xorist | 45f63a47b0eb91b4884412f2f1f43958cd828da8150e24eead72304a27bba0d0

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Size

28KB
MD5

5372b5e73bc8bec52bc1abf0eb4913e0
SHA1

9a6fb679e2502ac036c09fa753267993bc1978ef
SHA256

45f63a47b0eb91b4884412f2f1f43958cd828da8150e24eead72304a27bba0d0
SHA512

77ec783ae3c1bf875ebd26db6b59b131ac1a734cd503f3c9401a89db67295af4a8cabe545ced80c7f9babb88d2af45cba5a0f8dd820a976e92614a310978082f
SSDEEP

384:z5prr1gkDCgSpJKtZne80rVIDOqVEM7ja7RPd/5+2L13cU5kc8T+pfBkB:zDrVDCjKtHhOqd7oPdB7R3FdS

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2224-5482-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-5487-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-9922-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-10883-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-11220-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-11221-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist
behavioral2/memory/2224-11226-0x0000000000400000-0x0000000000416000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdf56f.inf_amd64_1e78e192efc26192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@EnrollmentToastIcon.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_46dd0342577f43cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2224-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-5482-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-5487-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-9922-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-10883-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-11220-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-11221-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2224-11226-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-64_altform-unplated.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search-2x.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\9.jpg	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected]	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-200.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteWideTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_mobile_download_v1.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-20.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-100_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-200.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-250.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-black.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-400.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Defender\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleMedTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-100_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-200.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\WideTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireLargeTile.scale-100.jpg	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark2x.gif	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-96_altform-unplated.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-lightunplated.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNG	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-125.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-400.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-100_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnrphelperclass_31bf3856ad364e35_10.0.19041.746_none_cec77743c8946ec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rastapi_31bf3856ad364e35_10.0.19041.1110_none_83b055092f0a2303\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.19041.1202_none_7f995fddf54c000c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_de-de_8398f19094835129\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeeula-hololens.html	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_10.0.19041.1_it-it_5fe35f62b1288327\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\401-3.htm	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netvg63a.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_09e9eabea4a97b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\v4.0_10.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bthpan.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_a05b3c976a51b4da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ostic-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_5b8b70e2e95b5320\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..ement-wmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2e4de7b00c0301ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..iocorepolicymanager_31bf3856ad364e35_10.0.19041.1023_none_bd350486d08e6593\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systemmanagement_31bf3856ad364e35_10.0.19041.264_none_3f765fc92b46b35e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\INF\BITS\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..t-console.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_453d6512c14f10ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-assignedaccess-runtime_31bf3856ad364e35_10.0.19041.844_none_7a8f137b9592c870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..sport-adm.resources_31bf3856ad364e35_10.0.19041.1202_en-us_b38dd4472b830446\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_10.0.19041.746_none_e36b9ead22ada5bc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-microsoft.build.tasks_b03f5f7f11d50a3a_10.0.19041.1_none_e900f6abb55c476b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.264_none_87b4b95ab967b582\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\wide.UpdateRestore.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9423bc960dce1b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..man-pluginworker-v2_31bf3856ad364e35_10.0.19041.1_none_57bc70fec6634f63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmemulatednic_31bf3856ad364e35_10.0.19041.153_none_dbf89e5e032cdd19\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inetres-adm.resources_31bf3856ad364e35_11.0.19041.1266_en-us_281bc9f55c21f6b2\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msvpxenc_31bf3856ad364e35_10.0.19041.746_none_330591d9454b5ac5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\i_warning.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.19041.1_none_60b99066bd2f6d16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup.resources_31bf3856ad364e35_10.0.19041.1_it-it_2ef59f197ceaa938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanapi_31bf3856ad364e35_10.0.19041.746_none_81ff90487c3f8018\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.transactions.bridge.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_eb3e8c036c6a463b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualization.client.common_31bf3856ad364e35_10.0.19041.1_none_3804358f03cbc292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sethc.resources_31bf3856ad364e35_10.0.19041.1_it-it_9a2e9a79d13fd1d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-energy-winrt_31bf3856ad364e35_10.0.19041.746_none_ebad89df23385ede\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ame-frame.resources_31bf3856ad364e35_10.0.19041.1_es-es_e03ef28e08ebd36d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ba7694fdf5da4a79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmemulatednic_31bf3856ad364e35_10.0.19041.928_none_dc1e1ec4030ff131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.19041.264_none_dc8146375466099a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\EaseOfAccess.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb569e49a9e4cc22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-100.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ommunicationsupport_31bf3856ad364e35_10.0.19041.1023_none_8fc3cb26a8d2f9a1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_82c9736f4a6357e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wsynth3dvsp.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_509f05793f42762a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c0db5513b388c0e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-white.png	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_10.0.19041.1_de-de_e6f3be9cd0c939f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_umbus.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a3b9197370e8fbf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\DisableAboutFlag.htm	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-media-cap..ternal-broadcastdvr_31bf3856ad364e35_10.0.19041.264_none_95569df974df5dab\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-host-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_36ac776977dddf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.managemen..imcmdlets.resources_31bf3856ad364e35_10.0.19041.1_it-it_19b6438df535ae86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wmsdashboard.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_26b83d1536c5c1af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidir.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_45b8a294e3568029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defaultprinterprovider_31bf3856ad364e35_10.0.19041.1_none_e475eb12e125447f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershell.workflow_31bf3856ad364e35_10.0.19041.1_none_32d5c00a168b2bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml30.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa04999b1a8b896b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..brokerapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_1489683bd1b7999e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpf-presentationframework.classic_31bf3856ad364e35_10.0.19041.1_none_aa5a52bdc9233234\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LJLRJUBOTSADJMQ"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\ = "CRYPTED!"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open\command	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\DefaultIcon	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe,0"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LJLRJUBOTSADJMQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\urnL5qLL1q2l61r.exe"	5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5372b5e73bc8bec52bc1abf0eb4913e0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
bcd5c92a6b322338d893b6729a687978

SHA1
9173c140f724d984912eaa26c28a74d7fcff74a3

SHA256
ad7040e8925094ae5dabeac86a74abee2d137ad11ecd5f45d9054283c1758ad3

SHA512
635b263c4db254516a9cad0cf657d04b33f8f6249a586ad6aa01d5ef5ff59dcafeff3d1c431b885b150f769fdbfb93b3dfe323453403fc920ca486d6bdaeb9c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
71c1c3489e207b7e675cfe1b323734eb

SHA1
19201a371c2ef467b1fd1bbfd34af442e31c5b3f

SHA256
835a3639752b0a3f2c86e96e16d995d6c35089d637edd78d4be65f6cc6bf66f5

SHA512
cdb53883add3f27a6c2cd3ba4964b556df70e724d269a8aad8e2d47ef64a55fc9f8ebca6ae4c961a7819f024a412b40e8b1bd0a3c4e8beaf5f27dec5190b4949

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
ada9d198c65ebdb8d73f13f520f6676c

SHA1
d04bc8afc68eebfd56d1723a58cf55bea12aa165

SHA256
236ae495a6a42d15b2b0845ac10fbadb20726ba5af2bf7a231cce7b6e2ea0f1d

SHA512
9b281667a628613e72eaa5ef031cde6e2dc33de238a69fc3c8bd29b162d139490ea19fbcaf3eec0669d3ecc08ab2ecb13614225bf6a5a38a17c77d22f757c6e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
8b7df86f475faf0c81b4c7a6b4f5f56b

SHA1
a4b29554e2ee45cbc0c1d3624ac85a53c9b3c94f

SHA256
7b94cee9666da7b9d4954c68ca741682d3530699f53004dbebc5f5fc0d37475d

SHA512
121ef1ff407464d5de3e548e9d794fcfa5071e84e31d614c0417bb17c9f7d92163a0a7138da0cee4333ee3fdddb8d79cb142b3344e989a53c64f672b9f71db51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
f20c2781d85b067795aab19ec9c99c79

SHA1
7554c62740d6537b7867008dda16a80e349a46f4

SHA256
eebef8a57ff1659bbacf8fcf944f8f1b77e1a279f5de278920cbff3f30f426ff

SHA512
151b982d5af4943f36adaa15099ef92d870f07336e3e79bfb3669bf3bb3c6a4655a2eb5ec3854c75450b176ed77250bc0708215d7d327ef831d2d6c10fb43378

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
b6c67fe5cec51c01233f8f8e4c6d968e

SHA1
08c63a3d27738f938ecd38c532727892ae380a3d

SHA256
bac3b9c688a3594994118c7165081537a7804c8f70a42bd51f8dc05df6628639

SHA512
8b4c2afce8b592daeafb8ec0327e199a0217cd41139bcb9170928afdccbe1b95c4ae10abbaeb22161f9ae27c12916638044c1c31a965c66b859b98b984b0ca70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
816ddfd9428deecb9fe564964a6fb9a0

