44d56019036974b59762816971533a815a5fc8b382c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
00f6761b54308282e3c361dcfeaca37d

SHA1
72147617fdee33e95b7775cb2bd541959455a716

SHA256
d507999cbab723c68c4cef4189a09a0fa3df334a9a2638ca944acdb779e5579a

SHA512
56590b9d2904056b02f2d894bf3e0e85e4ee747dc525eb9f31ef490d58615ea4f3d2d38ed61bee0065303dd7217b01406f9937d7ecdf89dd5f1aa9537a647646

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
35ab06fbbaa4608989a2a028008ec125

SHA1
0ac35ec2f6c922926da85639e7a64b8ffbf92110

SHA256
b76a871009066f8e93abcdf202d1474d5acd331bc30cbb4ad74738141fa10fc8

SHA512
4e45fc34196c81abf67021fdf536b1b5e6cc77fb9fc9381b688be7eb8a3a5ed4e7456dd26968dd6ecd4e27b409369959c49fe71445eb8cbcbfcdea2e3cf6a011

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
61894aeefeaaca477f66b990b9330917

SHA1
29fd8a8218891e515e787b0cac1b83512dc0adf4

SHA256
9ef6766a97f3659e4669ac48fb18c113c8422b49e8e646a70016c4d944f8666b

SHA512
2e877c5ecc52e7b14b14626a1f9f9af187a3b4f70184ea162f35ee0a8d319d7cbd456d45a2b21b582508bff45ef5e4394853d01eca9bb9d378c950b7a7e8ceed

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
73b0d431892e18a3556ac0d216d33553

SHA1
5e9cb86f130f06f0024884bf0a5ebe0f65119b48

SHA256
41587c00cfec2a14ced6c07680086f5697586fa532df0eac4dda108dbaf09111

SHA512
e2e7b681e538c6d169668570498bf5070d6ca69ffa768e6b5d8283e21fed7d1148390f0081f97f5d2b99bdbdcf5aa45a069fe2187a36399557317ba63738581e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
0073f9342887d2aace6b3916e4f0498c

SHA1
93f07953da912acbc2c1680b359918eb14af5b69

SHA256
3dcb08605958c58fab6150b666938235110c8250da405d11a4e28d25d2ba935e

SHA512
1a1d4af07dfece8f315e8d5c6ff3703a6cc6d444395a3b8f96b96ea9fed9aa9340eb3a6005b2ad655873b1145b76da3005e6f8c128d040e0db20312ad5089085

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
16b3cb5b963fe17ed45645473152cda8

SHA1
ffd8b0aa7e74723efd6999a4ef1ff062b4915fd1

SHA256
793d8ef112c361e948491291949dfbb95b0dc739605abac093f0f78bd16e67c6

SHA512
7fb335cd30a0da81a2024b81d7b57e577537fbc2d87e2d303169dd477fa59130eba470bec9f00c44ebd06a61da682726a9695813da809c284704cf9ddf43462b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
75c6f7dc523c54bcc700cb3da7848caf

SHA1
3dd8989a6bfb99f148d92644ffc45139b6db4a34

SHA256
692b99a3a7739dc790f16b8d132ff42e4fef6b386129780424781277de08d934

SHA512
0a2cb002794e7edce234599300c07b45baf15e83094ad85f4e808af6bb8250074da0c9a69829e6de7c95aacc23fd339bae05228d2e8cfc10c08be056c2b94e99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
28d8012aa8ab28d55786860dd9c30a4a

SHA1
0be1489e74f13bffd1ed0f3118fa575991772a40

SHA256
b9baee70320f7fe1d97cff182c39aaacc86deb66e7861c1d1db7197dc3a13e46

SHA512
1790538acecd6ec0ddac47d079321bcc5a56fe75d5f74a64b268bfa82bb60d7fba28aecf633b7234e5bc11c5f9d7d32d34dbbd75561c573bfc660b145629b250

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5027daed9dc354f6aff056f39e3989c3

SHA1
bd4fef577a755714fd38229fa78788ca178d967d

SHA256
4139669de612141d54d255af6dfeb91efd255bf75f8df2fb12189308a7e40164

SHA512
017953f5c2d61469b8fef6c4cdb0acdfd81796c34db160eb76685a5e9d8799d8187d8c7378d7035d435b90ca7c618c769f67afb6f3ee705f69621edbd081e475

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
a7b5f2f1b3941789bc23768d99668c21

SHA1
dc20bcd233d1aefaeb2f896df2be8ebfb94ac3da

SHA256
02c00d1e820922804fa80ff8cc9c239947d9f0ecaf0b8064e3e2f9ab01fc2244

SHA512
887146d36df168d704bc0d98c5e232814ecf6ac87012363a2a3af4c4635dd65de9645800082c706c724917633eef79ecb46bfbbcf841d3ad377226980a09af79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
677454039fb346e077eccc5f870fb856

SHA1
5efbc44fe3bdf82a3e0bb3cb6388d6be65835009

SHA256
110146495dea6c5ff1170825d33aabf4a8fc13d71621670f604dda5b56fbd7ce

SHA512
8a2e095d8c8a76895046e06f89ef7d256eec265687e57fb72cf92a539cfbc08cb83d7038d7635a0eb68af1dfc9baf28d91efe396cff591accc2027c7f17d2e38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
a36eccc9897c0e3c8f74f3c4b3311734

SHA1
911e354dd83d1ba8f710423a95284557bc2907f1

SHA256
1e9fce4db87385c35161b392e7e3ea5a6c22ee10717d4c91fec4dc099a362c25

SHA512
3ddf30172ebb91280e07dadeb7130e7fb07165f4721b2831ee16682d9bce3eb1aa7bf13056ed2652a98749d28af2c424f31e4d17894355b8fabd453fb1962fa7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
f36fb8c733cd1938a53f584a808c28f5

SHA1
2e00e135a6dcd014fb69deb62cd0242e55a59c4d

SHA256
c001a9fe311f97c226c987c31e73ded95f193f3683bb31572a12ca6c38cc7f06

SHA512
f82269730a90ee520e9c3bdd3215ee356ab1b4ce8e84858b8549bd835a407793abd28fe484c6c2edad5950eb2bb2a994e8b7dfcc3fae739693088fb7c09a08d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
88abf4cbbded46bd6321ccbb2e693a0c

SHA1
910d8c4444c6046355e242a4889a073bcfa69bc7

SHA256
62daeb158268f6499bb07b29c6f492a9fa138b51e39671abfad59cb6336b807e

SHA512
8a1ad2003642c9064c94d13bcba0a01f485b9fd0d060e40d2d099a72776b2f8fc9f355e7df5a13a6e3505b4086f3638fecc16e20e7bfe082ca923c777093888a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
3a275c58399403fa9169e3d9addae68c

SHA1
9f493825f5aedbb4082017973c43cbe21d9137bd

SHA256
9b7ed3f4db50743dccfae69c5590be56c5e5df3b3b0e32cdd19c5366c2210d94

SHA512
21a498e26fb99966968647a7b2531a26033351cbca9164103b8b0d2dc45af6625df1cbb46b0105338ccdf8335d65cddfe3445c5a08fed049562480ae9ddfb3d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8fb4f05553646b31a08e3dd47086e234

SHA1
9d733c40a7062cc3168b9cf58b56c0e659abc657

SHA256
411548360912ea5e256dce0bbdb3e81bc0521788619b6460d09e09849fd8a811

SHA512
cb4f7dc726ac8a79ea97d83856427fe48bc208f5d80b2525dcfe4438f05632e55ed165581f8b9845ca28d72e5d546121125be21b10218150f9eb869409caa07d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
38ef2fa51b4d4f30d8d664751a283750

SHA1
bc05eaf7433829aa356e1b5bcd46f28da7197235

SHA256
c0704b935dcf2fb8bf155da8886bd81c2339c913a91eaaec581567d03323c25c

SHA512
6cfa3977abf2946722b4e2a3cfe7c8ba94bb727d696d359b839cad8e590d5dab2df17ab6fd218e992f2e45129bff60f936884d12a87ab26f16c4e1be855be5cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
87bda595358d7861df6934c485ca5a1d

SHA1
8f6bb7549d79151820a37a9d1738a4e5ee07e9f0

SHA256
c4a2ed1051a2c627aaac42abea1ec52c866fef88d65b0a2e516bbf48c51d2bac

SHA512
0e80464faa49fadba502093ec831d7e812958c761b64bdbc5432e5935ad04bbe0646926f57570e3e24a16327942560e02e9710e9ea33522abac668852b5b793f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
d072499a669ac9fe68f905f3fbab7b50

