xorist | d0f0f1cb764de7a366baa6a5dd8fb330557728e95f8c31e8a90d749983f5983b

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Size

7KB
MD5

5b8a07d4d891c996d088a41a04bf9dd5
SHA1

8a812bc22eeb96c6252006480613b04793a62b36
SHA256

d0f0f1cb764de7a366baa6a5dd8fb330557728e95f8c31e8a90d749983f5983b
SHA512

596ec5a51e01b75e23580c0428fb756744829c51fc586d27be87036ac00f49e94a5c11d97f8bc57dfb2a150fba30e5dd8b795c552d8fb02bf686214dfb613e83
SSDEEP

96:W+KZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExNm/PuaVAnPmaMUA:2zdrr1FG1WDCgmjPZN3aVAPmaMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2316-6399-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-6396-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-10881-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-10998-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-11309-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-11314-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2316-11315-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2176) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_battery.inf_amd64_5637e58e54fb24bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DiagSvcs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbhub3.inf_amd64_6a68abcc31aaa333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_220e4fad6c84d016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_61370f3a47f08ebd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2316-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-6399-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-6396-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-10881-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-10998-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-11309-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-11314-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2316-11315-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-100.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-100.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\PREVIEW.GIF	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-200.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-150_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-200.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-24.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-100.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-36_altform-fullcolor.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-400.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\LargeTile.scale-200.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\NEWS.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\176.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_altform-lightunplated.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-100.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-150.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-100.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-80.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover_2x.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-400.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\video_offline_demo_page1.jpg	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-black.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right-pressed.gif	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\pages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-lightunplated.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\ado\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\DirectionalDot.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-30_altform-unplated.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\add-comment.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_bthlcpen.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3fae195f0d2a7a5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-programs-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9569d0946ed2bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-a..nmodel-datatransfer_31bf3856ad364e35_10.0.19041.746_none_fd8e61597ba0bc62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_448fa1ed64ad6da2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_c_diskdrive.inf_31bf3856ad364e35_10.0.19041.1_none_7ad3eed6f32adc9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.264_none_51891893184281d8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\PasswordExpiry.contrast-black_scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2318bbe1333623c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-16_altform-unplated.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fsencryption.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_12c48ebdb6b08f2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_a1d08746c3a1aeff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_98505b66325c52a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_it-it_cf06012d9b69f4fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1202_none_d081f9868ac0a804\PasswordExpiry.contrast-white_scale-125.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-pkeyconfig_31bf3856ad364e35_10.0.19041.1_none_01b0199f0b6a3e05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..laboration-rdpencom_31bf3856ad364e35_10.0.19041.746_none_6d582c4fb817442e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.264_none_66b7f4dd4df876d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_406.htm	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netrass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_31a5414b1d0d2b5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfplat_31bf3856ad364e35_10.0.19041.746_none_def88dcbe6a557e2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_10.0.19041.1_en-us_2ad75e70af5c9e59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-msmq_31bf3856ad364e35_10.0.19041.1_none_c0bdc2f4c7f21cef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.19041.153_none_3c9b504ec5293ad0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.contrast-white_scale-200.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_10.0.19041.1_en-us_d0e0e60f27a09d39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_c57ad39cb8e06a7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-applicationmodel-clipboardserver_31bf3856ad364e35_10.0.19041.746_none_76cd36fa759df814\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..eraccount.resources_31bf3856ad364e35_10.0.19041.1_it-it_8b8e1c83a112b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webapi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4537136f53ac5520\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..sion-netprovisionsp_31bf3856ad364e35_10.0.19041.1_none_6be92069294ef15c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\Speech_OneCore\Engines\TTS\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\sysglobl.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\HealthSystemToastIcon.contrast-white.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.746_none_6583af1faa5ed790\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_10.0.19041.1_es-es_6de4304bace8f6ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare310x310.scale-200_contrast-black.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_4d1d1b2cb8d5c76f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-idctrls_31bf3856ad364e35_10.0.19041.1_none_588bd3f08c85b7df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_net8185.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_55772083660102b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.configci.commands.resources_31bf3856ad364e35_10.0.19041.1_it-it_e0e7c3c51cd78f85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-defender-branding.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a56345119a63435d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.data.services_b77a5c561934e089_4.0.15805.0_none_adaa594b29c21098\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmaus.inf_31bf3856ad364e35_10.0.19041.1_none_6d8eb2ffdf413eac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client.Resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..t-onecore.resources_31bf3856ad364e35_10.0.19041.1_es-es_380823209dd475ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.19041.153_none_95ba73d08e5f739c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c5fea31d84bad935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ai-machinelearning_31bf3856ad364e35_10.0.19041.488_none_ec9104fbed19dcdf\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ertca-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c693a728b211bd66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-containers-library_31bf3856ad364e35_10.0.19041.153_none_1938164b9765a005\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..on-tokenbrokermodal_31bf3856ad364e35_10.0.19041.1_none_8ff1720e71b3cfce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ad41d78392a6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..omponents.resources_31bf3856ad364e35_10.0.19041.1_en-us_83a9042e558ea7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_10.0.19041.1_it-it_d28c7cd93bdb06c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.1_none_a9ed911ec30c76c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..i-pcshell.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b60ad588696bcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_wsatconfig.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_1139430ac7e3c409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoShutdowns.html	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_snapshot.png	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a72d2107dc73c0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\ = "CRYPTED!"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\DefaultIcon	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe,0"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gcM760HdBdXc8yt.exe"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open\command	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WSZJGEUNHBHRSUL\shell\open	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "WSZJGEUNHBHRSUL"	5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b8a07d4d891c996d088a41a04bf9dd5_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
9ad879df9b6e76c45bb473e433aa4c35