SHA1
223a650b2a27000709f18ba2469c518e07679ead

SHA256
6b6b2d9f34f84cf8064f98fd272d87301cc36da184375b3cd0204c5721b131c3

SHA512
525a2c090ad6ee5e930f72657cb3b8dc8e15d311e59833f9a0c6068cbd951d46be49520491e18a7fe8ce24cef1d591f65b12bf52618aa9915be78340090e473f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
bbc34628cd9d8627c20e5f2aa2f4e542

SHA1
d8c06f028b60dac41dc9f163dcb17ff60f809c73

SHA256
1d13db820ba5720170ae546d8653bb25adc4b93237f28e17a62265c6bbd3bc96

SHA512
4251ae123f4f29f5aa211bcf1affddc6f1e0c93db4670cf9ec54655993bb76dbba7389f738fc239fcc8ff65b7eb9cd21e0510ce1d80708bec34641d3c8e61408

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
776266c1bb3e7c7a73a145db55c81381

SHA1
6962444a3755f54b15a793886f26e3dbe62694a1

SHA256
b313988fb7f8598aa11778f51d83f1e0ea937b950ad97fa3bb5c71bd1ecf0851

SHA512
dcb97ad4435e36530238ae17c37c2f2df81124d109b7df34c4247d4d622669da3ebff1be0d9562d76ed6d9b5dc7bdc5912533477cc5e387642adbf67474e9c71

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
e7b7d6673c9304379b54eaff83536840

SHA1
921978588f56db39c8ea371ceea204e3d2013ae4

SHA256
4d331a1ef8e3509d2c026550a191179c7da9b047b470b0c4b9d8f800cb8af63b

SHA512
c1faba0449f32283a5b99e0b4abe6dc8245f35422c6e16ddc37dcee378fd284ffa632551c899b6533ec099cc5ff75f7e475558184e57ec6e61a82ae9e7d8ddef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e1fe16ba3bc766a24de578e2eb750da5

SHA1
cb732e6b5c33db23c176fbfdb83bfa8cd8102795

SHA256
372f84a37086238a0ba6ab231af7c2a8914fcf5e43c0e0bab2e7f7ebd988b907

SHA512
971da21d3b9a22462ec67f17c79d28f208e4a4383d099e9f2c1bdf26e2d1aef26616f21fda04788ca8c2436c804aaa97d05434da1771e04c45df38252767442d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
07a8a52dcf562f50b50bd02a1d972d1a

SHA1
6b6f82be6017eb246524ee1f4876567b97f11334

SHA256
7abd199d263f5003e903146418b202260d77688e1df7d1122946510ef0074140

SHA512
0575bbb907892fa4a830bfc4502a5344d57421371f7ce07b98e811047831215050ec204eee42b8955b1770cce0f0633c89ce58c7f093c837e6719b5a6b6e4c4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5121b4de20807714a770046801282d5f

SHA1
90cf54d585fb2887e755f0d76b47c8615d248555

SHA256
532d0cfeb1d4dad23d3341c5d749342bf89849ce5a1e185f4dcd2799eeace368

SHA512
1080ac1cc3ae56a65ef0d3a87ca17569a1dae0c4fb5164a8fe498a11b95856d878265ca5bc63c5e2978bce25326de49f819d12aba1f4390910ce5158573ec4bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
1e22bfa1ad350fd1ced997f9add052ec

SHA1
a94d7ca738a714f3dfb739c469cd4c081a12aa32

SHA256
6204ef14852ce38027d33694c7f42852145906681446cf97a776c2580f0495b1

SHA512
76010da83cf3dff46f9f3d5503e1f5660993cfc9b7b17242fe7c163a2bac07981e242ef3df7c3a0ae5b8b0ea2573a213a0d15c5502e350f542da5dffba87644d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
31dec9819a2da81424b8dfb323088104

SHA1
c86867705009bd85eb8e6133008315c23b69cbd3

SHA256
07021132c676a8ff9e3984665f907c53db9a77fb1dc9faa4221d71c06dbedfa5

SHA512
647584861f53762794ef9dcb320d10b59d74f36a19d14cec8694c483d19d0bce09bc3b41a5299b71eaa2c78b21b73321b6177dacd848e8384017d0b83abc5191

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
f6e8c73b90f6b48bc714d68854b71f86

SHA1
f48fbee54d151943b7b00c0f2e83aec4cf80819d

SHA256
bda7193f4bb4dcac6d217116b51bca32a39780dccebd1c374b7427c388ec3135

SHA512
64963180e3672d01913f38758cd0c98b15d6ab1a9dff368421a3ae8772bcc4455dbebe5fdfdf63d16a26e849c29018467d7625f773fc37021a5b6af6984bd913

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
459f2633b070b64adfc26597cb995f7b

SHA1
bb572e615f1759ab640e5115592c0fc6063c14ff

SHA256
c9bc55c84b07e7bd21d3a9ba9f4ce6be3f577256e4285cbb4a97868f7b72fc8c

SHA512
5a903752b7bea01d32183691984d366f4f56c534d0e82a3aa9b57308bfedbf5e617bd0e1d07d78756b4ce0a8772e9d00ac6153125dfe9ec0908ea1f0985f1b54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
f0b83b751d3e4158c4489d98f6e9a6db

SHA1
18db3b4b56394691bfac27bf9256471e091f877c

SHA256
5d8cd52d4f9b5f10b6b36f3f0132e9e15f0fa474cbe0925990a687a583ff1d5b

SHA512
ea1288c5570ac3249e44db71346901f439cdcd113697ee399d0a5f500a0dd005e40b0ad17466503299df71d907f8542b70206f76beb859e6ca7c7e867ad61d27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
c226e6c47133c3b4cd996c6f98a5f8b6

SHA1
82af2875a06ae4ced087b3006dd7d681ac893476

SHA256
3265f665643f0fa668497fa5fdde560872e3f4d8149b60ea8a2d33d940dbcb9c

SHA512
8e44cdd55412af921c337ca6f89105ceb696c0e400d941af3ed0318df8e6033efd590ca41684a01fff33b7a7a3dc69c2fb47593f0955ff9f88620d5d51a2f035

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
c74abffb61d00b2e4983e173618e96b2

SHA1
14d3c1ae48c35c32fa7cc72e97d0aa98a0b3fc75

SHA256
56beea08d9fd78542d12b5f8d227798bdf10db25a615ea80b19d74396d90ef9e

SHA512
f82837680dbedab8a7156970c58791928425bc98154715e58251678eedb990537191fb3c5c5bff538a01935d08c0450f81eededa7a8835927ab8b7de1e8e65da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
3956a52ffea3ad5d7dc6b9647f550e5b

SHA1
ceb0d675cab59af43c5d4d939dbe4a0b3aded8bb

SHA256
4f9ae94e5469333437906e441e4b7434d9d1ac8db88ed71339b7c94af6201b23

SHA512
9e0d3757e892e7cacfa1cbb797512950e0a6e38d792a5d40d3373be8a1e24dc3b8e2c8cfa898d04e310daf623a989099830b54eb55183b083368509322f0fdf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
20feb1b3828ede7d8d456cc116a856b1

SHA1
8c05f9bdad0217ccc8d9eabf3d6b126848bf5be3

SHA256
ca6ed34dc11536caa6dfba724a34a80539ca4dda8d57711c478424f8bb9dd15f

SHA512
22458079c394d55ab0a954d251ec3fc7167349c5dfe98e4a509992bbdbdc3e1703e845d2c68a8e5d57cd9d431a51e719d4cc0d6461733add23d6c70db362be97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
b062b8bfc0965b8ce7b810ecb8471084

SHA1
d7a430e41e0aa48e59f2b41cf2b7aaf44c0bebbc

SHA256
593ebfedfbc44e5a1475273e97c949172571aabcee0c09a11750b8d50ebb98a6

SHA512
3cd055e54a1de741aa6abf45ee8fd39be5c6fb9169a68fdd6a0c0448d6c1577cc00c38bb543b339d9f3ee30b8fe0814a1a678b8d78884598529cbe19b46d68da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
efb5d49084d6f48995b37462276987ad

SHA1
a04a94fe0355e2ae0e29eee66374ed9b5e8f4f7a

SHA256
478df7d32d67498d6869d33d2140d60154b219ee1ae14e26bb47542ad5eb4b15

SHA512
0e4ffd11792b3b1db7c5e11050b2b8653d3478605d1b23b49b5cbfb30a0c55f42545603a7f43d889adcb0f75d5f5dccfba78bad4eadf4ce7f711d3baf5525823

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
27278934ce252e7f2ba16ca6e077cc86

SHA1
ad2c903e135d5185c43cbaf413311b5ffcd33acc

SHA256
88e43106b2c2cfd4df19b1a200794fa93d44e9e47acecb400f5889eb78678ec3

SHA512
1c5fd506c3712bdc61bee68c737bc856a77871e49fdb20aed8d5a0901d1ad8882fe47f17fd2e79ddcf11ee7634cb01aab8d9cc262b2f08c403c2eb433e6cc0c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
3892f75bc1e3a8bd33c9873f953ff673