SHA1
6c5cf1f5ecbc7928d20bf35819423200b8454970

SHA256
6ac83d4e9b1dafbbfe656d440a24af32473522d224ed0849ffa7ba69d3eb2317

SHA512
d2ed71aa17c637d9ebfca439f6288bc79ab7df2b4389e263e4371b4f0c6a10610f6737c5d748aba210a7fe2bed47220e20405b191e478caa78597fbbede11bc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
13b9e609b89cfd9687d3281ae2969bc4

SHA1
78604ecd3368778380d7902f79bad1a45e63e52a

SHA256
8d2e1d61a0ad980ddcba59b5f82cde6edece345f63e01177836da9b5180c2718

SHA512
9b478a3d7eb60c4adb9897aad3abe1d021203c12ee8d3dd6bb4b7c1cfd2003b4a65574aa010ce563c9702a36e77647bcd3ae8934e18e8c8e8ef32752f7fee131

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2b4b17a86cf38bc60d7be79c278899b6

SHA1
8bfc8f4d563447856c91f25d7a9197a001833ac6

SHA256
fba3acf8a75386ab17ad8876cc49812b8b0e7a17aea63d459597266fb10478f5

SHA512
36352e8c133bb09303b2d296d80ee444f020e8e48ecdd912a751e4ac90d2ce9887b932ea1b420b6fee55104f4e6783fc9ab71c00cbe2d1ea1ba896c946ecc023

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
64797cb692a434a43fbbec744adad89c

SHA1
09171755a6962df50155fbaaebcab376cad884f7

SHA256
07499595cd5c3ffc44885f5d061c3bc80cc377401eaf6f6366dbb609090764b5

SHA512
f077c3368846c732726bb64e88e0cc3c52cf0d812e7b771963c2a00acaa465451d5e460b32543d4cf8b80eeb2b16a25bdd4e7518e085dd4574d909387b08a9d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e460abc796d712722ce121f359aeeaaa

SHA1
91e6c80681bd9ce0b30ba30fdfcaa0d292570a1b

SHA256
397d5f9c661f946634799b745273f7505422316a4fd1a62d469e48bb599e9bdd

SHA512
98293946792a668836df3f4556a938e6d4637d0083645b2d5d32c4f710530d69d668b5f536236c05d3746cef8f03187114c34eb173835e7bd7a25b5fd49afb3d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
29f6314ed45abbd9a0846589d215b06f

SHA1
7214c27f5e56a97ce0e4c33df7c90a76c9a99330

SHA256
629223d0f4c8a03f24828a13f4ccee8abf747517db940282058d30cbc297c0c0

SHA512
5f38be49fce3724252949335b42d871e844d3844514614febe5fdebb65eb34f6c8722687e57c798d96d7eecdf65f6eac5b40a0bfe93170ed339163d60a387b8d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
32a6d09965a723f559ceaa66d5f81748

SHA1
66ecb196948407b4d40c6ede63c4f0da92954aaa

SHA256
545058fc57403252d56518aeec70589926e05637ef86bb88513de12d17dff799

SHA512
a2316be624a86a6d660dd28fcdaa468c0284abbd83a99d6574fff39c1a701eaf4d43d94d9614f0c63dc7267a896d0498ed7b95a93f5c1c0a531d1973ef9cc8e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
5ab6c73154e896cc69ba0349beecb233

SHA1
a5d68abd2e9738d25fac029000d26334d600ad02

SHA256
87a924b0507e9677e1c27f0d3a21daf623a30c92eba5534ebcccd42624f1c95b

SHA512
a572d379cfb2c34546f4e9b0c51cfe4bf497faf301fb63daf073a76ca7171d436d7bedd0e15241619604ae9543a734593702702d94dcc97ba05800ffa8ae80de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
1a1d39f22aa35f44dc4b479d23ba7f7e

SHA1
270339b0cdb81c39c845dd63c923e471b6e08602

SHA256
d59f8851d5ecbefceb4901a3ce707a783c82588f092004dd6ae6f5d31a003ab2

SHA512
bf8ccec7d9fdec2bcd612f52210bf746223a10c19732871e5593b48a3b428db655331b4854d9b0847dee24fec8c0ea5c0a312ac42556a6ab372db3454ac27a0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
870b62e2a10f0649dc6fdf52f303a76c

SHA1
d6d1dcc89cff7c235fa3b5fcbe301f35ad103705

SHA256
bbbf2a4f53d09201199e40a998f90cb0ce2aa0e5f077f4f518f811e4f79bc320

SHA512
0641a70a5e92dd84ced7d18d76acfa4a6a8b3692f2ed2ea1265005c3af5d923c4076eddc140514a2f1f7ed82bd660c2633bfe4b7645989e31d183b25d227b6d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
cfd16d91d3732faa95fda6b2088d0664

SHA1
5b4ce3efd328daf132a61c8573192a1d7578db00

SHA256
55d1f571b77445e1a70f52f20432d76ce33a2e1af5632f3550dbd299db5bc91e

SHA512
50380939b934d53d95388b98fffe9cd49b584547c63ae107e674724bfaed11298e318798eb48d21b03d8261465239c00c48daf0fc69482a318eb7842ea856a3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
9b45b9fb7fb951a913790484d18285ee

SHA1
e93d0347b0aac4290d8c7f3fb76617e7926a1b02

SHA256
5def93266137729d7190981b37fffd04c3fb333ffaa85bb29f18164dbc79a091

SHA512
8ed0a023eed538f202a247c75cedc34e5a837032725a44eb99d17715a28581edf0fa1fdd4059d579fbd55d07bc2aa5770b7c589d066185e1213a2b0c7a60e440

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
7ca9c23ee7087743db0529f50ad5d8e9

SHA1
ba2374e86c1011b3042fbb400a036d447461e32d

SHA256
95fafdbe39a8a146efc3cb99ea9b6657bcac4139378eefca9e28f44df5add36f

SHA512
03b6c481b91bac290a905e49d90f58904dc2978b112e92cbd8c9d5369878b41573f45944f4d4c7f6713069e878dc102bc0f40318ae17a15ad1d1024bf7dda55f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
dd7ecc76c0e780ff00ec07ed578a190f

SHA1
0e7c2fb984a296b763252d9707516e83421429e4

SHA256
63755dd30887c5c7bf274df219f115bba9a6a00e698c104fb8b5d890b357db83

SHA512
b7fe3445ee375147b560e4e16b751a80b99a5a5d8647ac0ac775cf5f517299f6848c0178b6fb8961aa59788d5613afe198c9fc1bbde935d8162c6db7b06c45f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
0901da45ad9f483fa8d0b557d1049219

SHA1
ce206896dd91b9c57e8e8affec39b78c96c00ceb

SHA256
4c651813b5e239d3941bf6b800ce8014c3c5e50ca9e68c602d2b327df4b863f2

SHA512
f19de733932e489c94644bc6526c0693fd4ab989dfe63fa2da618cb74c7ea73e8df514de802700c217906cbdee2f17d9f956cf3ddcc454099cb749d75c675269

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
274c0d7b12f8c46189d95a859996d26b

SHA1
fedd3f00bea3654fa5398d158f53f9bf54ab5c11

SHA256
dc005a45b80fe480a228a5f9495497a875615b89ea7e7f551f6d8dbdb892a628

SHA512
7c949cca6db181b31dc47895cfbd78b20b70ab2405991177bdefb1f89a3aabb8b3ec898eff5d9caa880eec9ab58b03c3e0d43d2fd2c35331fd57d4b823219272

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
321B

MD5
771e9e60910ff5ae17214e984d4263cb

SHA1
0f0f34e72e38ca6cf88b02fa1d3c9babcda2fe5a

SHA256
5594cb08289cff699592961ca1ef9489ebeed81c32c5bd8d668bd71e212aa300

SHA512
847e7d198c4f63e1a5cc0819cc0e2e60f080d8e19ff66e4ab06969fd5db88ce6be3550c52e9d38c7d417456c08c07cc2dc755e47f64cfe98a0e4c44f83740c6a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
05f7ff9c6457cbdea9e21f9519611fcd

SHA1
cc991ff7f01d0f7fded61c3c034e3cb39837b815

SHA256
4672db19cc3ff29ff3f4db6b753b30c23994e25a4a45b060c9d7677ad4042793

SHA512
c857a282c6662aefe102d222ce523d309b6f02e0678b6c72af8d5a4a2e2b52f31e3bb7bb8f407879633957d5afd119f423fbfe711b72dd58a53f780adb4e2ee6

