fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Size

732KB
MD5

579f0a2740ffc2304c75ebebe47c29a7
SHA1

424d6b1ac5ca3f45e794ed04e13280b3f32b8319
SHA256

fc81a25f8fc4b2f0551babf0c85a88b839b3a13b10da7ae299be7122d0f14869
SHA512

38777997a1a9f656bd422151a5e04817c8423a0be26490891adc462e1f05163e9204a6cfbe847312355ba1323ed78aad657b41af86fb4077dfc98f5246add64b
SSDEEP

3072:SNLJAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:SN6VdRQ/vqkg1gEagdgH

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (539) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_c20a3bb7ac1cd207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_aa94d04ecf56de1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\npcfhhkpceehjmhh.bmp"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\gl-ES\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\Accessories\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\9.jpg	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\measure_poster.jpg	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11on12_31bf3856ad364e35_10.0.19041.84_none_f37ab7a77595e3b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-windowscodecext_31bf3856ad364e35_10.0.19041.546_none_718b136d1774c4d9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-netfxextensibility_31bf3856ad364e35_10.0.19041.1_none_3a34d3dfd103df0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..lient.6.2.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_43954f49cec8c8b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..mmability.resources_31bf3856ad364e35_10.0.19041.1_en-us_adc0aa0cce242a74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devices-enumeration_31bf3856ad364e35_10.0.19041.1_none_2e39c569d919cacd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_storufs.inf_31bf3856ad364e35_10.0.19041.1081_none_6b6cf075f4b4dd60\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmuidevices_31bf3856ad364e35_10.0.19041.153_none_5b8a700521679de7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ebd9ffd49454da2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.153_none_20cb28a4512c2591\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..p-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d5cc44f8ebf9a0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\PLA\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.19041.264_none_64b3f487e354744d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_multimedia-rrinstaller_31bf3856ad364e35_10.0.19041.746_none_fb3ba1752084c5cf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_10.0.19041.1_it-it_acc76f44b32b6093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.19041.264_none_adabe55a275dd515\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fba654f21bf2b38f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..oning-wmi.resources_31bf3856ad364e35_10.0.19041.1_de-de_12adccd57444cfca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..redential.resources_31bf3856ad364e35_10.0.19041.1_it-it_8fe8bcc79fbf2b24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_10.0.19041.964_none_c9134041dde28ac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..brokeredapi-desktop_31bf3856ad364e35_10.0.19041.964_none_a612f0b9f4217a31\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..o-multi-dimensional_31bf3856ad364e35_10.0.19041.264_none_06dd36143934319c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_62136920e50c8595\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7b3239cb49d4eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..interface.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_dc1c83fd5893b3c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.channels.resources_31bf3856ad364e35_4.0.15805.0_it-it_f077d5850b6ea9b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.Interop\v4.0_2.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\PhishSiteEdge.htm	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\OEMRegistration.html	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_110072d23cfc00d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ea63625f109f122\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.844_none_70ba370b2a07f375\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_10.0.19041.1_it-it_8d463f1f468dfb25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.ConsoleHost\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_es-es_1607355361748124\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e5c609eebc3f2f44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-metabase.resources_31bf3856ad364e35_10.0.19041.1_de-de_a0019f181037faac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_presentationcore_31bf3856ad364e35_4.0.15805.0_none_d98c964acb93f681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-registry-fromapp-api_31bf3856ad364e35_10.0.19041.1_none_419d0d8e64f90ec3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d35576836c56b8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..dle-agent.resources_31bf3856ad364e35_10.0.19041.1_es-es_b35a2fbfb467756a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_10.0.19041.1_en-us_633e5f07ae908714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0003042b_31bf3856ad364e35_10.0.19041.1_none_a69d5a7a01b16ac4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tool.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ad90a45f816729e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-energy-winrt_31bf3856ad364e35_10.0.19041.746_none_f6023431579920d9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorquitapplicationguard.html	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobelocalaccount-main.html	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_1c58f7b504cac670\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.19041.153_none_fd5fe49f3cc4a8ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.19041.1151_none_aa086da848b2c07b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-speechengine_31bf3856ad364e35_10.0.19041.746_none_d70c12552d124790\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..-csvlk-pack-license_31bf3856ad364e35_10.0.19041.1266_none_81cbda612167f745\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_prnms003.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f05b34c432c9d65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_storfwupdate.inf_31bf3856ad364e35_10.0.19041.1_none_f9ee98fddb5b4229\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..iguration.resources_31bf3856ad364e35_10.0.19041.1_it-it_15303b75a980938d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..zard-task.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_df54438386a88879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_efd60a3a7801a37c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_10.0.19041.1_none_9d4d2248e759b81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-msvcr120_clr_dll_31bf3856ad364e35_4.0.15805.0_none_4d3a0b377ac1d903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\14.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmcxpv6.inf_31bf3856ad364e35_10.0.19041.1_none_1750c19ae3317566\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..notificationmanager_31bf3856ad364e35_10.0.19041.746_none_afe69a9ffef04964\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_10.0.19041.207_en-us_034a758b1fbf3096\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.crypto	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\ = "CRYPTED!"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\DefaultIcon	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open\command	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.crypto\ = "WLBBZNKOEAWJDDA"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe,0"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WLBBZNKOEAWJDDA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\qAxMr02XPSFEbd2.exe"	579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\579f0a2740ffc2304c75ebebe47c29a7_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
60a5b6e7226aa2953639a10b40e09e90