SHA1
fb3c3e08f8faa34f3a31f2a15027b24c3397ba45

SHA256
e82743445d469f8d81e5156f192178016892bba4e90dd67f87977a5ad0f03326

SHA512
0ef59c0d2d2a7bf99e0df5ffd2dea2596102249a9ed977ccd1973445a81ce788966696571335b6bdb535cb66be2d0095fc5567b2e8877de886777fdfac04b2f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e40cea4d6b162ed3b167476ee669761c

SHA1
f29a09362ff5bf44930b9330547b8ab7aac11f80

SHA256
9c2dd8746c028f261f220befcc53bbaa19d3f1f194c59cb5afdf0b6baf40f572

SHA512
abe78e95e789d99221756eed582d96c1d23105cbe730cc8d243118669da98447ff07f97fbdb8b6498c7dae2d0b10174324a4504cbab0e543aa1b3e1af724d48c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
9966f08495f189e78bf1971f36b28231

SHA1
512ff736ccff7079266e8c57c49dbf0054371acd

SHA256
493e9655dc7f0da01c5e8155fe9fb09ef595c007840140ab7a36c4d19b6b19ca

SHA512
b6f2fe780ad8045cb2ec40a7dea012e6cd06b519dd41ad24d95c593afa8c1c8907cd7ec6cca4cec54667376f28e2e07060652856baeb23c12e08eef8181d6bb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
df97cad781308622047986286f33919d

SHA1
41cfe88ec9ebaa126a79eafe32ee8051d6061f0b

SHA256
dcf77bd7c90fce5d3dafe35bf009e297da6507f497018e9c6c8938cedb4884d8

SHA512
1764fee42b58745218cb1362c86d1845d8a5b2348f8a5e0b3e53c1cdd8858a030fdf4fdb7073474349c2a7d907593604bde8ac750970aefaa935db390a4b236c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
a95677f18a0495c63106c92c2a0007ad

SHA1
b10f3c471a0203464aecbc05a08491bcd0156c7e

SHA256
e0c41bc911edd2d483ebd9d79fb4040d3460e1e67ff8a0dcf172bc22efdb7d5a

SHA512
85194999532b8b0e1089b44eb501f788212d00cbd8ee30969b66e347ce94f3339ae7f9f8a6f57dda1e301e2dbc6503c3564ca5302da61135e690bfad61720f45

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
26c37e6d15e70fb67862b1dbf6dea3eb

SHA1
dff16855624c8865c379bf3d0e1ad5ad7945e503

SHA256
51a0a54cf46bb7a7ba60c39e0bf80dcd077c3d49938bde6aeb16a204b9598832

SHA512
21df309be4f310ebf551f1e152bd727bd0832662de1ed3e16c0397e4369d4628d3e888bfaca63f85151418ae2873ced5c5d9688e72d9b4f613926198e1205699

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
1e20a1c7cfea0e75d27ea46e261a55ca

SHA1
379224d006c8ceb236696ddf4c29f9b8f00acbd5

SHA256
629f14d34ba66b459a47e96c5eb33f014079f3f13515d6737dfc8ba175bb3f37

SHA512
02bac9533441888ae70dca67dff8315db3aa3dd278484103aa867835d70cec430833d840edf433c35cc3c6e347ab1acfc34d9f35752438880761e350c629c807

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
098707f7a3385acdfedb4cd83e3bf673

SHA1
0c9a31656dd640096ae8cb4bd56e489ba343dadf

SHA256
8b18a701c69274cf2b7c1bcf6946b62899b93ca0eebeb9d7eaf1ca3d42a3a21e

SHA512
d41838a838f919d193c7bfec08838d5c20778b30033ec7778cdd301d5cd70be75d251f5e3e73a19e5207a5fdb75aa16a93b3d6bb613fcd768c04269a1a8bdc9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
d7058548f7f28649018e64193a266a24

SHA1
cba0d33d8b697daaf9a1204a2fb3d1b88745204b

SHA256
fffcafa56d957ac2efbf2290d7e5d3eb71599f5e49487b135dd3fd72c9697584

SHA512
337b23299f7317fbecf7edeb87cd51c2a3f53c2b983dbe17bffc4b6d068740a08912c3e49e47bff16b3a1497f14c22faf88efe16cc9803cf6a64eda80e3ba32b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
e30ed9bdea985a5d23a74d307854959d

SHA1
2ec9fedd5727bfdb43269261fa09db4db3fe71d1

SHA256
e5a3c0434c0e949f977a01638d357ed422468c7e7228c1f04e89f48a142d75b4

SHA512
0cc9ddd0deb8041478cb210fc467b3d27baa8aefd3cea0ebf721afa65a97de0aae5adbd7780356ebecf5b0baa797ef849ff4b9f8057036537974d5106b173678

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
48d36a3ecdc62cc3fd71551185897bea

SHA1
df432803342175d6740e4615fe41dc48761d7803

SHA256
23c6c35407ee093efe3e4939149115ffa45788e608ec8a0cce90fb64c0e1b188

SHA512
c5b701c891275fabee581ab1539348c9ec5c86f8709b591f274cb7114746b9eb8313f4c4835081d8ed02659ff5f501fe00d5860a7b404f049a2cc8060f2c38ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
9e0c8b0fefeb360afa24293ae2cb0133

SHA1
49ff82d704dc276cb85d7e8ba625f8af8d82a25c

SHA256
9303da61eb7e4b86b2660776d8adcd987b03d09aaccb5a1f2614da1306c1e421

SHA512
b622ef179326623a6d083c5e5faa48ccca0aaa5846aee2b6ed3e2b00bde37be1d089dd74bbcb57be809f74492688e2b4d3690730a14e10ab87700f2b5747fb3c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
a6c18e5ee176fb7b713082177ab1db60

SHA1
e140f2251fdab9e8db1045be1fe13005270ebde3

SHA256
171aca979265cffffc4dd6d79d1e83e405fc20b1c70736c55497c2df1e5bd8c5

SHA512
524b71daa6cf538c9d5b5cf71e956870c26b7555e1362461eea777e03c3b55ade12e619095b76bf1fa58af52444a506195367abb97dd951c66fedd4f16e2b61d

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
131b41e9dfc0888085a474545fb0842f

SHA1
1e676d17fd5f1c6a96ee4bf8a41a0bda88ed0dcd

SHA256
473f21d597c7c3f020e71bd9fd84b1a3b96cf2c04c7b014392e466982209f180

SHA512
9042ab69a8a20ef924d9f90fbc30f8d703b308bf1afd1c3335b6db41ed72190faf3b05f614766d2b959380def2f86ce671a4fc75036985fff03504d70812d5b4

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
f62c299db93b577ea85ca53564799077

SHA1
40116565cd5ca95d2ac7af267d0b2cf546551e03

SHA256
60b26b67985349b0a758a7553fdc04222770fa423b8a024835c8698813a3a055

SHA512
882a64aad5141f888fbd430377905bf8c217d4eb88d854308078e5b0b8a76a9d1ce94b8e81fc2ff4f07602a573739f071fb222e4c9b7149fc28a374ddf264d25

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
cb090aec74963c45300a03042660d6f7

SHA1
fd98cef5e71032ef1eac88e14d41b242c5e8e199

SHA256
63342b87257e4d69174664fb0c3d24b447cd5787cdf3cd93d6d2eff8f657d5e5

SHA512
09580f8b357451f1455193aa4aa6c726944fb76f4d7231d10941076499b6ce048d8af8f75407b3c8257b3f59cc99ef893d4e2c2cff1182e306d88f1a7e7320a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
50665db0e84f72bf0757909221259631

SHA1
685674251000d0eb1f9b9f54063ba228d5697264

SHA256
0d5900c2d9c4d3f464ec07a28ff91e37e191dd71904ec39ba9450827ba74728b

SHA512
1a81b201bb4e9c23c9d448db71397f0f7d3d9c2a5c4e29ec8f1f88aa590ebe465bc5647150e5e9e4d8bfcf24bece4dcd55615f5ab341898c10911df5f4f3798b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
6c63aaa9a69cb9b1712897198f265ba0

SHA1
0c5cf74db12819e11ef0a5076e375cd702084465

SHA256
1d705eb7926f979488fb038a61d50d4d42fa16dbaad7576142a0ba2fcb13de78

SHA512
d35a9973dc7b453046e1e3c05fa2a8598ca6f7173c540aaa5bf61efcb0e79f602c1f00e5c08df6ffcaaf7353c38f87aacbf5913f419e160f5dd58ca9f9bc932d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
07a74cd55fa5a893aa01043ca68ab469