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
5e707b4c436b48fdb3d88b6f66e03556

SHA1
e759e3707ee72d8c2ce94dd08609ebbd2db82831

SHA256
ab9756a1b002b4d644dcbba0614ffe3da5908c03d7942a17f58b43761f680671

SHA512
11f2be75c81efb0370e51784cec3a59e6129a4541246751a40995c9a695399b6d86fe9bcf30d1790b14529ecfac2b1b221a43054bbb511fca2c8c1469c293786

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
92ee6d35192fe1806c359840563e78be

SHA1
c72db771cddeb9efef2e570d3e771bf766da918e

SHA256
01cddcf02b418feb4c6a4cfec0f48e5bce88db18cffb09ec0b31361720bdf26c

SHA512
a41d868e9c85106ea97aa2b757346e91edbe1a827cbf78033d9744178fc29423ae9efd93c5d272633b1a41b641ab690d08d212548ed61f6f2366b95022292c3c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e20cdd80bafe9d9703fd93f7bfa2494f

SHA1
457fb7d96f68615f5a6fdae90bb96b6dd0f8be17

SHA256
3ce0008e4be1d055124640ef232a8c673aebced44695faa228031937d9324fc9

SHA512
7cda2e7bae7ac3c9dc34be89f0606f6a069c92320eb0d05ce52163ed4321429d81cc99d6042aa1e3460c8d0ae344a54b276d9871fcac11128b9a5ab713661c22

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
af7bb249078f29eecfba4d56ab58fba4

SHA1
506b0bb67713a4e6ee689fecf20739b2a4c800fa

SHA256
fdb13de1e311d949fdc0c3996694eb688dd591a27b9c7832d518fe189fe6456f

SHA512
d1c184763609e8a4272586995c84eeac01289cfabb27a20764464beabbb6b64b6d432a935d85eb7627b334323a5e3e23a3c5f36d9a355b5ec2c8ba029ef85731

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8dd002079f623bf9c1cc674f661057fd

SHA1
305200ceec7b75c57dbedc9f876b3de2e53df0cf

SHA256
afbc1fe33fd98261b6381ff2deefd11cc824d3bd9e7a4f34c81a5ce9d1ffd54b

SHA512
fdc9186e6271befa34165b8d206448536b4dd05d7d6628e49d8507e81af19cc78bc68381aab399f6bc2ab3e03d6dfe308f99ad99b9c66fea890f137282d01da8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
f11be321ebab3460b05a5e3ba03a0e5a

SHA1
53d36977636c2ebbe5a2ec837804e7ca6fbea5e2

SHA256
1e248538c7b7b4d2f6b7d57518b17dcbb1dd64614b42264a7d9674e292a8ad06

SHA512
6b3b6bfc1c21b6aab1bf48053691c94e467a9fba1d780c172f276a62fd2ac18c29e30966de140427342f404f5fc60b76b40a6e9da4fe92d83c479a10207b5738

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7b2591ab0879a0812de8a690ce5007a7

SHA1
7c187039807eb419c903b81feb3315763fc724dc

SHA256
933ca10d1bb4f679b231a5bc77b12a70467edd8e508d3bb9e94d00b77a89445d

SHA512
ee538d3b21d5d1329035c624f04c1462135be817f33a5c6b9c42df618c27cd11ae9f06ce8dfc93a59d3649ca89b0303a6b9794ad025fe5e9e909d4e07cc7513c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
9a7dc0c2a3eac5fd58a2c1d08aac76af

SHA1
46a44f68b01140957db9d7f237a376fe8145dc90

SHA256
1a6e55fce2f5d30d462b4ec6c930a234b8a6f5e66eab0e4877071e055641a0f6

SHA512
2bd0e2c87f50ec88fc35e0dd31223e1f5c90906e90128873f0352399a64d5bfdc210e2e7ba7b5128509979f54d84c7e08336cc22ca3ea2893e5d26e34596f349

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
917017cd686c5db09c013dc0c58a83aa

SHA1
ce6ef5910d21079def0db3ab46f6eea6b72cd145

SHA256
1b035017b4661dd1abf1c6dc01d8937c621bfe13a7f8724ae824be683bc5753d

SHA512
06dec2b7f01ec381455d402bdc95689a4edeb98487359c739591f9f17ec56c1e0a52c0c44216331d173d251d21e614fcf524a13008a6e13177a0363308a7b249

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
c97eb8db01f3c68ae52fe78ab7e67e0b

SHA1
deb00813ce6013b361da9f15d895c7e2742b4cba

SHA256
1e7f75547955a932660f55d59701846e87709db4f05bc416c903d006a34d0c44

SHA512
0bd3f32d96076fb763a57725c95464403ce5115afdcb4f8e373e58f77168233277ec6eb4b4d0f12bab9dc15205f70999dbd51babadd10354e4d0bc4dc4d64c7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
fb96f25830a40485ac5eb3342e73c31f

SHA1
e43df0a696afc485d0cebc6d5e95c7d631b043cd

SHA256
49e652b648fedad24f0f4c1d751674a0e1b0adff4012faed0d68040d7684f865

SHA512
addabb16a13b41d0f671a43279393a620272c69a01d9053f3dcb90ca26be3b236044f52588762ce8d4fac75a7d4d6e07900b6d0915a883e71d7e9171ee49f6b0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e08909de17c01021ebe5faf9c2fee7d4

SHA1
b0bbd8c947f5e709955fe1d6b7144e401ae9f257

SHA256
38b8cf4d228ffea4f41524d21befc52d9066083e5bc7746854958e57d850156c

SHA512
0f65e07dc977b4c26d44377ec6a37b75e2aec63ce69ee4f4603d6735a9a257035ffbd912477f48aba417ff690ca8e2b42a63a464291456213eb7c7aa197e460d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
e6bf11360078b06a0b9d1e991a0a6a8e

SHA1
d00658eb8fd834d9cce5316ca8e647b8afbd0c29

SHA256
bc8f3fb236f5a5a031acdc9ea08c5e41f57bf17aa85ea5cb8b99b6458c012e2b

SHA512
945868fd0283b8be5927fe4ae7917b548d437a772b8d8d8f94fa9c3b0e600e0f1b93b228ef146a5f12004795e89fff536d9ac149eeec8d1a4fb60393bb0c5146

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
38d3549492ad915ae607fc09d7aa2577

SHA1
79e20b9a272d6c77134eb86724d56c07b5b2fff5

SHA256
508bde3eec8b85b077dadbb7f3986c2163ce8357b9d6852a0a9577355022f75a

SHA512
d4ff77280bae1e24eb601b5d8147518ee54af3a98b7cbebad77851773aa9d1490d2c93fbadd4681717bec5e8239b0c80f4a18eab9772e2a41458fc1ea0cf9418

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d9dfbff0e56a8056be9dc8a3b1750e26

SHA1
2bf0adc4e8fc95c1b7e07912b561c0fabcae732f

SHA256
c528c2a827959d69c1dbcd97d9ff7765c0dddaed8054e48ae2b6a8061426e602

SHA512
133e5adb4739e218481af7f0b845aca45f62d7e3b1ea75adce4c3b401b45ad6a41a78533efbe6c44d1148a136638d26c8db8bbb011a44f5c03fa87249d495243

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
1c4a7a77f4efbf0a96459458cac4d538

SHA1
0c5515dcbdcbc8f37f32cea9ba08db248ba96279

SHA256
b89300bc6ef41784a0441b753936a751c1413657da1b12d2c8ad31818f11337e

SHA512
ac1fa4a9769acf2ac2c7add978ee42849678b45fe9b59532e7d8342b8d2ac75b5bd533ab043c10590e678748cd4a066224f63a46b521e5dc96d66517cbce0556

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
0398b6216281e2850370f36cb47e8453

SHA1
9b58a42393c1f01058222595dd716b34fc6c47a0

SHA256
8c540b571de4a990b3acd6aee0fb43626149a9f67b5b3a8d92172ae306420389

SHA512
0f1e8f65b29025de7d9cb5a6c7acd86f5858b9234cf7bfd453b3d933ce72401856f5ed15167c814e141112a10254c8ee10e47a3224c3e07ee7307b1bd4b922de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
fe50e5396250b0ef72021c1813cd4c6b