SHA1
fe98038636ceb4ce0cce358dcc06edc4d19415fb

SHA256
aede82461d953be7b12973f27505a3c0aa4ce6ee22816615e0186fff16fee290

SHA512
1148a0fe9d1188ea9f295099777e481e4628f71bf577dc54173d880ec215f944b23e9013c9c95d837aef55b33d8131db7961a69b63951010b32f58739ca95cbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
dd243d7f7d52a8d9f43db91f9dd720f5

SHA1
6ba0d228538ab0ca3db95354db5b2a6eaf969a51

SHA256
1c779941baf7e200777caeed748ad52b4fd5d30aa890037f1a60bf6807eb6d31

SHA512
01e3ab00e47a7ad8a3b61326063f513580fb5ca1b858e6d82b1564639034076dae2f492916bcf4e1b54ed7ec560073cbb390ea96eea3ce32c314af1243e999ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
b3597d76d5e5bc232d932410d945757c

SHA1
e4da7a5e629785f1ecb8c9e86a4c892ac82e0371

SHA256
9950195fd03731b476492010a2d31b094e05af9e5cd7336bf5a790f0221d8c3f

SHA512
957a8bf6ea36b79b489cb75ce694ffdbf56c9f6ecde30fbd00b87460d600a2598dee44be6ccfeb07523c3721adc769e8b3f7ef748aeeab8422b6d208ff07758d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\example_icons.png.EnCiPhErEd

Filesize
683B

MD5
92c81db6d49f31e3d3b7ad8a9c49da35

SHA1
2b683c2a57138857b5c8e20b4905f6d34e853658

SHA256
b067c66e6a4f60b89f221de724a4fece985b0ff6730a61c4bf11e02152170f98

SHA512
85e7d9004fb909bc89403188860ceaf9a34af901ca8f5e548206a7042aead9c770f1c362129cac8ad484e93945d938639e7688bd94f4c3904e74f377432375d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
5cfac31f66f53d39a05480455ffbe701

SHA1
926760bad18071a7a751d287b7c570dd3748beff

SHA256
935f4a3c8bfdde833d2126549f4f49d9afa8db40671438591d0df352d66d1a23

SHA512
41ba098ba19ae0db7350e36f52ea09f84a1c4968b609bbe9b9a620a0c8c06d0c58a082b8e7a1469d1421b4e6bee5027a17240078b27f684e39967bd164a05c33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
5ed5d637e19b4a379d51a7fedcbe679a