SHA1
59238f3690b8856c4914ce4e9f67d0aff71a1a4e

SHA256
b676d9ea273643c59db6d6b3ea297fe6e14403e4c6ea93faa54cad1893751ada

SHA512
48aab248165cb799279cf91c01c18d1bc2ba727026f7929dd0f2429691b9c805ef2db5e165f3e7b39d14430ceb0a0fcc0416ef71ce35edf62a316b10dfe96a46

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
6f5c053868e894254c89c691770d5f9a

SHA1
b6603e3523471e911000b0bb8cadf6e9f641061f

SHA256
6989e828630f080387ed9d1d95dcd41728dc27c0153ad3f680ee7b10b3f8eafd

SHA512
2aa3d0bbec7f3042b7957c773a334db9f641ea9d72a856b348e4c431ad6f03d95749bebfda2746a815fd063f43d7b9b116f9430a646dd9f82aa4aa199e26d84e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
b3b791c33de9c7d207ff85eb32dffc62

SHA1
d0693ccf608afaddb36d39d815466ac810c70056

SHA256
2f54ce4369c1ddd1cc759f197ecc1c8a71785874aa670aa5bc30defcb10be66c

SHA512
7793c6918968baa3453a7b6a1b09972ff85878de049868b5e88266291db5a987ca62c88484e809a2a704d4d8c5e8e215b76b39e14a0f712a7a9664f976ca4f65

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
0256c239bf47db44c47133861ce0ecf7

SHA1
e77f2e61f7fdbda693b754b0200dae62d3c49d13

SHA256
04bcf6904216ec80e4190d217c57fa6ea4e72f02395341b29eb295ef18bb1a90

SHA512
eecff67939c40fdf8f8d5818560114cf8fe2b085e7af32218f2c12de79a284eb44e9dd7619eee99d25873071882c18a381fa85aee350a226c3894de1ecbf656a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
588b13ec0b9ce809fec79e3f3e352576

SHA1
66ee3f7f6e7f9177bf2788c4c5aa47c22d0956d8

SHA256
bacf97ea95020f5bea00331feddaebe982a4df573dc1b7c38bc296fa29bf400a

SHA512
9699186056f3337fd4ad2fb46aaf22c99d8bde22038c3be403e9f7e8726b1928a0efffc59a06ddc23b18d6ce1f681b9bbe8fa327eef2be48c0b002b4f4046202

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
a877d2eac394d66ce8860fa064101be3

SHA1
ba8a7965cea0ce10cff360a5d16045d5d66f2eb3

SHA256
079932627d8245951fce2b5d0df0376540da1082f94be1c295f9927150284cf5

SHA512
feb8ca581a58169a2aaee9d8a38d6d337ffb45bba8db471fad9fa501bc22b578a0cb81c1303aabf53ebda7f09998601ae36de7925690aa165137c8dcc52d1437

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
dd52ed8824995ba98778a9f4c2f239d5

SHA1
bae770f7b47863ef782cb4cc9c2eaba0d3404f91

SHA256
2ea3886b42ad0d0a80b16d237b112b5766228c750f70ee520a3aec4201888a3b

SHA512
a60194e29c73885a1d4d0be0e0cd9e889cf52ea9435e2717d0bb5bead6dbe7346c5c23164d3207291419e1029d99497b6f8c2aff2b0f53b6b9084a24dd158ef2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e601547ad831526bb0c1b47dfccc862d

SHA1
fefd04b83e70c24ed8ed6f5f79dfa00bae06c122

SHA256
5bed211aa82a89f1c0304088cf3d4b4a74e926352fc7e1bdbe8cc62d24150e7e

SHA512
9c832aeebf97387884712ba266152561318d2d84ca58575cd26047a8b460851aab741a1987a1d099518544db9cf66f85e9b4d933826f4113bb126bdf2c12d7f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
ca5ea5e891e9947942c6bbdc1ce01835

SHA1
fb74e2a03b2b970a812e70c8d50ab4b3178ce9d4

SHA256
528b6c238a16de26e12683e51e6557abc22ceb446976e3f81002e1af87e724a6

SHA512
531e1311c5cd13d56f674cab0c8b11b9da2e6d16ee1ca754d976171cb22ca32bf0ae67e9a1fce4677f92f9ab9f4ed24160424822edbd2369b4dfa74c80f8644d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
b0c637033bf838780e4cc4d8ba4becd6

SHA1
d95dfa06350f369fa649803dae9a75498745f8bd

SHA256
389353728a62fc7ffe8d6656f5bbd68ba50cb2bce723d7b1925f7ad0a76a3488

SHA512
7a6d43afd9dbee1e58960caa1d0a16649f9248f820b22ee2be05cb5922a41217190632dfcf91e241365f9c52a842ebd35e9816d96032ecf54dadbc9316df078e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
c18d83053e01e230556c9aa55e44ad69

SHA1
a36ffdf30872d7b685d64325aa34e9ad47a5f362

SHA256
7a92118cabdedea205af8d7bd64d720ea13f6bdf9c6db4a28ff53f267c8cee3f

SHA512
8c03e8291d03201b4a9da7c5242b286b887e183c7fd4e6352b7403f7d86bda1dfaf961cc204083c14b36b464d9863dacad993a3a7c709c3ef4897858872b281f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
6622c88a55a4df1ced63884f34fd06e8

SHA1
6b22d7f974a88f03b3ca1e511009cae0a41d6312

SHA256
99cefb4e24327a9992ea29ccfc53179fe0457cc8153418f24267609bef4cf109

SHA512
869f59b932e0f3fb4218131fbcbbefffacdb859346e8895510d191c85d4e5bd056effccd3cbcc7c94947d77596949aae2e778b33e56aa544b8aedfc6e1f65f71

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
bee6cc9d0822d1046636d24185da669d

SHA1
445b802c8a05bff06770ce3ce317d31b0409c51f

SHA256
bbb9ed93e4a58a9e823a3fedbb18e94be78a388b589e6ae36f0438532270bf63

SHA512
9b4b496680900da65f99e2513e49b718008de16e2fa5ecbd95bce17bdf799c1a2c6e157be04a7ef0c32105790d13041bc46837aa656ec49be7ea4decc32828d7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
96ebbe933db6e0ae07ba0b9d284baf5a

SHA1
33ab10f2f8f65287265b3a3cd7b4caf3b4fedd18

SHA256
4caf219855e8c29f70d375798154de31a7d74f81a88c830366b86dbefafa3cfc

SHA512
53593bf42042667eee93f05bae4aca2810cdf27649b97b8be19d493c58a707b8c4434ebef16bbb22de30c752ca63c69d644bb7dce7dd086307be5d121e5b523f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
c5b7e229e6e599029104cfe2b725e506

SHA1
b771f4c14f7829ad1dfbbadb065355e64884531e

SHA256
7685c261bf6c46ea3d442c47588ee0efc82d38d3ffaab4d1d5668c4d164e29b1

SHA512
b3bc298e449d059a02157d147a5c79357374e631d77349c1af72344d0ad959b9bb1051bf49dc4c98ff4e8b78d96ba80cfc1984e1fdcf44951ed5e3952811aff5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
6a7eb4122f88df0633bfd0aad78f4d23

SHA1
323ffd68402cecd932aeb5f6a5c85653d6fb918a

SHA256
ac024af31bd505ad862d289e31c763a7596f0c535a90251590f28e4ca30a4721

SHA512
6f27a32da15dadb559768c2da818acfeb63e98203674d8099f6c92d76afd73b606fa34bdfae9a8e54d7b4f075f1ec0b2ec0543fcf13a9afcddc29b2837bbea3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
81cd6533cb9caa0d85242f9d836afbef

SHA1
919fc25d86287fa38afed295220d51578ee4cd45

SHA256
7f31e79d652a36dc5549a43747dbc36cae641d45637a9fd724c16f083b2ab207

SHA512
0cec154b54869fb9943dd94546643c429ae4b1fe24382a543bc5c7c13986264f08eea262e463d196a34161793912bba3805a65c352be1cf99f7943d75c86e824

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
2c081183e6dfa4fafff7d9f442351465

SHA1
6c2195c6dfd5d4b56fdeaa1799edc229af04fd42

SHA256
946f58b32408b1a2bc779ee30de12fa73dd789a79a3c749b8698161453f5240c

SHA512
8c16d6a84bfb33f6953bc3427c980552792d29159186155c8555d13082df2d300ecf7833ed81aa87ef6ce3ed63c98d91537067bf57b37a17adf0424b6c96a866

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
18e24e84a918f8526640a0fa62e99516

SHA1
dae85eb9ef7e904c2e0186cbdc28262064fc06bd

SHA256
d39888ed2e0316991844e0f2e56d918195631d81d818d4954d5789ceb85bac50

SHA512
a3300ac9f8d09a5531fbafcbfcd2d244b22497a5b9a50ae2a265e4293dc69211e2eb73831dd21112a9a0ed7b1960d479ef0ef372f7bf9f44fd87ef2f157c2586

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
b0ea24668c409174e4a7a6725cc29622