SHA1
44188bd2d86202654a40257f21c94f7b3c93d533

SHA256
f613fa7fe3801376350389c66dfb9b289619f136db7cd31122548aaaa29beeac

SHA512
e2895801f16be751d2de965bb7c14272f1124fd19da6fd0897a8bd26efb1e2ece24c117d9c927d975e8006b80ba7f305b4fb38876238d30481508944c6acf7d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2901097698abd81ff5efeead7c0eb24c

SHA1
7e9f471f39b5b3eb0c6ebeca5d9aa4bcbd3b1674

SHA256
6e8fa5f818c620607a393f95c2ce817ad9223296f47eb8b62f849aa40b0d83e0

SHA512
b4a77e185070b69e9258887bf2360e1b7354f44791927e7b4be72b970c2b58e0524744c7a12ea2a0acff5b7839c64751efe71911627ebe0d65ec9ad69c6ee3ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
1e036b42975360b4d41fb69bb6b0c02b

SHA1
35ed2a9627613d534e12a8312247aa74534e25e8

SHA256
0bf4bd1653999d9a93c830c7b6f9db8f278f0f23a8b7a6f8e382597331c581d8

SHA512
311c2728b70b575e9a1ab5354899cb94ef3749fedcc1c0be71da225a236b03ddbabe5d93e79d8dd1573b70cfd426561c5495191aff7e05ebfc4da13173f95688

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
1d1d723a81b45a197a099995394bb320

SHA1
2cd2fe52e2b5254cc8a87a4a2f44646f48762038

SHA256
e1d82a6b626503ea357456742e68b25d9dc189fba60f6bf3f5700f2333b734bc

SHA512
109c43eeee7e4c443d818e657d7c13322bbe2364475ff07e059db6215a71a7a30abe01df4286794ddfdf1b5d21532015b755e01d70c740723ee4e87c91452aeb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
71e0b080c986101ec4ac94892588d908

SHA1
ce1e9d69b035ac3585002a8f1569aae45fc2c0e4

SHA256
7886c4e065ba40d99cb60ebb45988b767a538d462a96f12b7e6696914ae605a3

SHA512
22032b4d93fcdc4b8a8b99faf47bd0e2d21bfe546e361a93420e1b1bd184bef3819dd82fbbf75deab92f8a5bfc2c74dfdf77397114d6f1d562b2c68bff69c46a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
23f5be57e8122c4192007930d9fc5d99

SHA1
714bb7893136bfc99835f1e5bb25910c42c50f75

SHA256
16377a2915712bbb485ce8ff39f177598cd80d878df9d0c64e61dad5aa1beece

SHA512
6234e0325668b8bf48f80a10a6de6507649a5c8b6107b6d7aeee7c0ca174380243c2ea2b0049d8ba6b3b186c09d2cc00b32598af491f4943491b3273e5310197

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
baa0d2d6781f019aaa1846acb2674f94

SHA1
6b3d0836dbd222e36cd4dd1b842c83114958a8cf

SHA256
20566443bab3ceac5db7e17f95e6bfc4aa65c7beb63e8227a60827b76c6a68c1

SHA512
4aa35adbc2d94fc950190e38cc5b169206c75648ec12213627985394de4650f1bf2122591e447127feaa5afdebc0daafcb546823289d1e22baecfb75742a3588

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
d0080574e610c7954e455118c7e1ac98

SHA1
561d9386fe2ce78b9b01c51ced321eb975622441

SHA256
7848709e9b108a30f3e6b4cec98f07ec772b41bb2b6abbaee59813a16e6308b7

SHA512
1a353294bc8f074bbd9d4935934cb26c465e91d484b8d06ce35c6c7ed40780db08b645cc0e4a56ef1b2ef04315cfcfe77b85be0010355fb9dcafba208f2059a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
e7029a7cc689628c027fe08f4693fa81

SHA1
40fcbdbec70cdac25a45bd58e5b0b304b65fb35c

SHA256
b35dd7e624bf0da5417e0da795953dc215f7e0a05b9116052a922c2f50c56f6b

SHA512
4bc74e88e94159c8019c2328cb9f8dc50e642ddbe64117c2e621278d1c3223aa31844b3da96f614a9ff7c4f1977a4f88486212fbe5919b2a5df0cae66131b1d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
718c5f4f1df0b9195314c55dfa9944f4

SHA1
93d7b09e69b4df8d32c3f2ca7435ae9587fbb117

SHA256
948d256adcf4261cec0174e2d81220875e27e3aa0c881dd6645d016f10183cc8

SHA512
e32c6776f3815c01134eef97e89281956006deeb178074b76338b933d9ba424addf761424cd0a0111dff2e9633a25da41340dfc891990b6ff41289c993bfaef3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
e08ba43b61bb884622fdee921e5bb4dd

SHA1
f2c3943b8b20c4d75676082271138aa8653df46e

SHA256
fa7bb407ae601ebf50c6d473d0938a9ff3cc3742d82fdb43b535fc0cea3415f4

SHA512
48fc1b87e031f1617eb3352ed5e21d14f2ed2fa9d4a4a0048137340e7d5ddf13930c33a90e87e4e990db728c5e7de66390deadd74802894f763e1d5ae6fd4524

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e70622cdd779e9408c6967314397c760

SHA1
52cc617ebcf0365430c8db59ecf5f30ec48ab3fe

SHA256
165d7b1be25546883a5ed484186e4602a2b87ff35fc13b4baba50fed5ab98368

SHA512
5bbbe3e87da54ec78723c1c3efb9dd154099004b11924fd8db96a4fcd51c8bd100232996f38623356a988de5e8c53c189816a2e98e9332f7e3da2608abc3de70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
a00805415a666553cbbb4710bbe61a3d

SHA1
db0697bf062e36099bf421623d50b009a7715799

SHA256
4fbff05ff106078a7dd40c0e4d4b9ff3b2a5e854607550fd7d59def50a1095ac

SHA512
582477221936aeb74ffc31bb97bc828159368b544ae8cadeca47bf5ffa001fe71fc0419a29b240280645a7836e9a9e789f3255c54a5eb07e99a2932d00af93c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
91daf0243a4a4b63838fd06d16203d1d

SHA1
cd71b161f356083f8d6d52ce53706ab52bff63ae

SHA256
f82c1e11d929bec85b224598619dcc3a7fa6ea8010875a29041c886a6462b7dd

SHA512
02907dcd2ed4c3093b99a1a15feca64a5b81ff26f5300d756f5e50c56bd711db8ed7f404851524299c91c71209eeb51aa5118eba45a4f8b2bddab009f84b0cce

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
00f55c69cae34518a52a8de4217524f4

SHA1
179580ca871757d1655deb09ebf10cd86cd06b41

SHA256
e03ed976c0d08ec747d1c8d849cf6714b9bd1784d140b3de70b2989df7bb762f

SHA512
f77fdeb594057dfc09247e5bd56540ac935e48df2aae67e00a8cb6909c9e1f98a5c2de5a651f4210d768c2fff26e872865d1ac0abfbe0330d4de4717413a631d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
9947c2b82ba16aebea8c522eb63b3237

SHA1
750c12377321452b1f1aab89f5fbbbcdc929926f

SHA256
b799bb98273076fee6d916c5181fbdb6f2c9687b26055bb0ab60010c9d1bdb0f

SHA512
ce0a1f4b62f315bea0d997f9c4843111da5ec6db46c3141f1081ec05808ca1b2c4125cee826cd4950077b241a3e028377c1a804fe331bcde618e700a0feba689

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
04785804d61d12f7c5b41340725c905b

SHA1
d570d2f228d67d4a04f989946ba37a43bc8a16a7

SHA256
ca421cb99f17e9da3697d6034492ce7de436c1bff74867dffd3f55ebd7100111

SHA512
d91a594d711f1f3001fb3912aeef26d201c2340ed306faf7e857c561b1caeb8988f4d2a2641ef22f66eacd73e273b4129390e855ceb4b614435cf0fe1430c14c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
dec1b384cfaf33c2c44455fbcba4d9d1

SHA1
1630a7b67e6b77e3ac5265ffc06b4f69cb394687

SHA256
e1e30d7355689af1a92f8971b48d55c55a5aba0ae7d25a79d8119de4919882d8

SHA512
e72f2770b91c2258f1823107783c32223a7d6252f004194b8177150e5d335ac30d6d96aa1a69528ae27d444a0c36061d773c95c65892aea87915889eb6ba4178

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
14f79e4990e3611ef3c6250aa8780f88