SHA1
59f7621902a793b0cc450c58a54a319f319ebdb6

SHA256
7203b3685412ee7cb48297ec59ff88689bfd98b807c390e8e4592bf8a34ca54b

SHA512
22fb8972fba16fac0542ffdedeb4c1fad918286f4f19b7f9b6e290856ca744e4ca6a96c6141a5712bade051e4748ca2a7069d50a06575d5bac295621f61b3019

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
3894bac0259f65953d5707cf5f832dd7

SHA1
e428abbeba0d2bcacecfc22652d68859a1868c38

SHA256
044fc1343747a34568c51fe757cdf77700a8e0cf02ae3d8c845d3f7b0c63bec2

SHA512
f1839c23154ccc1a3f7bd8ebc5f87728e8109394e7f7b811c864db66c7c8a02241a6d2e6f735280f519f4b65db96d9260da7e96ef177154abaeba440fcad0c6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
dff8112282bc6e7421fbd25b131b0672

SHA1
28bb7f822265e3c0fe0bdad7f14b784f74ebe9fd

SHA256
2dfad564d7382975a45d218f67d72521c844c290c90a12f764d2f437a37ff417

SHA512
f2f44b0dd7cd0a9e3ae04cd63586802e12ca7c29141cc1ae458e489c135e540414c5671c45f5eadf22ce23cb68f7e4ef34e3c302d0b3e83458334a8d6b8179e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9258f7cc368e7d849e3d4c8293cfeb03

SHA1
70901fe4b19abe1d63cf9564556d412630c71e2e

SHA256
ad903f02d99250f8b383ff77462a6db61deb3d2528012fdefd27ac5cfc5998c5

SHA512
8267d79a5ca775004267414cafe77b58b62f946d6418a47c633ad57d2745426bbc67a616ad1b2b8b7802899f359d92e9b67b43896114c498bfa59d06a42f0d8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ac85377c1ffd835c535da3a4f2cf72b7

SHA1
ae7e28d46bf9ab06bb5a753de90228238ded669f

SHA256
5905fb4d248667396682473ac0927e4121504032feb634f3865752366f03c27c

SHA512
7e5031b1c81cc9fa10b8d609bb1a7b0a105c9a302bf0a6e10b6acef46e433754283d0c24d7003a187803ca4f67d56e96d021de9e102e3199db3e537306321b97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
d8ecf41bce4db056388bf8bff2e5f6d1

SHA1
cba4c32dfc5f597409200b9680a87bfefa1670b6

SHA256
96c9181ffb102bb7f840b8be86e50c9b1bee97c855ec2553532d22d1a4479b6c

SHA512
976ea4b91113dce7bc08de9f0cc6f3510fd149e8eb7197449a7709ea73f55fea7c38add13c59e255ae88c5e37a46e00f622e18273010b8589c7e9f473bd98066

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
0420374205398436887fbe42677d20a4

SHA1
3b6e4ce3887e722138d86c456ee82a620778f5a9

SHA256
f885f3f825cd00db045c7e41f3c25a262717671b317e5303dd8cf59225c3e831

SHA512
b44606fc22c5549091b2e6c263e43257ccace54a483cd040e709766457813a5de743b73e38321de9078ebda3b39990888dfbd862d74d9bc8de2c49f1ea7cc338

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9f5fad3b359199961ee4179633d16092

SHA1
8dc63183cfaaef4e1396f52e6fd323fa4665030d

SHA256
5b4d6b459e60848e31e7e9e3102426adc122f0bff702083825f137a4cd6f36c7

SHA512
2f044065c0ec08f1d82c47cfd9d1eb7c12006aca35796f27631f2ff523c4f3b6507f4739b6a8c98b150cc550e4919fffad3edcb417c8a94377ca354b3073a558