SHA1
f3fa3e41200b5bf240ee881a2b5074f11052682e

SHA256
902e5f5b560306db445ac674b2e5ad710980a3f1bb3e2d4bf07106857fef102b

SHA512
ecc55ba959676087c3f789ea431b3b8b55ebf877540fcdcd78df0937ac1224cec0265f66fd8ba8a02cee79f4436c7249cd93422b837a35b7af7689403df1f281

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
443B

MD5
ab1a8fac5478e77d2c9351652cac7288

SHA1
a7843a4af990fc4b4dfb484549258eef60037e22

SHA256
e6e856e12d2b572b2353642380b78c3a8d9333615a42034f1ab0121c976ca242

SHA512
25dbd2952db75f31df0b61541dff7e2f1d27b2760ce478c9cd27b971cdd05c1d2bf3d69fc9b1390ed20c3741c0e73cf90ce22e3606a2428d7cc3d02ef5a4a3c3

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
bcdf3f15ad129ea9bd15620e45a1e7ef

SHA1
6634712da51e6dd98751f9f6fee280634e64d73c

SHA256
8fd2dbc100501c36273ff391aa32ca02fd008fd075b21d6242d0a32e58b1a3d9

SHA512
6c95f72c54b183ad8f2fc7cf5f3347c5658ea6f0a2b85ffc0ef59935f77be3a25dcf2ccac5b33938e2e6886a47cef004e7f40b4358b1199eb380fb8eb2156c41

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
fdcf4b3d007728938790cda448ce1c27

SHA1
cf217d2127aa70feee068e117234e24ae8fe6c95

SHA256
f3d0651bc497a688d1506003a1fceebd84dc1ea6bf14de2ca5853cf051da9110

SHA512
8ccb7b449f18ccbe96e484904a671c34faa33bf73f0e691feb423471424762701f54d679b2d2ca768172b85f460390fad91704f701fe2859330ad320a1997554

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
83c92362cb4c669599e28dc2a8840e8c

SHA1
9085382f66fbe5f43c884b7768878b15b40c1a59

SHA256
98e31b85f8076021e40d111d5b3c9e07df99673b1b0f0fe522c978b4f6abb7b0

SHA512
2035ca9f0c5a827d5a039c71118b89b998371ae1431e0ddd51469e0fe8b4ca96465988687bf9598f868f59284dc3ef3c49895022b2660933c7bd0fd98ccd8647