SHA1
a938a853d1978724fe52d52f86ef768d086e8a6b

SHA256
94234cd44b562cb6a0f24a3c33698b1ccaca842c7e5dd5219c8c91c535050a2f

SHA512
af570b7348acb92edff4dd4f67b56af59c15f8d89614cbe1cfa15ae85e4c16e24b555b12035e9ec079c75b47c8c5258969046bac1a3a2c2492c38b6fed66d87b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
66c04a498e97a029d6fb1f262812ac58

SHA1
adfea87e784ddf51580e916507da59858abd1a5a

SHA256
6f8c83e9c115377c8fe7b1e8bb79b9bdec9dc621af0de9e5ed123f8186e296a2

SHA512
45f892e47ff445f652e5cd3fc46c51d78a7349a23862c4351f4ce56701e0d8e59cf28b4cbf7c5d4515b9962381de0e865b4331c0def9031df01b7ca327247fa4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
568b3ae148544d668a25f9bdfda87eea

SHA1
90c9b6910940525e0eda6a36ed37f91785d24eeb

SHA256
2cf677d3827f349dbf80ef74cea73a74667154374035924ef2815abfb62c61d2

SHA512
7407249b5e37fc1b793074ef989251ed99da9f82df7db982c87fad15ea67b2a747e790fb1b5185dba7b8ca259378541fc567fa4fc31dc2f8bb7af72fed06526e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7ff2e2958b11f31b5fe329a9c6976c99

SHA1
bc8949e5bba38f4690bc7800023ffbbf7742f9a1

SHA256
63dd55ad8c5ce480cd103822fcaadd3f389c88f9392abe6b5c87d99eedcc7cb9

SHA512
ecd539f7ac4874111d53468f80440112088adcb24b6d79dd3c5069c5c3d521914febb2599c038f95f2929273541239ed68490bfa3bc8acac82dbbe03df93c615

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
a79c2d812572e9c053e330e4d09c884e

SHA1
e30dd2ff014c32ebee329528ee7c3b4ab81e20ab

SHA256
1883e26454708acc0c2463f6b7a54a327118a7ce98997223b0e1d14dcf2f5834

SHA512
8b8e9eaf49ca714d0f14dc45a3c77285115ae6372d5efb334a903ce722653742edc0bb543029f28bdbdeddaa40c4dea864ef9ec76728a38d02929eb0a79739e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
e2935aae6b3adb087353c83604d9ab0a

SHA1
93fd71532687eaabcf18e79990962de9d65c1898

SHA256
e6367368cdc90a9765749411e59d3cddde79cc3b17f284194702e114a034b473

SHA512
4ca03a077dd74d77b4423ac9cefd45c2deae9b7c63092b0f28e5f25cc54d82ca69cb9f6679bf0f1f8f0e339a8b2dff98ceed7aeb138fe2eeb6f2eaf18812dbd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
dac05687511e5bcb3ff3b59c8e1029ca

SHA1
398a891182ea28ac5b00fea6423ac1cedb9f7289

SHA256
b34a3111ec2b3d7f2a819f272839223bcd444f7e09d38e382f74a257ff44d641

SHA512
fd972b7460bb6f2eeaa4fe8b003cf1eadce4d867c9b29a84284d0d946bcbe7439300278e97e2067c30f26570fd473b5abce5d3ad776738445e1d1e0314c0c87f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
053e05f13a369d7e24c9f821c5130471

SHA1
12bd8aa78b11aef82fb27b71bd99fd071aa296e9

SHA256
f3db8346559cac24d3710bee8c663a940e35b057f596c3427f1e84d589cc1f46

SHA512
7ec6ff45656d01d022e7da34b3eb182149374d2476f2ef290fbc312436bdf939ee1bd392605e515db0317d2c2836fb34f02167a44865461bc46996c391a8156e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

Filesize
77KB

MD5
520fe99478ff5cf0298fae5eee7a726d

SHA1
7473fbf36613a000ab70e009307c770b7b878a05

SHA256
f53158d5784f99ac32925b5a7d5154234a93d0f5942bb00bc649f45f617c6aca

SHA512
54adbf13d04246251fb4503b79897f9428a32e97be5965e68b585fe642fb316361d7fbd9db51859e5388e31e26e77d42eed643af5ae72ade8c09ea406dab6504

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

Filesize
47KB

MD5
31030495f90ef654f955818422833386

SHA1
512f116ddfb1da5d6294934b53ef569abe5687b4

SHA256
291cedb55f4a5dbc6e2868d1acc8b256b47d80cd62f3b61f3bae72abe800a1d1

SHA512
a93d3589170dc4f31a5c4c3b1b31320903d3e26ec464c44a453e8b4d6ad17d0cd1330963e7f4e6bf92784f2a0a95a792c83e753e6b2828d46dbec030f91b6813

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

Filesize
63KB

MD5
959a3b8e3028c74ac31d95b072e79d6e

SHA1
f18ddec2e37c07fad1a0ca9a8d003c11d695849d

SHA256
6cb1dbeb8a1d30e6e3a3f3ddedd3a351ebec91c19ecbf2f8166f8a8fc2fa7ef2

SHA512
652c578ac67599b408a8c21871c9cbf5ba20fe23dfe7b0ffa62d35daadd40a103850afbb88894591281b450647be0bf402a3d896a7b2fbf034c18921bad1fc7a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

Filesize
74KB

MD5
07e3fecf98d8d216f0487b92199029b1

SHA1
5526a18c22711ad4543077cf8aa4bd94cd90df7b

SHA256
f00ad6debe25ea63f98c818e02fbfcdf9c4f8dbd5a2ae4675f728e52cbedde96

SHA512
2eb7bab1ef218c7aed39a0bdff65f947a68c83823cc22c3d09383a5a4eb490cd3b8623a120b48687a265ed9f31505ae1348bd7ef705b59688f995919dbd42e21

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
a1e7fc341680a001afa05b6652d7cd98

SHA1
76bacd009d03bd1188503ed36d506ef00bcf7cb6

SHA256
fae325fe5fd3435bc26b75ef828a8db0c063c2bcf0242fff95259cd17a712bd1

SHA512
567f66e8816ac0811349414813be348553bbb465c09de2a9f47d98483d732aefa34deca0026296fcb202a76e0d7e29f4088cb026b439f863e67fe6581f662ccf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f19535f6394bf03180bee9ac724b80cd

SHA1
5af0a454091b714589efa6c507f8cde57e0ccfd6

SHA256
24bcb0fcae0bdf214bf7e590692bcffbd701a25bbd71cdfd968aaedc27067dc9

SHA512
3c3d04a4f97a708c1bf2154711a11a721ff6d393a03f38cc20d814b0589f68133e68d8ee67b50ed883a59b4fe4d4e328ad6395da4ef8ead3404acb5fa3d6d5af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9925494bed9f10841fb048aaba6c76a0

SHA1
4f00272ed70b3f1b4ccf8313a00cf84ecd22131d

SHA256
2ed3fa90e20a84b9948e24c69e1729e38649c2d04170c290dcb7bfed12d75ab5

SHA512
8e97a313885cc43fdb19c32d4882249bd6c8745b33ffae5b6f79add111ab797adf416b97b768e64385f377ad0c3aaecc57046ef2ae2faa49f58c640cb4019db8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
7d518c6b59d0322f80e99e5e417d3d48

SHA1
738fc77523801357d05817ec58c96a4ca499bfda

SHA256
2f8f199d74439453a1f966a14ada8bee14c4982c3bc703d69c5da6ab9dbffdff

SHA512
fc79e050cefcb6b507e6e8e1ff34f746fb81794bf7e03dc68cc9bdefedf3e19518b2ebd2f1f8e3951be22f38c9612886b3fd563f3c9d692845233e43861be55c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
445afbec1a9131faabe3d9295c50c414

SHA1
c0881a83820f9e5d4410dc1aa4c514343a3665e7

SHA256
8405384be1380788486ef88e05a3a8d7ed153d506fc88fd06652d15cf24aa5af

SHA512
60550f490dcc979115c3cce3d6c7f8904831d69a5cd6c38bef8e7b171f70d781de547f13c87b5a347d781366736c2f04995946ccd8ab3f2d34a443a203048975

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
98fa0a175021128037b7937ea84c36ce