SHA1
e696e25ba392b94f2e90764d726ed7250fe5a609

SHA256
96911a2fdeb2a828d6caebc5d8bb9a54774b18fd7bc7f4d325026923f930926f

SHA512
fb3104fdaeb2e2e1a961cb847dd364cbe7abb265dbcec19ae89c808c2c2d207e89f93ceed189e68c708a573d4af8e9b5c5d5f419ce595c43f913485652350bba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
c25b26338310d86d8e44b78dc4b8c236

SHA1
c9ea6d981a0a0a936fd9e90ac828d6a03c0c7d6b

SHA256
926e0aec5adfdc7c6b7a200d6039e5244fb6e8ed0490b380e690d80d69abfc50

SHA512
1559e09f5974035281a09629176bb029e0cd852999f7f9c2b97242fd1fb694c7da4af695883e5c711830c38c3aa993741a3195ce5d378c4dc8a3b4cd247a7350

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
e4f4ebab3f510172c80592155afe5f9d

SHA1
902a059cb45c77bea3361bd8ebd97799cdfe632a

SHA256
76491628219f6da5d5c650fdf4fcea0a0a861b8fc418ca676d30615ab049ef78

SHA512
6b488cbed12822e761edf9a81292b319369a0047861d7e3246a756d69734cd8fb4b1af6a117905401758d9fc18bc32aa4021a536f8f41d9143bc318f899ba1f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
b26859ad070beb6b9f7e640748e30bc0

SHA1
5e730082ede374cac8156a7549f64ba5e781da3b

SHA256
3e96e083c25f8f0dbc3632662fdf5ffe19f5f4aa3f42844360f63d478f46e958

SHA512
3dd2309dc2b0838edc1d9ae3dea12adf502ff9b11cc3a70d9d5461f14d9c74a73f2358352749a80da87e2ecef2c07a51d996f4ebd3cf48a18be5c03769ccb00d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
f78a8feba5c12a052b122a886ad948ed

SHA1
28feb95fad931c657ba0cbc3868fde07da328943

SHA256
586e858db71e0290729fd70d04e9f47b60a7930155ee4757138a5bb4fea41b98

SHA512
5cca048b08aea48666c6a007eafbf30302528b231dfd45d337d896ede6a961e4294b78c79ef099b74b9c9a34d66ff3938ba0faf3a7be79df050d2df6f6bd7aa8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8ec6e2d89e396aab812c3bda073bf91c

SHA1
8c2f1aac7306d979006ce95947319b72fa699d49

SHA256
cd3bec4e365f078895477e1c54b9b7d301548d7ae18d0a7cd3ec21489f60d7fc

SHA512
1a533c57206e9bb3c070d52898d2683622d28dfd9a3a9ad967ea86ae140df34a5342e89aae963c7bec54ed49707d171467256e3c7ab8afbaa9d394e82c33350c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
f534fd70a044c18803982001f929f9b6

SHA1
639d7923c100c6da5ca7c341f9734dabff718fa5

SHA256
7ff8d89ce3037a18a07484e048bce97132ddc4f6056d1152fda6a624bab43acf

SHA512
9c8efb234a4d9120c1d97005d034b7ed7704714d8aa03d430bf6a04449c44a3655a9a0a549842470d18b75e7992799eadf48b22a85eb36b514fa3eee4794c815

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c3774b4f93f52831f553f1f0c7c4a218

SHA1
db6afb71f112c7f48b8670c48b567ebfd556244b

SHA256
4ed2acd263bc23f83516a96176534734918d1462319a60bf5672806e635ddee7

SHA512
65e0357a680bb5ce38d9c82ec942b890dc197acf51108005fab4167c9ef0388fe2a70bf757f8b131a9821fc8eb5d4f7d43b4e042ea4b51b212f09fe761baf72f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
93c642afa5e712d9e61244c46f25969b

SHA1
c89e18ea977c175db3219d96a3b2043199644e45

SHA256
45e37b26f4376a29313175a5dadbc8d5aeb2646d53445da750ca48b6a8eb494a

SHA512
29e34b228ee9db201b78c84114242946886936c253a27b7259994410806956db2d5b4d7a9c98038b3ba97e4e9b45b147d8f9f60d31dd631877fe07d3449c836d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
de6d1c12218db3504153594047a89b92

SHA1
92d32e720093afbdb394942500e86bb460ef31c0

SHA256
833883b460f05888f866d5ca2df4c98f3fb5b49103b7902d8742284faf11f022

SHA512
f4dc99c56ae04a2d50ed0e0f76482aab704494e9c4d25295912578bda65859e3634cc854c7d220ebfc149e232af2c1808c28d4ce8c334245b39f5ce74e473c3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
c2528d39d472a257f20bafebbafd13e7

SHA1
9fff029491427bc7f0692808fbd3df226b6eb64e

SHA256
c9b096bb81c56f560a9a6bff986375df965ee5915265760a8f332f66d5d375a1

SHA512
c691c9fb026ad9e80cdc44cd97efe54496289a9edc25b543baa7e50877e275e599e1b11d1306bc92501deecc49215f564eb20c5dec07150a7c9beb951fcac5ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
0b0d6e5d42ba28a4c0b0a6bbef2dd988

SHA1
9d72f75df0d107b89370431e90771599391928d6

SHA256
176fc562224692357acab5d8809c4e82224d0ae4d7ea30bec7107dc9a774033d

SHA512
c161fe14cfcba75d1d52f10d4c2f9b8eabe3331a989e5cd9dd575363e083c6de7e42d77c9332c07029f2a4193ed722ffeddd94ef12771486a5e356a3a55d7848

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
c94e07c334c27e00c44769c7431a2895

SHA1
930cd8b6eaa0dd7d13533dc3a73bbf5486208b3e

SHA256
68a2b35a4d4482220cdb9666db58ca3b7b4a2d4d8c96f40baba0a5c26b013cd0

SHA512
64e3553bd3cce99a61b10c3e256e0349bee3d4e80aae6c8038b8f84445f2728fbb554833e217c8b4e58839acf364da0d0446a9514392a29bacb1e7f0f2f9fc36

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
25b9b3024d7fa86b2c116797d661d272

SHA1
1afc36fd33404c08774ff35d122086d7a0244f0c

SHA256
9769b17219597898cbe1e888d67cfccdd0bdb74c3ec4ae746a7411aff5c4bbf9

SHA512
57a0820a51a8b834d441455659a689b637dc6e8d93881c6ee539e8287004691711248fc360c6e2352f8ce5dff8557c095f6e96b3568ce7e63f0630082640f18b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
6e0a703637b7872974ed79e262e04304

SHA1
a9b10e2622619f5e4e413b9dad47534ad0495cba

SHA256
bdad04e101013187f52c2d98951b32347af1d0c991280b7a6549403b75417eee

SHA512
0c38c2c8ebc6b852b61c037a543b33516e94d5f0fb8eaf095541ae777952995b2a83a8150a2015884a15bec5afe6d9899125aeae8dd4fb6d0998118aedbfe949

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
725d0f97cdef1c6e8d858e277fff269b

SHA1
446a2774b943a014d7ecad050615c1af65017b1b

SHA256
20a29038f3ec7335ffadfc57cd7ff3ef533b109aeb97253b35c73b75a93100dc

SHA512
dd598cd604406e65257ddb1d0b27deabde18c296c7b6c55847c892fe655db350cddd1a6efd4caa4d6f624f9959088c7940ac1108cb3d41f59dcf0f3c3701fedb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
dc1a44069a930efd87fc1d33892422dc

SHA1
e0accfc497d188ef444f34599cd7486661a79a65

SHA256
f6f4e068de2ec88ce5a0352c01957d6c8538f63173ed8a88dc8be9476415fc5c

SHA512
ecbc656d3b0399853cc48e8ed055fb0b148fec8ba52930ab1494f71f092910f6109d7eab2c136a1c2701cf17fa1a882e74ee26c1857a7637fd82ea2573af663f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4ea11c83695775bb3034f626e9f3ea48

SHA1
2b2875d60d1019896815b24c776ee0a19ea0f9ae

SHA256
4fa377ca13f0365b349b4e5519a0cd1acd7234284fda5869d92d72fc0ecdd764

SHA512
a1ae7f9a11de277d42469bcaf56d48d9bba750e9aeddde71d3e3c6b0e252f5fe4e5d8812c410ce987071a59cf348588a96e9878f16677b5dd4d6934cad759b81

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
c409014915136cbd7d666f7890d25e9d

SHA1
104c8fe382a5ab9bc8abdf3e895f7111af92074e

SHA256
0fc3df76d792bd7e287e3720609b888187fdf29d00c53a0862a6a47b5c71d014

SHA512
79e99a5b2702c1efd11bce99be2ed263c6a042025fed68aa8c7ba24493765c77f0acf486d3bee4f958f5fd67685d851d6a7e97847ad4429770379ea177fd07db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
b62cb057394b47039a102d09f03eaced