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
dd5249d595a4d3ef51a5a2157089f414

SHA1
64fa60e6e04ea24fbdb524c5268e6f87ec155922

SHA256
410acfd2814c3af0280f8a52ce34390b783a9f516241490d262efc49b70bd52f

SHA512
5ad17ce05436fb8a4f1fd96e1bc0f52a7b059a0a82e2897a7f08e2b40a79971ffc62d2db9881ad6f50674ee4d8ae120f56e0633d7267af2f6d8a91fed2f520df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
54764a81890b28c0b504099f5679bf1d

SHA1
9a0987dfe4d8a7734853489cec25fa017f3922b9

SHA256
1cbfae9dfb18536ac84ed428c0af8c800135d5beed3a208a3e2a52bf464a441e

SHA512
98106a5373289c8a99d893735e161e75249d7e438cb95bb9d657aa73a4982bac36bd5941120c4bce7c22aa75ccf01476c866813b35a3629681e83b1fc0c03ed7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
59ef502c57b60f33b73cb887f1f0c518

SHA1
7a791f4e83c1304ffb070fa95f145a04dc70da2c

SHA256
dadfb3636366fa2dc3cf6cbe30d65b2c609e19b1dd5f4eb56d95b139842729ce

SHA512
6ea97f20274b30f5713ea005dad82b3f564ef5ab7e3ee54869d19654a9f4d91d0bf39a07107381c3aa8a1260c9d5cd5eb92742ab97e8e3a0c2813ef0bd03b28b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
337c91546a0494168f7568fc3d864fc7

SHA1
5ad88638f4ab7837a1c34895a2595a8778feeed2

SHA256
f9b26d50543c4a34ef9532824ed82a1b889a1cca123d23d5cea70f546b817ab0

SHA512
60dba2524966f9929574658f6007ea71c8b5d1da83a878a8ec772730afd5d4420f88944bf6978ec8108d32fd59a20e53b5c507b3a2aac9f548d15efd11b1c342

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
83010a1bbaf6990cb03ae8f8bd8140c7

SHA1
93d5554a99c94712fca5bcf387f1d960e4074ecf

SHA256
d72fe93085335f30d281cde82b77015741572d8761cc14c0d54ebc7bd4170fa9

SHA512
a94020acb0312207401ab22a5d668edef636c258970c37666d089caf63bfa777ba5952034b46f3711ea02d66c00c607f521f7135600b03d0331ce2913a4c22b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
868a7a6aef11ed532e5e24d602364ddd

SHA1
687c089da81ac4785cae22761b3a8fd03e1126cd

SHA256
2900efeb690cea09f0d671c896c920b249b7147adc3d39796b21423c7a48c6c2

SHA512
17647b2a5f760fb848bd369faf8cdf636a8978546744424ad8e10a2eb98a9652e190aad2a52ff36b5e052e70a57916d50a5ea26c517b652029cbe294372b3f0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
e091df04d859906383ddda2ca73bc628

SHA1
0f568c469497d4b20c6a0549507cce31a27915df

SHA256
0ee3d25211467a98028ef73a45d630ea344db18c6d3e3fc481a8ace1ec921408

SHA512
becdc8fe25d2fde68cbcdf3bd8ccabf1afdad20a5582bdb6b6de9c57bb84adfcc075f4d92b9d0dfb5c995f2dd54cc6221b5b60b19d0804fc2fe2d089ffab31bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
cab84c16108f1bb083780214d0efae28

SHA1
a2d4b54c1036661a50eec84f5097dd026fe72758

SHA256
c81f9f2230604768d9d83da6f031945dc4488ff22fe02dcbf851f6125120b892

SHA512
2da8789a911fc00a370f566af28bb53113143d482f671a64e218dde6ee3150d0db889d5f1efd319fb202d3c69026f7c44ad36cf4a9f734ddc3ed6b3600eaa540

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
765c8190398968f2dc2892f590631447