SHA1
6ddf3eefe0f8b34e6deecc38f6b209eaff9323ca

SHA256
85e108da775516dd894c3659594fb61b41c11f3fc300d14e1d76fd59f0bc8744

SHA512
9bb2349a546cb900d663431fe9d2e2391464e84cc15d840a9944a1edd98b158297d4ae3ac849515a10220e19131e3b36a548a100d42a2521e4bd96774da52a28

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
b0a50b065bea2c81884133a8e015cc0d

SHA1
03094e1f1b0b6cd89dbaeb8663251b8bb5164012

SHA256
52193a94dc7229da5215c86cbad5311896dd291ec3544fd46a3d1b9d4f2988ef

SHA512
37813b28d14717766f00d62f3016dcec2758c5b688637455d15f1a1deacfa9530f020daebc530d8c4d6c595db6d6af1d0f68e272b448b0501d0c4e9bbf5016aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
6bb7ade19ce482d765b3d1a80851d590

SHA1
f014989c4ab6dda6e67e2bbadd35775b18f2ce3f

SHA256
cd606d1ffe97de47a82e6dfcf39de4938019c44d1a180738dfe4f9eb99a77ef5

SHA512
aeccee4ba8ac56b1f1d514abdd65f8cf9ff5699fa90fc580ee46cb197c47cf6288116356cadd25fcb75b62b90220890c3a9e0ceedbc66215db8e592fba217271

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f3b1ffe40f64ae417082a584c37c74fe

SHA1
36b2b2be1d6114c4ee438d138b887b1b16d08235

SHA256
fb2e030cd20797648b8edce40b832938145600db635afb43248f9954031bfb30

SHA512
e8b54b6fdc84277eef6038555a8f203f9e824cdd5dbfd388fb77a8fcff5b78d5964b4504fae40bec4ae70ce9117af40ac5059781a8102fbd86ec3797d9fb1b52

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
90f0484f10c7eafb9524e5bf7e186190

SHA1
be17d708b67bbd123ef83360aa0114a603c1703b

SHA256
f6eecd92b70d23003ba9970ce2945ce721dedb1540ea6b64b8165e3ab540559c

SHA512
da5f031c0ba3476f7fe2784966bbdcb9c61d95342177fae8662b00e48e9fe4aeec1e3024d39e58b1aabd6d7f5004343319dfe6311a87949b9d4bda67a4a798cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
0599289e8ac007289cd07d4b70d5c991

SHA1
51dac2d1ee26b4a70fb5a45c686d51255684b2a9

SHA256
3583f6d1c856710b9e916f9e782a56c6646fa6b4fb19af61ef5df70eb7eb2de9

SHA512
0bec4662caa0af1ad8e0a65cd5819a45daeda0f09fd8a3baba77d7059700d8240ee41aa44bb8d60533d1f400738a6fcb3769d473dc07bff6cc71150e491a95df

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
19756955a4f50b67aebb9bae095db10b

SHA1
1d4e414f3289cd1c523da0bd4fe93fa481dde3e4

SHA256
cf8ea2ae0550636bb2d8004c68bbaa4e1edaf460bf4f25ee435fcd0331d78ba2

SHA512
5e2bb5551687ce2d41bde32ef16efc1eeef6284c6489e51b8833c65331e64ac58fe0e8ed216d5ccf650808996ab84f3a363441a51d023324bc55b07384e9e8f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6513f82bbfaddb0ae3c1cecaf4e719d9

SHA1
333a52e741a5c535ebd0c57913e1cde3b2a42ec2

SHA256
0e954e5f956b3029937f096cb89d3e0f59a20c8bb7a01d0843f11152d5cb5514

SHA512
05a3593978189e314ff574338d48b7550ba1e0bb94a786423d5f5917a7d766d52029f517d6933b8b90d63e09e00ddccf2fda9aaa8dc3c4e668c1ac904b7f4dab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
c4133b9ddb67f10d95125b50a8f1ddcc

SHA1
296bc330a72ae608be52ce28ab44d92c1a546e3c

SHA256
22682d3212c8e837eeac4e168ca9184fd3bf5afcd1c4d218523ab9170c32fc1f

SHA512
60b008f9d14c6f6e1de8f9674ffafb95500b728f88e9eabc345947505db727c12dbc38904079f6dfbb502964c565a104b377e69781cc08fce8824f80aded0da7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif.EnCiPhErEd

Filesize
586B

MD5
d98e7904dd0b4dab56f66f4d01c8dde5

SHA1
aefd9e3a59af0373aa841f76f9c89ab5bc475ce9

SHA256
a6a3b85d52b84a1357895e75455258c2dc0644c0b52e1fb11a0f7e6e25976e6f

SHA512
8020d7a1f4e0314b41c24e00cea153304b4cdb36141ef6e43e5c76f1eb38c383a9e2281ea62a585c29e17adc4e68e84024c711ea5127eaba5846c811a6baa782

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
4f3ac9506fa89246cd0b38a3e42eaa63

SHA1
84f67b85c17d8dd262e3be89bf8b5f183c373581

SHA256
d7ce9c3ecdc3e7b227553ff159a1d695c219f3838e52cdd0e48c02c97e71e8b3

SHA512
1a8e25ae31e85ccb9180ed92bf725128e0a74a8684361a750e7027daed5714054358f8112fc818090ce87ad91ab8aa7dae4a149ca0ba83a091d1e3c3aba2db8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
5720e14c31466316b71814716049144e

SHA1
033d6ef73b8742dc3c4ca96c00830e0685657d2f

SHA256
f4f89c555cdb4efa890e8b06f030d1fa4bf0fde5f34dc06608ac94e554a9fee4

SHA512
6ebbdce11d62a60de23532d79fca160a0623a8b29d6d03e2bb96db2721b95f71d4192a45e966699b0edd4e5d5915c637b2002a798f19de62fb871098520faa98

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
7c663a4d837312b113e783e0541c1d7a

SHA1
5613cea10b1247df0a251a90bf8163bfb7995f9c

SHA256
3cec27fc52a35a87ff0ec1e297f5f2a1ba8c17de0de85fc32e22af432da6b2ae

SHA512
6e48d4a796cc29fd27de9f877d78b5a0987cf1b7753fad205e7167f77fb7b71fd55495f88b04a2995361dd7459f4b7ea13e73b72cfa7fe16133195be5ed1dff9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dfc82f4d8343c8b1b9e3208dd14d88fc

SHA1
40309152425f0993e5fb6029945d3d24103213ae

SHA256
0b21ddcb469fed9970c31346dc1d8ae1086ef104481456389258c0a36a5179d7

SHA512
6c49dab0fc2fc807de309052a6327ff24eadd0ceba4857f436f7b5b80c90558d1193c00dc8f9d1ca221b71fa5164f7cd36c474eeb675ca05e396c2f0197cef64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b18b591bbd6c753b9b1840160939f261

SHA1
04e47457b11fcd2690d548a87e215a0c48ed81ce

SHA256
f12cf35ee827971a3375f9245187904eddd6081b1175f63934f1acd765fc856b

SHA512
3e5579e25ccfc87800fe0608856efa65246bb41c3478aca3bf5393d1ab5d9b61f8ca0d03f1f9aca7c954ae4779860a7cfcd2afd35119804d878a075ed5cd8e60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
141afd63a7efc70c24def1a5e60f68b5

SHA1
f65ab5adcd8950b4b1aecec57fb690071a37e372

SHA256
a971ece13c746978b975cea423900cde6ada61761c7723aa465238771ba8eb85

SHA512
4078a1e4ab25c7a755c8d9a0decf22af75ea2c8cca237edc912723e8d13396c9cbc8a336e37a92265c58f2c752aba03abdb3d6414bd731a1fd3e48f4203f661d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
dfea1a9d65c60c0208627227b689c06c

SHA1
47ac861ada985c6d197a5126d7769bb2df9af517

SHA256
ab9150545023a774cd4d6dcdc333df9e9e6b536e9cc5a44a55b29e46e8b53633

SHA512
c650f54ab1be21c20c478575cc921e6e2fcca863b9767ea4818caf23b33c1f52e80a8257c9ee81f215d475166227151a10039e9aba2946d90c7f12227de1c843

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e981a0db5161b5426792105910ab8b91

SHA1
1fb880aef60ec198b7a04b4c1a6544fed99119e2

SHA256
ace6ffd1a6ff070b30fa7564d742a08ee667fea276ff3a3cce8a623129fbadcf

SHA512
157b22c7fb39ef220772cd28e8fcd7072cb21e7bd8912140fcf9178ad84f8443ea7928d3316fd59239834fe751c5d3d1992fd1a6fd9bbab658c2ebf3a41225d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
2fdc923c32a8623594896d402d391223