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
b655d0e10d5cac949a2440020c0399c9

SHA1
9e5c53e17408080d8a149ad5f3f0c11584648f95

SHA256
998ffc8dc045b56302d6532f8ea8d2c6ff0fe9d8907668dd60772c2d57dbf749

SHA512
a2ec64f8115172fe302314c7a2ae0bb5de96db020f47ea55a30fa6503a1787897fc20066d10bcbcdff1f4e173750fa6396154fdec9f93379210d5079e14f18b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
dd82ea2d0d2ed96db2157d9a198a617f

SHA1
916a6361854a389a0c3645f3b37c72df05227f65

SHA256
f96951d05031b596dc644df025c4c2606c03b3170a400881d57f5d5540f418b9

SHA512
5fe104da70af6a712569389c619b08e65906ff0e7d7bf41a01410818ba9d04629ae5fd46b44a587381e786d10260559e106573f0c1be890069cd62c3bdfcc74a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
1dcc4876a702cf4b33a5b660cc62af54

SHA1
8aa730247ff3754a2f439b5ae266b61e643df7c7

SHA256
d0f1889eac6396eb15bddbf5906311790ff13a53cc1a47e7635ac8ab6edc9488

SHA512
e0359dbcb65402eeb8417a7ab52fe830dafb6f9fb73c38605381955726796424ccdede97b503e2684a01790caae3c89d4fbfc85f54e3b8d709483845f4cfe8dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
19a8fc8e7dd377c21f570b68a371742c

SHA1
18cfe0b5dc7642f9d786b235102158545e51e96f

SHA256
48d9d628d0b99621d8bd77ab62ea7962d64d7a4187f6358e5502d758ac48951b

SHA512
1e271f4169dd8aadfdb220d659368926d5efa069b326e4e6f980f5a1b4631050fd0f810d6b5549714330bbbd52d703ad74acef0cb9386194c06371d4c440d774

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
eafd983fc5f2f15adf3fb5bea3801703

SHA1
ad09c003ccda50d94fee9f93454e187648faa7ea

SHA256
06557cda85fd5bcee0de5730545f5137cd5c2b958d4a3647e43264c34c10e5bf

SHA512
0b22624aa9f8c7eda6bf77c29be511bc505618938f0b3e1a0a9b930ad94bab2b33fbf2233287548a8351c300d19a3dcd685e699899bace719d87d7dd35883cd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
2627363b5d0369c38ce51b5e7d4d7c33

SHA1
e3419be0155922919397d1323b96c2f4db48380e

SHA256
bfe3912b264efc42211ea9bfc28cf276fb002ab0588c1423be8de43199df3d1d

SHA512
d0468b9ad4cfcfbff240e5c5a08107d90ff1b70462c32c26ab00af17467fa3823c886ab55a10d1629a8ad9033a0a4ff2681cc1463169089619d9f93fe12afc38

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
72f3516849e63d7938283e57df897fea

SHA1
2cbcb4498aaee5dbfa39ca41998075e49a06ad30

SHA256
8e193b6e12b4cb05a6dbe567969f1809c02fae753bf0eff077b44329df6cc22e

SHA512
cf809d985512856ae0fe4e07c87b1b2075f50aeeed3376aeb6c56dc3872ff5fa363d8f64eee0b03e06c95fc3dd555dbaca9396a28a129ad01c64b32787e8becd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d87d4e007175d3e32f43d84ad6901773

SHA1
35a98582f69045369b166ccc466f7256f265c7f9

SHA256
4e801780ff227edfcd8ac602a636d4abad0a6aa9d96ff38f91c000884728369c

SHA512
a9dd8707b71e2d84022ecdcde09eb46f46095223344a1bea007253357dc752b304fb0fcc80f604cdd12e42ee03d0d80d5854d4a8d8cb889e0bc9c2c00785b420

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
772727826447058c5d72cb7e126b95ed