SHA1
0be7cc641c12a1d08262c7089dfdba8873cec771

SHA256
9af8b28474b76eaae7d4014a60819d6daf2c85439fdc4642646d1c9f0aba9736

SHA512
b02d6691bd92b2d65c4aab9285b9c32dda0c137770756da7b4f24e4963ebe73f4b98467bb33ce87fe377dd78ae300a22d627731fe956683358196425530eb08e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
558ae1276edab9f2e8edbd264259e088

SHA1
64306d0dbe3300570f344307398d3d403dad44ed

SHA256
80b7d530dd3c6ca83efc15cda43da6afdb7d6ebf43dfae4f518c3b3d3eb84e8d

SHA512
d8dc73f07a22c82492b2ddf58f400789cb01081b0f53b86adbd819d9b2e4b8a252efdb53a7a6ba38c236b4d4afc525b1bfec26d35a9f0b44d7bc1e709c210d4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
3f7beda54bf5ee97f00e2d1ec762b21d

SHA1
438dfc49564e415f59a499b56ad1835729873e05

SHA256
66fc35770020a664c641100e12c5d1735b116999be0ff063909bcd9bb41c75a7

SHA512
3b7e870fab52bfbecf7b46b6572ce307361d380cfcd28eae6e2a37d5da592a5a0be06fc7a908f9d2fd20a2b6033ddc744173e27977182275d191141424a76fa3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
4923a57e77e5004468b013e33ddb8b4c

SHA1
a8e7c72c0eef073300b255d97ddd545f8eb7626a

SHA256
4588c0c07e7b6da30bdfa7d12047142eb25c723198f270006788917055556bc7

SHA512
fc03e37704edfb22ef31807f44fd78a8a12310067b02ba869b16e9f33668c761f9a09995a66a2099c319888e7cb33bb08acebb13651f09bf518044231a9e11fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
dff01394e3d77b471bb7e2e4ea1e48b3

SHA1
3499ebc505e90c1bb0a9d4daac9c26efddb7d2c7

SHA256
df9f627051624340bf4da1cb085289526bb8149e71b0f7175cab29e06370725a

SHA512
3705a3039788cd7f4f026c5c023d90624216c8ced2eb1fda06e6b134737b80c491586a1427f54296885aad10aeaa48572c9ae22eac8ec346be363fb3d51d0d06

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
d749b638b3818a56be018a1139cd2b27

SHA1
02d7c3b0eac2d92a2922a58095af0a82aa598caa

SHA256
549a4f969d885600118d4dcf2c7a8eff926082d6ef2a32213f38cd54226cacf8

SHA512
3d7175f9724494e2d6f34a134b9de289b5e60724d827e9dac4ea7a599c863c517f6a333796c309a9d921ecca2e1fa7596ddc6303bfe79b3021e5438a0c5de7eb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
45f32c1cd540987819829e2fe5d343df

SHA1
c2b652e4a2d1caea57df42dacf1af403fef20c94

SHA256
4ca454a1125498f721393b99e5dbd6bf5e573e3fbf16ef3199b0fcf91686d095

SHA512
576a25da4d7b77399b5e5faeb39d57392ed328511d5f84145d5a324a2ee770b69df1d0b0462bef4c95607ffa2a8a2efdbf04976fc366c67b91c5f4c6ed6fc0e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
da58327b1060b5e17b5f2bc784f29b95

SHA1
d4ab5dbed6d85c5fbad3e19c32b4d32cd1f08ecc

SHA256
8b927999c27a26d2fbc33009cf87f1ee0ac7fb11351aa01a28243b93ee3d4f86

SHA512
17c50e24a1bd8c0352a128049ea092fbfd8631e905c4c1f271f192bb8ce5dc9df7aea5e987374894fa09cfdc141a6455c4742828f17c4202083e3aee470f3c7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
32e13140c2cc4c92d50f14336d75ccf9