SHA1
1f49e2332b1fbe8167bf4f736b1df9b1804ad89c

SHA256
2fd15de19eecdcfdcd8da7ebde8505b635f868dc9c544c4c8db040c7e14f6771

SHA512
e3707ab794942ff8d81e3cc7808cdcd6043595923b1663dee77364fa8bab8193d994ebe25cda510f1c6f6af1ca6fc8d6d7959076439d07ee83671df1e2babf6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
f277427707d05c161973fa90f29d3e41

SHA1
e1491d700a50051671c461a048587b932a574726

SHA256
6ce561f590a4fd8cb24082328c469e8ef5c286d303f4cb21d4e4ff9a239c2cc8

SHA512
a3469f1ca65c4f09cd36a486a88bb4cc9dabb1d20f656cf8e40b0ead989243960f89e68039e2454b682a5c8e843d9012f144952390514cdac7a9c10b5e96bac0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
9f89839c403289b9b9d0dd99e3985cd8

SHA1
98c1d4bf14069521974a8ad700b1c0aa77f008a7

SHA256
dcbf14a98456efd0594e0e67bd7e35091bcf7b4ffb3bd76dacd42d6fb6b4baea

SHA512
4a6c95b92a99b128a67d71e37cf30e357c794d639622391e6072f54ead9729e0e1af2f745ef9e079b803f21503829391c25c9baef0666ca8edcab08459c9d24a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
7b2e6ce3b87ffd5208d9c25ea432375d

SHA1
cbff8af7296ea66a899f0744b1500940ed6ddcc3

SHA256
9c56891317c7e4e30afc5ca183e9b6e9cc7f38c5985403d0c44d509314638fa5

SHA512
db0aec85d06bfac575e35e9bee76f156c5c6e0b14ab9e1b84c7dc35956494dac084cfff98c9387987c1a68d415380c30fc07444ffe56c41441f56473d29a9a3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
bbd3c30f0a6e188de2b70f3854bcffc6

SHA1
5deb4440d10fb971ac21dd8ed1e0d2d23bdbcdee

SHA256
e1522744206bb6889db49cb8ac967fcb1b6c454ef5814f6329ab2241ccd47795

SHA512
043f9686414239a406995a7f743149071a9d312f01ad0fe5c66f804d327a0c5976e66be20a9920ec46b6def6a92093f6f8f18b07158f6f3ad328c314020986a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
4b03785586e2aae93f5ffe782c123ec6

SHA1
b21ac4d40a6f9c3d90416c075538e6bab6c64262

SHA256
09db5554f82458a46e7705bf2335cabff406f0ab9bfc186f757a6acabce3bb13

SHA512
669224dbd2ed9494ee587b7de6fda41ea97bb4146e25448d13bb34ae4e9e4e0402d5e21e06c3fb4ee4fea22d9d840614c9965f2d55306b1ff29fe96d27791cbd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
2fa7889e8e381b8a3892b5c02bf80a48

SHA1
e89635f1abb06c19eb00632301401e5b189c368a

SHA256
851d700c1bf3e91d876ebce28df10f3115c3cda0ff27006cd364a0d2bb6614ab

SHA512
b5bbaa833e3f5daf582b7446eacfec3fd0ac18bb532a72d13da728c1d195ec8c81f70cb10624b9b95113c854148bac9cd8e8f1ec75e21bbc193ccc822def9fa5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
5cf8784ee477d27eefcf6aa3e1676b3b

SHA1
f6912d5cf3665184e5a93cf39ba32a36eeac3e05

SHA256
3fbe6db1ef2c2009e3625bc6b76c61b365daadb94ce97f79e9531cf9146fd880

SHA512
bd489530b319ffa8f38d23b751b6283864babe04aead3b769e5de028c7e882c219fe9ab71ee2bfae48109e010de7456691ee99518270805bb3c3f674cbdc4f7f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
90efafbf0f285f979fb624e5208c56a3

SHA1
25e52c43ef6558a9e77ebf7412a97d69eb8bb4cd

SHA256
d69d1485539f4d319c98e709b79caaa2387261686a703d9683726e970b42e55e

SHA512
d645f2c44b25a5ef5a47e1a4fcca76da06cc84ada8236cf3516629bc92f2f456896413c1ddbb0ac38b669cae515b49d1a29e24d766b649847adbe696e41d10cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
2477fd199dcc74717d31a33a948c3ef6

SHA1
fee3fac79078cb54dfebf1be1d89b135e19b93c3

SHA256
9f57646b8352e56f23c705d347d18c380b7affa2dae8ef17e9dbea90cdd00911

SHA512
032c902d09a72ccd640eb6295f6f95bba8830a557bab0e7f273c823a98dca33f3114ec4a280124f83f3175e24c476a7e1cd32d19c34d827e23a0e0a14cc87c12

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
ad7ea5c417c6b7c47e73dda17fe9b7c8

SHA1
23b487ac205bab297ae287d7f42740c42d48c160

SHA256
36429b581fa27de980d4063d5487ab8d9cba7b1edbb1cdd90f4bf100fa8ad790

SHA512
8157602331cd3c6ef5b4c58a70848c136cd1e4c5f4f517490094bd307a8bc40a2538832178307d0c4a547263a67b296bacf7e62790d9dbd00bbd4d5ea96aca7a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
1373946853d0c1253ee6a0f90f8a4949

SHA1
fbe692d0dbdc87043766280dc396ef668152edf1

SHA256
8b1160b7c6fe26f01f734cb2e8b63bc9f6882059b8d059c46405ade2286bd9f9

SHA512
ca9054748242cbd8b4daf083317377c227b2fe1d119c1ca4aca5408b9a7c9fa9851ac16e8761128cda139c12d9feeb41e5bc05341fc4866fca1238f54980ef23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
e5a60204880b45fc0242321af4a05fce

SHA1
c6369e3174254b77b4e6953de67db1c2aecd6a3f

SHA256
387ad7a483c7bbef43cce25f7ce43ec1e98409d2579ec2c5527e27900748270d

SHA512
1d6da90619f1e5467d95c44c95ce86df581582d09c6528ded2d68018309229a8f2280395f7e1c3663dbfc0dd4ddd2a9331be3eacbf2dd11182dc415430c7390d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
67fac971936dd91b942766df2a9cbac7

SHA1
fad97a1b94fe717e9262bf007d3dc8bb1d0e49a2

SHA256
b89c4d04ba03a23b2e847b5b7ac4cb3abf22b8ea0f720fde04a8b1cf29235c46

SHA512
c3db3ddae736b5fccc602f6990100be6cb17d383e0e923063536c117c79d81a0bad065d87cfb214c26d819f67e843e04c450a9115d158cb6190b760d045e1188

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
49ed0de229af059ca5ec29448543bb98

SHA1
a3769ee0a771d0456e4217b47097268e60897ec4

SHA256
0536737d3308481ba1097a28e30cb0a97d84e63f1a7178bdd644a1b528e336e9

SHA512
d6335112bf8a2c8276b40cde15b60f77c2209730b78cda21f1175a68628c702a174e2e1d9f3c2d4a942c4bf550e60d3d95991d95f2a757261e5046b4900ccd6c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
95945403aa7ce6c2226ec47df077be44

SHA1
0d8053e44aa1e87691023eddb92b7228cbd7e3a7

SHA256
962aace4ca19678847ae8ad4f9d66c8577d36b50fedbdf6255ea7fd8b509be49

SHA512
17434ceb4215c9d230ce0e6a6d3545f4e22b40a8c1151bdd9aedb4c64762b87d34856e98a480f6b62567b50eba0bdf31340a71558f6dc7b8467c29023e6570a1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
eb593c45cef279c37373769d8fdcb71a

SHA1
e24fdf144b44aa933e25fc3e29128b479081acc9

SHA256
e2a0a52b8e4dd9f975d94297b91444b84c004b748dbdde7db8dabb526810fc99

SHA512
144b81ef8911929ff0b7370dda2ba38cb8cb6bfc9d91a49f74059f663d66fd85b1d3f65ac25d1b489f56c81233313eeeb17d3e23b6ceaa92eac28dde460069d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
d6a4f2a20588ffce660bf262feed54a1