SHA1
451baf31ad5eb27196c78dfc8d065f95b40e1b74

SHA256
f27d21dbf36116d4c01fa3be1033796c3c1ffbc24409db5dddba41f59a8b7802

SHA512
e8180a47775f9f74875ed4e32b5299107934cc0c90c90adbd66a86e3cfb622cebd446470b6f2584ad49863700b21a1ec63477845b2885242aa572e7dc2406225

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
5fc06c971107948994b7ddd396748692

SHA1
cc04156797997d6765a8e97fc35ecade1b7ed3c8

SHA256
bf49b4de5a08ce43fac4edd0c4a9b6e2ae86271e2f77ff7baac91cbde68e279f

SHA512
b2062fd347196310ea2be356e2f18f702be97fc64edaa63c2b5be17728799c337279976ca510a9e78f7f7a62b7e85c5fd651678b437ef8eb9e4c5f1cbd13c972

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
ed38ed9981ed786b957a354a87173138

SHA1
9765ac6c364de37672a795e8f454d1c0c743f666

SHA256
d585cfe02bf55ca3255cbe40289f64b25bc9538ac4ccdc114370d4a3d23a5d61

SHA512
7938029dfc163fffa4859a9956ff9c39aeedcf0fcf652d0c43072e3442236635edaf62838f5337360cb7abbbab3fd4c9c3488a1d78658a0a295d4530712fce72

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
e06c57271dd52cdbe4582bccc14881e0

SHA1
8ab73fe058823773e83e15056ceffce3612fe04e

SHA256
9d540dddcb15cd51ddb0d0a6df7e45e637c5157375e2af39c62eb0ef85c355ba

SHA512
733fa7f96b6991831209361f1bcfabfbf6e7ff2337e934ae3e55ebd9806e556b957afe43860a07dc34e9d8d2aa9cfd47f65775d6cdb1c4b86893c9fd3070cb46

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
947704b78b27808625b41ea10480487e

SHA1
e3e169822bafe682cb638b15c9ba4bfa87768260

SHA256
0d28dee6f9b42f04241a493507aacfa362c86f7857da8941ded15b7755406874

SHA512
877aef79d8d50166a6494331261110a0df050ad65cf344d3487dd814467e5ea09c253226e5243626aef952ae52f5e954fcf9430b43fa098278fce4357db92a53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
0d8a4e1e48beb597783ffc22b12ff6a5

SHA1
f568b74b6f5c28455ebfa80859f22b2c104e9161

SHA256
a73d972bbb74c1064eea1b7acf5f9aac5d6fecdcb379dfcb003f399cabc6c7d0

SHA512
7c290d271b00b235f5949dfc88e17f56e5e58ea96e6ce351f7f7500dee39bae0954ea0e974963c93cb59b584cf02cf2d4fc65a1671449e3ddebb844960adac2e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
1543f22c9059cd0cdd37f15adfa67056

SHA1
8eddf494226b3f148d04147e7199a996db6f7598

SHA256
64896e381f85e37dcbb82f6ddea93a21ad96944f15c6fdcd7b22866b0200c1bd

SHA512
e6d12cddcebbb0c494ee0de87acb0f55b8ccbd583b059f6efdd6a74d12c6ddb362523abf2449a66d16f63856525fff6c61d4b9ddd2d609a78a9b8d176eeddfe6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
3509e7c40dc24a44ddc2804698a8f44a

SHA1
7c3c9fac018522603a3842fb559446e1bd8c48e3

SHA256
96ee0bb6f9069363c1e6c9c10081c0c7044415e7d199d35798eddd76f4a56a15

SHA512
605d6d99bfc2317d21dd463ffcf35a71f1cbf42bddabf9d8770e8c7b5f41140c4b8cbb25ddd35f011522554492a4bb02ab6c0d557dd9af2ccc9518ac8b48a73a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
60ff3f956b23903a206f6d6011b841dc