SHA1
0f4560d0d456ec0f1b83e4d91f416786ccb406cd

SHA256
4139311622b00a71e35639e8a43b6d492773d874564e291cb99222275a6de35f

SHA512
59a034f7da32465cd7d1f363181d948f957869479c35b716c5ad2ef2d273ec8a74ecac537724fed1494ebeb3383af98b3ce9e775b02aac175fcd97f0c4903a6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

Filesize
77KB

MD5
c8a551098ea7dbd1901fe1f0944143e0

SHA1
725e26906d8decc813c431a97fc8185c9c0b4e03

SHA256
29fac8f0b35670089390162d56179595a09fc3ca594662f43df67e2981e28fed

SHA512
b65a3fb0150f00096fa6ff0986059cd68132a4dd90c5219b382d3a13d37b939a0c45d2bf3bec0224abf60ef8bef3b8b24c2998d357326564cb861e85ae590344

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

Filesize
47KB

MD5
2cd8c6bc48593b4ddb7cb8b34a0fd218

SHA1
1e87f17f45c91e551a289271f9758318bbe42161

SHA256
704a36eec408c0c30487ffbb5b59b58e108a7d9784d8864f6dc871fc8d3f75e5

SHA512
fbfdcc6d95348a5c79c33380959031d1ac992f310b7f104e7f8736bbf5b0bee6d56ca95ea1679797822ab280edde46dfcecb1940cb11e55507d62c295995c709

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

Filesize
63KB

MD5
09d1d38a3212f3dcab575ceab4b6122e

SHA1
f20655a5c8ed30f01650e1ed2d55f18293f49170

SHA256
0cc081bbf1024e373ec885c17a013ae992dbe943d4c3b4519f6108d37003b2fe

SHA512
61df5dbb2d338c22f6cfcbeb899c90adc1d6ffe74d568a2d5e3046f5e065fd284a1fc3f711bc479993cf218c6c96acf9af8e3f9ef7cc7392c1263a0dee3980d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

Filesize
74KB

MD5
a18c7904da3a88929e713881d4a56086

SHA1
a75409fced8fe08dd2c650f511115703a2147921

SHA256
fad6cbcfaa99d4ca9a908688dab14a70762b5a7fc09ed65dd77be18887f94a87

SHA512
c97d521a400e1b31325ff278c4d2bb5d575f7b7318dc85df13387abf796d50713b652b4c5ca78517f68c90880da96bae55af21d1957d77173ffa4759ae821eb0

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
3a69f46b9edc1934ec4bc0ec7fac773d

SHA1
a48690df448d36017ee9130247ae31dcd7629b48

SHA256
61b82a0b2685d2bdce059ce275f6007c30a526644408525eb54c7352a8dac9a6

SHA512
10cf2404ebe59d416966ec492d5df87bbbacc7a780df7c6a0987154513da97d27c952bae40eb405e598e1d7e716046bac6c94113931b29d2ac363a41059524db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
d51139a322addaab8d869dd8e27a2e16

SHA1
8fbb7e1204b78dc3f81c1fee66760402773a4860

SHA256
9ff525f5536240ec215dc51c6a7a27be9ad8a8ec43b6a665deb47890a5846d22

SHA512
f7ca2744659074d7d37a9fc55a9f1ce4845b4e23ceca6f1d21e4f21a4f90e6f44f3a915110990408c53afd7799c47470a3fce01d60429fd2bf68aec55900a4e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
29c629f6204194cca700ce6d6579892d

SHA1
6d6e33925750e639052a0d8f2d23aae30d714627

SHA256
a2eec0a3b7c9ff53d15c5c143408dc05603cad0527ff6efecebf432b6f36c606

SHA512
929239ef9fdc175db55c255b1ad1d2e5149c6239398f2b7fb4aa22e26a4017caa245e2f2fdab9e8524f10a4f033b98f01304d1fb469e390e57ee2b080dbd598e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
95d402f96e73023820e552f153c30bdc

SHA1
3b2a90f6fd7664c9de72f447c12f4bf0d8a72e91

SHA256
2f6373c9d5ccec2f1cdf737ffc8d62b03dfd27a0fabd34456d4cfb0e26141c4b

SHA512
6e006391320ff37eb1489d1e94ae91e94e0fa41e1ae979959693515df97d6007341f561ac4d244ccb7afb0c6cc886f778c6b7687729921fb54a14506265ca6ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
7d44d98851f5aa28be4598230805735b

SHA1
7561a12c4462178813496a2325ee443c0d0a7d9d

SHA256
791129171a1532efcd1232db7ca268d61843b6ca5025d091f470702ae7ee22b8

SHA512
dd62a1162eb7553f25244fee659a34e6d921e0af311b7ef6e271f42212f5eb6c16bb230714e77007194718059ab9034c6c4aa36058c135d294d3ea19a8afe86d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
cea23f256b0a6fa0a0653b137d893755

SHA1
577476c0c63e8cbf6a3c3cb3bab8427dcbe2bd6b

SHA256
0926146f32dbaaceaa7d8822ae7360a337c893edc17215e9e0015b8c774127bd

SHA512
f029f34011a0f6d781ee637d8c8bde23d84a84e7d28dd231a96893c7fc6046d2954e8c8f63c679b381bc610f76480b914207a0b4c0849348dbb6b93518ddba26

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
de539ab224e601f9bf904410c001c646

SHA1
a0d8f8f8240193cfaacdb2d7059778a493e43fe9

SHA256
cec4f450066ddcd39fba40f2ab84c28e49785b39ab92d7597c2a36878e3ada89

SHA512
23ab3f9811dae43a607296c6c93711200a69c9a7bfe5c51ea9e2dd8019f750306fb4f1b098d02fcec5d588179369c5d25be08637a497b86a965991ff5ad88ae3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
dc6f209a46be65a3ec46b8c8f7709f5d

SHA1
0e9e192db1cccd7385274ba1c8ac60f627d7f3f9

SHA256
1207875a2bc86d0062f90304413a58089fb36daab489a16f35a48fce2dc935fd

SHA512
f4754ab877a0c6ccbb14c95c43bbb6bd66541c180bcea34a304ae2354278249e7396838a46a9674919e3d64c8eb1a194b750ae3b393bbb82740d0304544eb7c2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4b063239adfca9845279fe4e04624c93

SHA1
de6993b9ee105a1ee5a7393be4584c657023e377

SHA256
40d0f80aa42a08699b9ea089c82a95217ff7857df5e34d3e2c22f8ab88497e74

SHA512
121db9f3726f1310b2632fca26198c9086962383a626f1ce321915fe2006c7574fefe85ae85353fbc0864b5f76908ada724b9476c021020f6a4f79b542e69367

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
2458cdb67a87b8b6a994272b0c93afc4

SHA1
997b63433455a7eaae248209fcc1953f7cab53cb

SHA256
0b61addfe094e1124364872919c838e1c6c24c08e362dafb96dde36414470157

SHA512
e209d2683d7b754b529f822a23b0bbcf9fc436389e1b318e53801a18f7c45d7f785a57dd4d898252c0210b4678ef5debd29062d643dbf00dd586f1d0cfd2d906

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
48a51978d0ee21a1bd4b5a0c73015b4b

SHA1
512d8a7c7f809dfcac44562785470d59f6cc10c2

SHA256
c50cf41ad37a14618f9f8a955a4737317ce43246e39b8fe57c99f908ab8c3abe

SHA512
a8eaa5138f74afec449288560d530b31a2931beab648a895064a0a73956cbe34102a4388a68278deaf5d2fbf43bf9e989d3bf6baf1af806d897b178dcf1a008c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
ab49ae6762c8bb1819d96f94355e8362

SHA1
8290e6032efa2bba7ddba310f37327f6f09c8b14

SHA256
7829493081dc9ca218b2828a6401ec2a044f127e3206840329b1f458cb9cca77

SHA512
9e17a88273719f7ae26a570f1bfc86434e1e52b2eb01b00b1e68530a978adaabd7b23da1c73a877b2be38989178780b2381f838ec00c5168b1fb975a37542b24

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
6adab358171a5ea8b40c9bfe58396e12

SHA1
c427966b320178b5ed7d4bcb2cc3be9826d3d496

SHA256
e368822565a728e24fab8dc4a31b0eba8d52be5c1802801e213c90230d5b9fda

SHA512
be63e963286244809db8567810d8d11eef80621f9acd496db2edecd1e22c8bb7e6d70eb28d69e73257be77e12bc545d8650405a3798c49495446564a193efa4f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cac61b2f355e28a4516dc1fd47e90f77

SHA1
b5255a94aea9bbb2dd04ebe50403fa6b11338f20

SHA256
2abcb677c302842882f9a01ebe4183e6fdff3baf153003beb04257563501249a

SHA512
312cf470482962654cd62d00a280ae3434f12f50cda61db3e896932fc39a0dbf9c39facbff5d0392bbebc22381e9b1f462caa5c3a3a40987abe879e670fc7cb9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8532f0ae12e165c3fe3f97a0a03f8b5d