SHA1
100df443a99cda28620af6b9291f297b7a9ae41a

SHA256
9f94a0ac7e0e24479ce98be0856dc3b92249786a7c4c4a476cf976ec1728718b

SHA512
88cd82691707fa9af4a8ee21b167755585e936b94941cd9f9bfc0b68235886664acb2b6821ca5cf8e184e97bc0535a387d1ce7f67f8da9ed9c14c085ac829526

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
53da44cb70ad9b9de2ca7a637944a7a9

SHA1
f077d57e5f301cfdbf4df6141acd427fbfe7a37f

SHA256
14390545f2e2cb984f35ab9e80d72e4d628bcab0b6b0026f77f94498a46b5d34

SHA512
b76426e9c3e0bf722d2d4057e8ad6465203848e2f748358fc0f43b3c92f15aec60e448673611bf70bc16f225fca0456629ff9b71ee7649cea091ec7409a8ab32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
eead51ec2cf18850781fcf6a4d4eb156

SHA1
b028fdfedbc94b510006f52feed4914fadc683d1

SHA256
528b477904bd595512870883e7cfb23b20f0c644ad221526ae5027ee1fd6cfef

SHA512
521836aa19ebc36a5bcd4165633eaa30ff118c8218bd851cb1c57f407ded407d3354e44443e2cac9b58d39d6f9046e65ff247cabde7c44996897a12c2e943877

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
90f99556e3838f0fb6b305d51aeb8c83

SHA1
75db594e57a3da9c81bdfb68fc944147c371806f

SHA256
7cb9a9d5efbb9955fc80526a33da43ceabfa4b5a0bbc45a23b8838ccd9c2d582

SHA512
8cd487446c34ea22f7f2ab330ed5f69e2e79335c28ff5af84e3d82fcd148fa5fcd070d51b41abf92deeec3bba83df102cca2359aedacfe9ee9fc3eeb80601b8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
da0f9a6549216e9df4628c17fca857a7

SHA1
c26d798cc85bb5c87e7f45c6642e7558ceeb6131

SHA256
b8b2ef2e70c5c492e6f8d62a4899edad6a61d2c474641e6c57515fcaf4e205d0

SHA512
ef2c77a41fbc19b71ce49f558f1ea2c3170aa86cb6b4d51dc6319a2d0f969fd01036d9ec9c05f5a41b4eb35363aa678659d87bdd7b4bb8789c4a7f22ee298176

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
25b71c226bebfe5e670175ec325245b3

SHA1
e02cb8cc3aba15c2d59d8ee20aaa6c26061f2cda

SHA256
e47dc3f1cb2b553c100d8f45ccbd74d010c6e2823bf5d201aeb5d959e555bcac

SHA512
7e560c6091a3b8a52caeac2a523fa6f64bad0cc44503448b66667d433555eb4fa1e4a385cc96781bca0dceb97d924a2a1cb06c9b7f4996926eccbc78fdcf9ac0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
126aa6180598efd70796f685a6d4dcaa

SHA1
2d0604708742f687f6c33232c7c4859b08e28d56

SHA256
4feea22c22db603c42159cf2546c96b3684f501df983fa4d368984ee4b51929e

SHA512
fc6225de89bdc481b5a843f1a58cf7e89714d433c49d3e69f214c365fc0d75bd8278f0a308ca1c9f1d15fb6174ca491b390c012efdba46141c77e9089d18ca94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
810f6170b52356b4bf69c5159d5d0173

SHA1
af9dd03fdce4a89bbc0d98a64123d6639c95a321

SHA256
292c7fc66de2e37db8b6b5160cbb3933f6a731a3a5bc483561c8404441613f71

SHA512
e23289fb03dc13c16501c77e97580c19f891a2c807a2b96573c79333699400987af15bd4bfc0259d7e7ed77698634d147152964aeb5204722372b71c694def4b

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
57ae317a807f6bc6b04996f0f9c308a6

SHA1
d7daefe33c9915bdcbe9b2175b95f3124046ad5b

SHA256
44b87289775bd99877c99df35453f355cc9cd3e8abc843e8956e1634466ef8f2

SHA512
dd17d59feaf159fbaac1410f400b8f1ad58c021a7578b97bbb842781618f0e34be8bc8659bc04715df2af3ab47ee309027e1a59cd3c9a9b24a7ebbfbc92c6681