SHA1
bc584b022be7fcc9127df7ea4028f07b250cecf0

SHA256
116d0912c981ac53f565dd1d5c14bdc315011dd38f6301f7c8402fa196768137

SHA512
a57f431463e8eb8e28650bf3439a2481aff3e66f6a6cdaff64fecd093c5acd4dee2738508e958e108d74f75b769a49a858491494f3b16b29a169321c19d6ae46

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
eab29e27c79cfeb853d8715f740de296

SHA1
c38faa446fd263c7603b59090535d5d00e271f6c

SHA256
6034a9ecbbd77e05563cc31afa6ad0626701b5f74e56f483133a870a8c09e0ea

SHA512
9c7ea6f30a3b6ca8cf4f978d35329e208a156c46f4b10a870d65d274bd287853bd8ed53569490f7c25312b9edf31b7496225c62efa9f3d305f8b99ddc56cdb83

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
30c4ee824f8f547b50bdc031b8db04db

SHA1
7954414ab7697db7430c81bf9ab89dc5b869b1dc

SHA256
aeed791efd56424f56cf5aae2a43e57a0288e0943d7ea633390e7369f0f3fe73

SHA512
ba867078130ca8e5611ee77aec0f790cff16801871a31c43ab2c05a16ccc58e090b3125a9a4b57d03b8a642f9f7222ade5f517a8d0e286a8651c07bd83038b5d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
b693e1168a0f06e357d1fdb851db4a89

SHA1
4650e144616b4582be9d68e195adda8ca6b18fab

SHA256
2609ba6a12e01edcffa0f43f992cfe8212054340605cd480117e262eb59852e1

SHA512
29784b077007d5a17b7dc8cad3c2f00a68fb328b9038cf7e14a9b4099568cc1680522c855c54572160418d055f07c8f7e9b825b4f75bae398ca634a679f5f8ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
9f391f6b4ef24df1c2af4da56e6c23d1

SHA1
5c4b8bba288f8b4ee4dc12d7234470c743e834b2

SHA256
20149227c1b288b60f74eef3b462d5d174b60a0c0e11e5f1fc7955d558aa2405

SHA512
3752d837132d26744f89ccee652f0064661c0b8297c46405cc4510acfc0864478ffaa616a5ebaa66644f66feaa269ea0e21f13241fb286790605192855f59055

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
e74d2772a833a24c000d2130b383de27

SHA1
b81358edf04b446433625165c63c7d0caf58f7f3

SHA256
4235f44f93c9a8027d3ec342f56bc297e56027b60591f9276f912d2d8ef6fbbc

SHA512
3f5a148c50ac7e0b57194c6ef6ba8b6fea92bc01225403d682509a448f8a9eb1f9cd02a0093efa113644a38689a4bf2a10cbf62fc0631477670768f3d724e9e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
0b59d8f53896cb640acebf78b4b5aa5b

SHA1
67ae5c08c9242cd1f74e09dd07d16516a3c74547

SHA256
417ae4155f7a2c5794f458a433d1347c68a73f307f9b2b682c92c84ae0b393da

SHA512
bb96909488dc11e92614359acd5af41ea73a1da4b20e01930a5c8fb712092a690e9259ece6f8dc4965a8930c18f18513b09677866200c68cad1f126ac91538e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
48b9daa52b02b6ba41a8a1e03a4b3054

SHA1
f7683a615411767e87ad21e3bb0e10e557caf9de

SHA256
8e3f6d1b750e0c6e4a02511e7edb0bf9feda15bc7ec228b3ea302842a58d445a

SHA512
5b32596a5b1d7c54642d4b5e73cac7ab6e95b422f6a9863730a994c6104a8ffecf6dfcbf4e83b45393791ca61a572e1e90667eb15eba3ef3a7b94a7479404d68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
49cfec4e85fa0fc99d718bf24fc4ecd2