SHA1
075acdb74f6ae01078b7958897a366f5891acbf2

SHA256
a52dc6cf4e7c4f386d16748272f29a7200d902ff3bdd5a3070c1562383cc2eda

SHA512
741ee801fa8a348d487e71c8f983d81c1a3e6191887ec3eb0270811b98b19b23d56242f948345047b3ba30d2697a97bcf9207b0ffe04d0e661427d0df6221132

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
668ff0c15e634308e74562f218d826d8

SHA1
6271f0d8f3d02c8088faccddaad983dde2c3d45a

SHA256
fbd3e9149db695d4a183f01c619dd06c2c5159747b815e7c0bb6e96b7c19c3eb

SHA512
ff22ab1840e278437a2874faa17b55faaadfb709c2a2bf3e15249b4c2b4e8019dd0b99d06959faccb196cc31ad7dfea4faf7f7bcff8efd01f83eb91e0d4026d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ce3550c9f5e3772de806c61f88690a90

SHA1
768901a58a741872790dc571d67e8f6812e3bd12

SHA256
b25503c7304cdd1dc48c1b8f9e79d05389ebeee7869db2bed414b5a7e6eadc92

SHA512
b66a7477c79b1a7796dad8802ae2d35a257002dd530ef2bc977fd5e4b923cb5079775d60303fb76a7ca5975acacf4c20703f8f428fda0f87c0da9f06955e47f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
c58f630ae963f9d65d06400c74c0d04b

SHA1
d12b8f4fbc1697073358650c5ddce58449f0725e

SHA256
78b8c39d02d6dd45731b3032590a92413621325b33799af8f9c29abd795722ba

SHA512
821acda990af2099d412509312290f0eb43d4783f315633874afd400c1baec9d1bbc466171742f1399be688174060c8934fbc731bd8b2c5d9cb657936ae20160

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
cdc652d4e6a6c2713bd9d6e57738bd42

SHA1
1acf110d68e84be75958fd514ab3ed6cf13c2160

SHA256
0e3a0efd87547ac39caa387fe08bb40b99ded4754be12414dd019397d4688ac5

SHA512
a6c6dd4e544f2d857f2ee8003050bb11f40c08e80c885777f84cacff6188d4f017cf399a317a613c8d9d18fc92216f1a7d9da7089a3534fdcb62e70e5784baa0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
c337e4a97109d0f204a0b7234ef3481b

SHA1
08efc256e06763c8a3e953afcd35f69271600ee0

SHA256
d70bff3033558096102899090c99e2b22af1ae2f8212886902d19eea8a7b5c6f

SHA512
8fdc3debad027fc2ae7498eb63746727c684caca4eff7a33b4c71fa0459ff7cd1a2b36ce39b1c9c7cc96e315847c44ea3456e1586d4093d2c704d0416b4c2a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
26f93b0c473eb0e2e3de40b3b3569f00

SHA1
a8077f399232c4ab5b6401da122bb3d869df8eac

SHA256
198de0c7f23f71466eab888536238e85f61fa4f0506f67c731d8a881f0e57a1e

SHA512
96506c519b63853cab96d54424005e01caf88544f3f3dd6b5371b589953ace26ea0908d7c396800d27cc192a286a7e081874ed0691158fdcf7b1e92022d5ed94

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
d38491bd7cc9c4b3ae6f3b464bbe7afc

SHA1
01ca6971eab67d6e732b62e24da347f93d886e6f

SHA256
3ed9d861a44844365916245655e158fa163b78f88f815ab5fa941a873b07df67

SHA512
aa2341afbe22113d0fdf64ef612c78475b77dc9e2a460f3968f2f3d1d06e03067e42d53b1f5e93d81e0817360af6c7dd8ee207696d328f1ba770d80a5573d6dd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
d09c7a9423715e6d98d531cf04064f49

SHA1
d7933a34c4a137fbe6b8e930bc937c0261b0d5aa

SHA256
ef5167937e16394e6fcc7b5701b8f07a64be2d0f599c59aa0d4c4f84f480dd57

SHA512
383072119e34a3307d87402a6a5b1acd13ff4d9bfcb3f40933e28b977c353cb02ce3f7068bc36dee9abf60b52d9f798aadb3034548114ae5cb95d29621ff329c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
2e26fffc8039f36c0569bcd31996510f

SHA1
b0df2bea75de05e8720109f95cc380e729b73c90

SHA256
720b5d7efc0484ea95c595a9b61f71323327a801e8e3a46cca8cc79fa4cbdd4d

SHA512
47a18de7fa64a9b901bc39a2d9015d1bd5b0b10fa1bd5387899fbdfcfcf3abd43da359979ac6c464bc1c6395957c8a01afdc2ff978b7e41f2f48092ddf0ac637

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
2076d8ce5a27a1b52cd67ac351db1d69

SHA1
dc35860083073d146dfc32cb8b6422e6b6d1b7d3

SHA256
bf8bc9f8d52d8520918ee33a244a7a73fd069c02386a8b59559b46836d3d3b31

SHA512
13a076e9ec720dd8ab5d57fd67ef8ced9e9fddb2796d1aeda890618fc18fc947ece15457b80c02803945e9ed091534ab401f3b0766af10c5d230c81b837afcf3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
a350e8d93b951abe77dccdb623c76fc9

SHA1
b3e590f1926f298227e413e8faeecbd4002fa3a4

SHA256
ed0d6e5ffeb4a365221b9c08c5ea08c9d1b8b34fa83a10214fd3ac962504b26e

SHA512
274aaa1b315b218bfbd04a233d478b26d3bec164fd1f508202fc360b6d960846dec6876f46dae477eab3194fc47d570519de71c4c763af16fc9e01baac75f584

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
9d98e14c98bc7696effc839b608a34c3

SHA1
9d41492daee66b9ef170934643316893d00c8fb8

SHA256
1ea27dafa2a5fbc4b6505f0fd0e8c0acaae9f24c3f7d4869e2f7ed48006b1d5b

SHA512
63f89974040344e816dc9cb08561b79ac5f45fe4ad7822bd10739baa512b6dc3af1070dcb5f144cd8d7d28dca09a9ca213609518adc906ce9903723dfd19f56c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
accf13846d26904b79adb053cad0ff2f

SHA1
b88e82cb068e710389d532d54944145f1591d268

SHA256
252a9eb26269f628f3696bd76b7994a5218c72f70b564eab0d6aa1ea9e13356d

SHA512
444da9b993f68b69db030e127a0133de8c5c388d3910d8619ac50f581516d9042661147321ea305df7138d133600681028d37a20cd654154c37a522d22689ef0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
84ad7554a8ac35932815252400f253be

SHA1
ddfc48e97ecdd558d086228812c4178f100a46fa

SHA256
6435a679b46bfd2e31a2474b45901e6ea497a8e86123068d2763cf73e11b3ba5

SHA512
a5d2f236f3bcca5b260eacae53f901802ee3e59d18a85eac46ee7b3f2721d3d7665f751374a22c7690c7b2e962afc205fead5299d1addcb62341a7091ac55de6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
d5eeb3ae636d2a7ab83d35f2865c1f20

SHA1
d53a777f067937f1ac80fc9fbb41b5b014c786ea

SHA256
0713d10aa0c6b184f0ad9063c23dcac54d96d611eabb5d415b2ec6ece5d537fc

SHA512
0f86db3757887152e033286071df6063af7f9f185926a088f96868b06483042a086533c6ec592f5a13ae712743a5c3b41aa8e5511b9191178b7e28f2b28e5526

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
8b8a5ce93e2772757bc31930c2b90b7d

SHA1
09fad120e27043c3158d56b912a5385ba1c7baf9

SHA256
175ef5d431fc4a7d43b2aa973fe67d1a517f473fcb2aeda299f45ecf4dbd5722

SHA512
0464d7532a011de436cd8526227a49264e17b0c370f82a8aa4878b8576b5f950db865c72c61b701b88fbb80a876eeef78ac513c79b77847cc2862190d54679c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
7c63889347e2fa1ec7c2bc047a308650

SHA1
7f7ff89604b292f47e83def3a6024060d5a3d5d5

SHA256
781f50466494e63d1ae48a314e86990ebd4212e869357ed76397828670ecb840

SHA512
7591c8277475755fb0e4e90db531ef61ca6d9e10c92f7da8c438dd35e7cac13c4e2b08a165dfd60200bf9538aaf5fbd5a0bd8845c62b49be3569d2bbeec4f935

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
64b9f54da8e14a458e1749e1b6a9e397

SHA1
3f462c100a8de8bff2e7ff048cb0215c414f1ec3

SHA256
c961b99632b4eb8a2ef8364a83af67ac83257086e74d5680d42e78fa753d2a32

SHA512
514fa361547aeb5d383d6c60c0f62545d5a70925184f7e9652f5be3588b5cb441af5023a77b65a18206be51bfa5124c6ce088cef038da7736b17ae488df43974