SHA1
b75ca6b6ddd6c469154a92c443edec40b9ddaa5f

SHA256
9dd5471078047af116046954cf9f82b037ba4e1b610df17e35d78f940db422f5

SHA512
97bd9b51e43ac90ab0df2b56dd46019531e92c026ada397a956b27c93d0ca4dd7e43453c8704e8d5e7df58ef08dc54f8ee3fefc4ffcdd0ab5b7c74388767a5ae

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
a51f63edb6ff637723c56adac45e6ced

SHA1
282ac7975ac1347d28ce3ccef910349c66d7212a

SHA256
0f8e72992d9d98a67be767d86a77aac6ad11408e931f527e8d515527460d30c9

SHA512
7556e667280c0f962708c99d960a2358ecc57fd9086727e6c910ad9c7dabbceadabeb6974a4fc5c4beda12a50f573e43075399ddbfd82ec53552d19715383e77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
1fa2cca339e56832f8d267e30150916b

SHA1
d91a59f5c068c025f689e18f0964f5212b365b98

SHA256
d424336f4d6d4280679b85e06fe2531da6a25d2c9bbe8988f8713762aba3e15c

SHA512
6f1690b224e1e1c14fb48c4342ce3e8c7a1490757002b58e54b2a8c3fc7ce803d528aff1fa92417af947493d05d561dfcb9c68b5ec9e10c935b6bb396e84f137

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
07bb24f3da000f3818657c6a4b12b4ed

SHA1
a4482af8ccdd3583c07b7bb813ee194abb46fe2c

SHA256
5f06235bea9d8ce0b416b763984e56df2d0b9b4bbd8bc000424c8c3a14a432e2

SHA512
8d477e93d7e622e8583000b3d4999eb96e8b3c862c39e62b7d872dde03ede1418b8e897ac809a1269b665fd905c062627a81492ffc5919a9a058e1ead14a3409

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b06349c62e8ace1cf412feb42b889fa6

SHA1
72d2ed82251e7dfc3305e66566578b3544a45da2

SHA256
ecf9b4c83811189f6183b18598b9b0decfb4a9fd87b8d7e3acc034d543045f85

SHA512
4b42489fbf98aa4d78946e769d84294c1f3cd71a866b9f985559f25b7549e487e0c572c99ac6e1a57a791c113311affdc7355374a40ec8cc11b80e6e35c9634a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cfa417d33c4384ce24129b96c8bb6d5d

SHA1
f50f80a67cbaf493cb37ea423bbe914fd50efdf0

SHA256
0858c7ef08d8246487e44242fed8376186131c2d5d3ab9ef7c1e560076378074

SHA512
88fa89820970316031f68abec5cb2053910ff0b7dc13bbe27ded1503577cd67bb02cf11559d2ca63a5c1e9165de928370cc32280e5ef9334821a3fc7dc37398a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
1073171dc9834b334b8d85a5fc2251f9

SHA1
c1eca37d577c567101af4186109e2151fffed796

SHA256
43d30e91bd841d8759ace3877bf048142966eab8e781d627d498a8f1c2925e3b

SHA512
92995dfbeee291121bc8427a90bbaa9e94f7adbf2ce23fff479d5ec5ee70cd1e6333bcbf019a86d87b532c1615367d1621d32ff70f27aaac48f253a56cd3f687

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
897cd4922d8ae24ae793c2a7be374c95

SHA1
96f3d34785afb76598b79421c4cee6980e4e9d01

SHA256
28c7701cee690d1024373e8ffb3953379cb9e5d35a5d24e5e991a06959f1ee54

SHA512
26888326c0ecfe517dfeb18b62ea83e3f404ddb3749cb7683b93e3d4d2f11b41865b16e8a7c7584c8e6a223bc410d4518916debe5078f8507210f2bf34332030

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
ec5bbc538a82195bce2b2f955359889e

SHA1
b7793f1a48c4976f5782047c58414d90c014403a

SHA256
52db2a32bbc55f397a1d4117765184de829b901ab08961fb8a82d3347b0ed921

SHA512
d680e5658edd455483be7a0fbbd390aa59c6cfd593e327e5f997079a951548eea9fc8aa24dffc27c0b1cff51bc8d33bb26dbea94c9e8eb2f3fef7768eab4e65c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
58db889de3593e735d44109dfd20efc2

SHA1
44325ba82a2b5e60ab3985083fa8cb5e1a5dcc06

SHA256
9c409b1f0948c561aaa9564245acce3a0a766614c105658f67d8fc6e1a78c01c

SHA512
89d60c250733d5b9db7358f4354d6895128cf85938b56889939f30850f9ed604aad4e45ed89693e26c5f86dda2b9f2fe54e2110969a9c6264976019e79dbcff2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
8c83789610a1fa5024e453a4b04437a2

SHA1
36452a7703aa52a568bd4bb3ea36022b6e4bd81e

SHA256
128c2900a6d7246fc8bf6d0dd3237e11214187c1e31ded7f24ab973f19b3d294

SHA512
accab8b29912ad119b096aa174bc58fdd17d1833e89e1e52c47933426ff2904efa2354597b3e40f178c7cfe6feaf69cf5bfc7fe8381ae7939c02e0c2e3766c13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
69e34b1dc3d30b172caa95a258ad5d77

SHA1
4d97966bdc0d4155a3250e8fe0541ca929c388a6

SHA256
f2c0882a8e24117029da3576d1760cbf4679624ce0557010ab4eccaf19586003

SHA512
8de299246d606f4879fa1d6c21a99c1115e9c9dc6743d2b23fcf60dea73630f536ff6177acebc82186f0b703bf233b5815f119ebfa75767945d804ba27a6086d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
21ee2c41d203c41eb021eb0337c0e304

SHA1
3a544ef432a9dfade757a31770807104228675c4

SHA256
ed730410d8561410399a40ff07543951a6bb4c43168adbc2154e2a7ee123507d

SHA512
4c3dfe9b83fe3c1e04d763508539cd2fbd058045c01251a6c57ad61b163f19ad3e52dfab4f12d5a4e798133e98874bce6bb81655df0a965e3842a60a10ae9383

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e1ed2f5edfc8076c3812f05f4be28e10

SHA1
cde742782b1c4a8411e67c0f284b36c66144b912

SHA256
de213d54fc15cdd4fffdc2cf1ddf076afb503334a95ebeb0be10869e8c1e74c0

SHA512
560eb5ce82f3042311f0b62e0dc1250d95b0e54f745e7df43e3b378f30abaf1834a4bcc23dc4a850dbcef8b1b52d4a610c3a039bb6249dc9c4cbaf488b0f77fd

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
7ee736aec2c0144b781351eff9445210

SHA1
66cca24de0d5857470fceaaf7482185d13d4f324

SHA256
6db13a71142c4f5c19848d241bff8640cd508fea511cdc4713122aa742b73035

SHA512
b3df69a13f7d009809ce6a42a1a775927cec4bec60885531567775dc641043cbff26cf2bd6bf03cbc43f03d0f6581ed3bcc8a04c89c94e49f55629c5d6adf213

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
58c8c250ae6f3e5a29df06cf8d78ab85

SHA1
e4a0ed9c494e9812c0f49f3269d3bb3d42d44aad

SHA256
889755c8bc9715a7c39bc05e0395576d3686a8b5392f8692dde1a4281aa61552

SHA512
1c56f71bbe7a013bec587c563d301789111e49e5c3fc4c2e0dafe59ec86fadd608ad6ce09ddf718b2e8ccc7b201e3f22e633a34f5029dbeba530c0bf7bab7a84

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
0c5d0b3ca5c0a1bfe8f66b33ce88f6bf

SHA1
eaf0a895124bc203a039ee2f2be2e0ad99fc9665

SHA256
c4f348d979b453a66630be92e2fa13df1c9a0c6f943d04ab550fd7db2e1fe2c1

SHA512
f31dd9ec691a5c90922993e7d3c6f673dfc486198b3abd1a5ef0e23233bd38b53c0ebd31f8c33613916408e4dfb8c2408c7dd7e52cfecacf13b0f063895323fc

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
dc3671168233f979b5741ce063bb13a6

SHA1
6a1635862e5bba1a8dc5749348c359c5be1e5609

SHA256
1389b11cb5e5357884705a4c823a9e7618ac7c70b443c128d5bcd1f85e2fa23c

SHA512
6380ce0b011ceefc96e9dc563a992d80d1065d85f856eb4e0b3471e667dbe595975f9979ede2ad758908411605619f778d1c950e869df388812d483c186839a1

Download Submit
memory/872-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-10866-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-7130-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-11251-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-11292-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-7124-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/872-11298-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download