SHA1
b1f2c87f4ce714f4571caa17e6321237d4d36c4c

SHA256
ed2b9b76153fa0b1a2888f56d70808f83314b920f1df83c5224ffb392d69d720

SHA512
8a92d0b98869d1d3d92ea5956237a008689f16bf992976b4634f8db919e20b5dc0e341b5898f0f4d1e9cbe21448df0c9d42ded81209b39eb94190826a556a349

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c87e618a1a15a104a149884f0c79d1bb

SHA1
025f41f9ec25e1e7d2bc3e6e3183d2de6cda0cfa

SHA256
07653b6b60c24032fb65bb7d606850386336acbba847a994914e54cc9706a66b

SHA512
7b0a23a1c1c9d0bb4659e2148bfcd758887835e5016049ead48c1db09fb814581128a087d75adefbec67e571c5dcd792b6941001c2dd06da828f1b8a25227476

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
24fcb74d86cf168cce3f5e9d6b596e7e

SHA1
272d70a808b2ac7507e68201ba7665467d480eab

SHA256
c150f74442b57b064a6fe637588f4dc6bb6508daff6a7e6a57ee7080041e4fc0

SHA512
9ddf73c6f2b9c819c9426a849ad6073bbe912fcbc30cd7fa0ee50a5a3af2dc62af0e138864101953054d8da30fb59890595f8b5f5a2ab219170a0f244fe2e35f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
73b45d2cc44bbc1a762be726f44659cb

SHA1
344dc4403011d2c74232b42ecebaf1c19231c159

SHA256
aba922bf2045166efdf3d0faf06f084252e43dea7dd6582d72f494f52ab7eb9b

SHA512
f9530a7b1cbbee5e6e7b6db7bf78dc7455729e973468313adea4ca26729eb534739a2398d888f8a595e42821f4b9d22831752f6d89c9194bd648408ed3b64fa1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
61b32824dd6ddf920921a2cf04abc14d

SHA1
4e8e6d15f095298de7bff7039d99c9cff33a2b3a

SHA256
e11c9dac0242e85492c1c8672b3824b0910fb1814d2d3ad91d713c65201bdd68

SHA512
a0fbe00a6122a5049f5307b6712aad0f014ce8631f7e7a8f37e9ac80165d0f6af67f57a1517e3d88685c0d2da8d9dc78e88be14ed22054292386f9e05cdd356a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
806e40a6ecc6ed7c4f9c1a38273b1c15

SHA1
8c655f9093f74cc505590eae8aa354a927939c29

SHA256
56475cf9c977efdfbe5ca9068f5bd45ed70e03491e2cb22ee6634a37abcc5a84

SHA512
cd812172b82934a8ab49d1bd2eb2a907d949c2f14f0cf29ae834fea23eea2ebd8601cb0a727b12f33d531bd48fa74cf0aff7b1bff06cebe02353864db85a8ac2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
46bb8fe95d4a35cd72b3f9757953d10b

SHA1
a01b8fa13a1cc0f23a13be0a2be4d05af90345ac

SHA256
b3bfd69aca6390bcbc03e266158fefd8951848bccda63703ec17a407e95a8100

SHA512
d351b5d4d0b9fa4f8c53ebdf696ab345ea2f870e32ef080423f6ae44424f658343598c63211b38519928ffae965c6e2d27f4e376167d92aed8417978c9d7ffd6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
d3d42a439fc1c2bb70e876047df2f6b2

SHA1
68f35611a5d1081920e1b89519406d643fed5a63

SHA256
4c7360ca78883afe42db62906a2135026e53aa2a5cd8bfda0ffa27690130258a

SHA512
b0ef17d39247a5aebb32d3ff824d1ee1aed10f0f6b1138e1e65ae68f1ab73cace7936c5a55a02ca18aa2a8b832a3dadd4daee63f8bae6ae3257c606fa2dc9d01

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
c3387798344a23d9b377c42a5d9d2c39