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
719910550501cdc18ef1f31f44de2ba4

SHA1
d3461134c9e7a0527d1a1c29ba8ea43b9d7f004a

SHA256
cbb5dfb851eee9883915b0e3343761c9afb533c0b5cd041e4f667aab67db25d8

SHA512
b8750d5ef0696218487dcb6d21ea4b7384c8b4ce598d891118955d74a76fccb3ac4b9cf62c049f0863d7b698a467aee87f61a8c628312e146335ef6a0498e385

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
ebd24780c3a1babb510058e41c3c14f7

SHA1
e002c8087255f8e21d0e44c4ea1a26b3af0e0720

SHA256
b4a77c5b78a1c304f9860303ac0e559cc7afed603d9388d26968bb81bf57c776

SHA512
3fbf10bdb3fe9182624388046703327ad291b969758de06234479576c264c68c06fd3249c8bd3771f8a552a83dec0920edd40ea60e1fad3394683a9dd172b5c3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
588740a198ee11f22de840b4ff2d9f6a

SHA1
b3c49582b2fa936c28a9263921d5d55a507667d3

SHA256
cede2b0a3b084373e32c1558a2333eac6341bcf398f153c2f23eec366ca47654

SHA512
f4ec893c6066dce13a436c69cfe873d7bfff1db5376c6c73d2d4777f8d97529b496d2d560cb98721a575713df134d35b9f35d7c7080f744e20080143a5725cf1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
51a00c93d439bf9109ff44bfea86ceb8

SHA1
72970b90ab6f48f9d5bce9cd872e02d3e7a5b636

SHA256
0d39b56e448b6209835023a8fde3e206ea576362fa05e19c4d6f12976c958aeb

SHA512
04f32456d6042f4dbde868323a519efd98bd9204aecedfa39d64c0c72b694779dbc60482398d7bd303dcc5594cf838a1c1c2890d1bf534dc5a2968999b879d73

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
0c7a90faab11e8a52ea62b9639ba6c51

SHA1
18d1340e5bc7250bb2b0ce4aa4ffda7187d20ddd

SHA256
16f456c47aa80f1ef3a19966f04aa8edfcfb2ea3195e565cdda93f6ba6e84b2c

SHA512
9cbf75589340a6562bf8d3c1ee54b5afce83cbebe9f7066dcf186aba0da93a58230303e1093c0f42f45e2a41990c5327ecb50c8b28deccfeed2c24f0074a7fcd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
d9edd21ddcc5454e903fc358771b9015

SHA1
f53d608aadba9eb65574c449436fa30b7de551bb

SHA256
b6f263d17d3efe305eb7396690ca9b4b377fabc5164d6afa858639cf75020fca

SHA512
da68fab5b4b3fce68b77ad989e247c740587609bec31cdcb23d3815e2fd2848be6a05a2d1528dc68e81d7b40ebb5f23b2b701a5becf4d197f0cc4377e378f6a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
23960e9a88837e9fae0bedcc099ada88

SHA1
f38de4fe26c85fd22c0f2e5604d2cd0dd0229316

SHA256
f9a2fbbf2d57122bd2ad01dbcf5c37198e0a919613bbb42bf51f8cda9aa3783f

SHA512
ad5aed3eb41530f4118e56e53d2e01a9e7ec15c5114b3017ebc60991fde7c2e305e0de099ce6052ff43439b385f1952d42eeda5cf0ba69aa042c0db52adfe7ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
b55419f6e2f102fe3cc935385af5ca40

SHA1
49c8adf07f2a05c6ee455182aed21b5983dea275

SHA256
7e18f20f27a1c4390aa8391fa372a18f7739e55648d3df45a3e6553b3274f063

SHA512
05a4e88ae3d1e4ad4b2f331bee9b9beea420cbaec454685fcbb13968010287213be5822326f83e4fdd1f609b1219a6362eaeb95e90f9d03087f48734db275696

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c39b738d1e07e5c2d8b30e77f8598f76

SHA1
cca9f7305c6fec2ef8eeba404cf6e268ab040312

SHA256
4e1095ba51146cf50dea42a2e07519461f48bc895458ab38fc2f651f82ab92de

SHA512
d1692e2d7452a35622b2ef32a6204a31db741eaabfa011aa3a949871733fe4d142888aa5c50767b0dcbe7af7a1ab0dd77a34eca0f0f82495188bae5ea0503e3d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
84eae7bd03f785ab76b08d88b0432be2

SHA1
c71dcbc9765416e370363f680aacae9361a0fec7

SHA256
f540a3c55fa1a263237fbd4d6926f47b388119dfc64e915e68d1f7f895fd5a88

SHA512
899cbbcf5da98cf5c755ff62e6fa4868a60ae90d70e8dbc07fdfbc43d888a3c1e0db25397a4b600427d6b55123042ce03d02aecdde77333762e41f3df5d3dd12

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
735d6a618b6c95faf5625b7c3059a4de

SHA1
579c101de68c8000f8d1a42de249e052823785f7

SHA256
e7b47c39fc5d5a1a879091ca53ce42de0d70f308b4db6bdce0f05c95f11db7d1

SHA512
694ab8298fb51c07134bc1446648d9862239472aaf43a6aa2e67c55509f2e4e02230acf2fbd0d9fc1140edc07ca6afe4269c0dd95cb2054a9bcd4dd81c7009c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
c9bf8c48598f9af8fd80c3b318d14b30

SHA1
7136dff4ae78b49cbd51a626ce9797e9b2208d90

SHA256
51c8c5ca41085116f36b9b7cb72ce190872eeaced41c78572bc4a54645269104

SHA512
258dbddcee2817d7ad080de617dacfab8025c25e7fbba523e3a2febeea422078d14e470b99b6201ebc2f2e17adea2ca4f17238e678673a516ca90f63d0c839d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
f466c17ee10b110b2f84700b0d26b462

SHA1
d5380471240a4172a1280b2d1e83eebb2fc9d634

SHA256
1090b488ace417af8bae95c84408092d5d75410cf519b647d807425f2a201144

SHA512
fa39406929849e10e5f8ecec23edeb7ffb9311bc799bfe9e69bf512a74c0e714c225eef7c28bae2dd96bfb18a0611a08ad4e2b9548937f01e6eba0da5a3130c3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
69fb3347d2296eac390c601fdc46e493

SHA1
696f47455aadea71c7e28e3392bd1da0139b7dd6

SHA256
3a58ddcd8f98508e1ca7f83bab69dc25da262bf6a00ef1e836121c860e687eb4

SHA512
53418e7477a6c0b3dabdce534ac6e6cfc457d3d0372bd5f95cb6bcec0b3000c0bfd622242ebd043ee33981a81090f28c7fb296a887e541968bc27458ad071522

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
12754c78e25cdf05950c664d823ec8cb

SHA1
51a0761a6d63582d1951bac617c3a6314ec4f66e

SHA256
27cff1d16178eb100c071133e70cac7c6b5fd86f3f7ed98f01e24a550c389bd0

SHA512
c3d26238800f4d0694e8deb4e178090a210e8cc4296f2f0d59de9377bc45948fa54975fba238782a34c5731beeac2940e26ce081bec5f7f579e6e5b2e9f9c462

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
2e6a0f1b05276d24b88500c677cc13a9

SHA1
3b6fad7f6127defb4d20dd821ec55ff316811b99

SHA256
90bb1cac4d52fd472ef69248a8648c8d05b07d814303694cad5b630e35a05b10

SHA512
fd5903a2dd6aa3faa25a78c62f935d1a6546732a56c7fa005845607c1a975c649779f092ac2e2303ef3270b91f63ee1bca025ed8ad3f572db280b54bdf6c54b2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
380d9c133b29649184a458de4435e17a

SHA1
99a2be88a03a38af1b7c1126246c5c4b56d5a455

SHA256
f3be106f2a9fcbf7a4b50ca12293f763c094d000d15c91418fdc5514077b00ee

SHA512
c7af4ce7c08a4c33c72a88d25ac5036619dd08e4d5c4c86cde6462e772c0706be043fc49c36bea6b16cedbd77b7985f3ce6dcfe1ba44bea302a395b81749372d

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
efa52e7f8ab13c03db01c47c5b2a48f6

SHA1
7b61ae130a0f0f2113948cd607a93874797225ab

SHA256
7c98eee03922996a004996c8b0785a5ff9c52de3e5544d51b8febfe362206479

SHA512
abb1f0919c75e86c40f60a7c07aa00383db12e573a1769d599ce684822a184abedb63ce0a77ceb343eca3eb7ae82d92abe0a7ef7fb4364d9a0ee92e07f5e7691

Download Submit
memory/2224-10883-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-9922-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-5482-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-5487-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-11220-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-11221-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2224-11226-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download