SHA1
7629ae2b4c3bfb3ccfc05ea57e16386f35c8558b

SHA256
93af6e8d7927355988454112a28658d6c00394f6cc9da19c11c5c2abb1df2247

SHA512
f1eb0e7d717c81e44afaf1fa3592a8d4925fadfaefd19d4f70979b5fe087bd9e3051b77404fc9387100e7867c00dcdfa28dff500b013add4243e17c69394db7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
275765d6ec9050f4e5350678a390d9bb

SHA1
f88b9c2fb0ba4cdf75d9f9b2ae8023671bfc895f

SHA256
1c4054ac13e8d7679347ff56c36f4ceb5e8990e0ac38c05597f92f85b9b67b16

SHA512
6265bc0ab5f29967a2f647a9004fd1f9d5aea60e5864b17f268de232464268a269e3588416e7c94376837265c132ec85c6d7820f74133b0e66e08d0b0e23fc18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
d4d12392ee1f8beccd70dc09f5eb9cc2

SHA1
caf4a4cab004b8eeb3b2962a638bd5697525f0e0

SHA256
dcaf3f9dc06e03dfabe096d45d24a229b7fabeacf9e0d2a8d097eff68b4b3a36

SHA512
328751f55d593795db1243400ce425ef65c877409ebd96d4b63571526c5e183748de566b20fef2fff04101affcf21198aadafb3831a27b3304d846b13b3b9f20

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
cfbb4cd39c8dfb59ade047a36cd414a3

SHA1
d04343835ab33df64e2e0619b68fa278a639da84

SHA256
621898792fd3cf441ab6944edfe335109471936b9d9e9ce871bcf9bffd0af0a1

SHA512
1fc3d6665756f2100f3fb6aff1fd367a5a8313fee75ae7fb0753783ade3b09f72527e1abbcd24420dd0136a2be16d25a0d76840ea27a944884167c459dab627e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
107695a89003d8b62557069420bc7d24

SHA1
411be7fd990e319218329e31153828f3d658253a

SHA256
bdabfeac614bfe0538d2d49a5c29279b4c86e3671fedf5ad2b63f2756d61a6c8

SHA512
60fdfe46c9c5cc1ceeb7e4cc37d01a23a6c9b47c8972936cd09b74986d3e8575d5c3674ee6d13fdf3ef78d6bdc7f7501dec5ca5162b0d05c33a903209bd9416e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.crypto

Filesize
11KB

MD5
27edc7bdc292525b0704eed6f6aabd5c

SHA1
2967bb793937bd6a5840651803c8b7e0b419b72c

SHA256
7a2da2f29e10662baa4903077133960ded11b0eea8eba52771561d72c6b59219

SHA512
27f607f6aef00d13b963687df24b32d5f708f2e35689ab32f8227ecb90efe3e8ed43c2f603d32e1d909cffee9175efd715bdf5680efacfb0055af95e45dac697

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a502562d308fa01c204a2e32f949b7f8

SHA1
e09cb31fef0ed67b1902228a9163805e0aec06b4

SHA256
f7d2209fbfaa7aa9b7038b5fb5f24a2c0ebfc9775aed6fe7acdf54419c0befde

SHA512
694e3714407c47ab045f376e770ffb14c231a5fb20c8176b8dfae264c1ced2b4ec62fb2f0ade3751d9ed42c1981110a551725ef7936710641feb90c93091cad3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
5df39251e798f7952baf496d75e25455

SHA1
f50e1847a5feb6016a08b074057400a0dd9fef98

SHA256
b49aa7839809f72144061f07c1767c89d34bc8abb10356d71cbed0966475c6b1

SHA512
07074457049f1abb71a6fbacc9d784035a1c23723b05ce49d4fc704cb12aaeed2504a772a64296e516919d1ee68ecb610e37e99fb3c5b2c3af68aa0d39a79705

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt.crypto

Filesize
77KB

MD5
f6bec72a30e0aed4111c3970ba4f9235

SHA1
fa7cbb777a89a4e00ac62fb8db6b39be3a4577f3

SHA256
3301f31c4d7374d9d294cedbfc4ed7efac13591d79d421b1446026c90f810958

SHA512
13ba7b784e1c85c0d1f653a2d8f7cc1c2927412374fdb54b149f65552b1fe77ed23fa91618ec41b6cd75b5f779775969bf666388d2314d211eaa34e63dad92d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656412354929.txt.crypto

Filesize
53KB

MD5
c872427f121001274209caf7b77f33bf

SHA1
4edc6e9cf2573b3ed8e02baeab987cb18bcba280

SHA256
3c2e26e792f5dedfc1811caf9794394aa28a6415ff4634d35fe9cf3f0a2089a1

SHA512
7e5d4f4147ef57e65ff81d663234a6a011d29877cfe6761a5af7dbc5a575c90a17e3ba08b492d00ffbc27324cb643c0a46f0931d8bf93754849fcdefe5a84c82

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

Filesize
63KB

MD5
9bfe8824549d8ea126f2a0b0d1dc1dbe

SHA1
c398e6b6299b078510c8a093bef8a93da5e2fd6b

SHA256
25d1ad17a9fa3a1604da871e969aecc900701c05f813b0b8357ebf9862766da9

SHA512
16c8c20af1ea7aa158d9da98e2df09a57227ad331cfa68742c2b728b748ed9b65a1ba4779e8fbb544c2ccb1b255001e07ab1bbf3f358ecfd4567140fce61d618

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

Filesize
74KB

MD5
973d595a20dc5ccdc9d029d7fde584e7

SHA1
f0b6868c03be46324783464f2fda90ec6d0d37fc

SHA256
92bd521ac9b0dfa8a58c20b4e795cd54715ecef7ed774e85f011e4d8ffd57955

SHA512
693510e3af52a9c8bd40427062aac99fa30c54dbc15ab5d132251a5d26b53caf897326def675ae029378737548c349156970c98a25f9ec66de24e6565c9aabbe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
422b1410796993a0761f3b0481d695a1

SHA1
3d693d2cd9a1c5252e0f711ed2f6c778c12e343e

SHA256
56056c06ef720ede6b2d32170d106c47a89df363311023355abe73a03c4ac70c

SHA512
97f61439522d406f84b6945398393145628540408f49276c713f1883df56498102a727305cf0d7c4d93c4372d9de5ea72236910d3d9a3c48b629d7751c2d3760

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
922e50651c24f3424e2e2bd773663180

SHA1
1ae11c8456026eb38b8f8bcf17cdee2f5d22c1e5

SHA256
80f7be09e6bb92995f232a1fe6cb917ffa5b8ab8f43761888511b7f80a3d81da

SHA512
c2ec52cad05705cab95b3305017ff028127e7f3e63828b6df63f1ab3ec9b7d402e21bbb44ddd7ef6584fcfb0c746fe6fb1b55c8817635e0b4d2ab7b871e87397

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
12c869d37530a531ca957bfa86cc1bf4

SHA1
4bec4091f1237320d66a0ef028a137ace96d90fe

SHA256
c66c900f25a1e8fa2f4d95d3eb40a1e77844d10856f708cc5d4b65434d7437ff

SHA512
4e61c33bc14539e09f98e6cec8a1d05ec6aca8e78c0f48917572352f8501a0ba316299788eb72c08e0c9d93cab291355cdc0bf2e12f769edeaae7f8539460114

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
72be38ccc391bda4c5288e5d6b6242cc

SHA1
49ccfb4921d4b7bf39ff80e7fc6f4af4cdef187f

SHA256
9b68a0dbdb29d47039f7498f20f7863f8623b7aa87b53b40304fed2dafd46801

SHA512
8a26dd418767f50af2c937a60c9f27b9dbb647d65e2ec90cd5292131c24609f38b277ff4ea23ce342f751bff3c19c52a1daadbe815e963fb51e1a9d7ac64b4d9

Download Submit