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
81B

MD5
7bbeb31754592060d0da1861d183a124

SHA1
1dbd081953b57cf3bd57f3380af78296a784f993

SHA256
49473dfc4acaa08f8983929281d000da8e3845acb5bad54ef564318fa210e416

SHA512
d5838145d1acc89c71f58fc7864e59f821e5aafaaf204a472b658391e68c6ce2530bd178826d2d44f1cfa4286519796c8b958be30690cd5b918be2559a24c524

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
672fae322925ebc89f14cb55b101f4ed

SHA1
5952cb997770c17f94fc583904cacc86ddcf816b

SHA256
6c0b481258661bd30b761376125d8bab21eb5e93c6e66546afbac8f52f1a7e84

SHA512
f21e84674bf4c6f30a7110d9f48cb440d9787f491a98ace3d9a56396be9a86722dc2aae9e64b56b11b270d442ca2608313a0d1f8d4d2ce727123e081e27e3214

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
a4022aad851a748ec176e649d74ed554

SHA1
5fc68fa5e350eae41e18f7a1e85cd7098507ba8b

SHA256
f32fa4398054cc9fc1673ad47cbbf1a5d82594a875925336d4a18cdd5807f9db

SHA512
d829eafa8c20e78fd0f08ca74df16fc9c6b216c238643b10bb9f13cdfe7a4d8f2355632f26e7d12f6ed176e696001f053e4304b4ef179fd857c65a6e086e4930

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
c0f8583397bdf9972e246fbd27b99e0c

SHA1
3d4965d35f8e26d1a8e3c40a8e7547c4c700cda2

SHA256
d19da6b6084e9b4a777056d0127beb66309eaf60885403ea5e8e08e43645b3ca

SHA512
f7bd7e459313907affdf389b5fc06f83afa9b24359a430afdebe323abd5a01219ffd8c6f7494c11ec648e84bb80c56341c1680434b7d607254ea8cf8d7e98a4a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
f92e2fd200f687e1ccd7035bb303a613

SHA1
a86e0ccbaa63b99f873b88bec0b239e9287b9a50

SHA256
001c0d49ff6730d8174710e679a040a8b4422a1f8d3d67cacddadf37715bb1c8

SHA512
0ac123868b08d14235b07344e11569afbd138d443cf255995747db3c3c13d9c9bdac9d06a851a27e40a31acf5b1375fbbf46d4ebf924277ce2b6020fe6aba5bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
1da47fcf623459b7a4d984d40c6f53f8

SHA1
ba7bb606c769bae44d1bd77e6d105799c2d29d94

SHA256
0f893efae316ac893aeec6081c1f8e52ca28b8fa8b60f2acd9fe7e81c5057ac7

SHA512
948cd8ce3220a3d0957b2473c11642c9a8cf3dc800099f396d5c291e5db3509df1856cfd30c1a937f36c9de767cbdaf95d833914f909525e652e2f6fd5a87361

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
611965c3e759ac37a3e62df58497495b

SHA1
1b0bedb6046be236842225ed2f4f6e708fe8ec19

SHA256
9f74f20d18739df8ac06d0ba3f15a424963f3cece526700f8226f25b69eb90fc

SHA512
1497b0d760b21128ac8fdb17cd6fe1652385e4ea5d5a78fc2a630e1f6091085c7549315ac3eaa0a3076c2bc74659fccfd389017ddc295d32275af4a4c3e95d34

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
f7efa01283b99a149ac3e2de99b27cc8

SHA1
b57acb38b5a898b18ba270196f63af3c47e3f4d2

SHA256
a2add69f78167f1133bd7655310affae135e31923de435d6165172ab4889870a

SHA512
ed8e63a0f1843a818f362859e77417b0af13a64529936a5c6d1960f7469b0ba87b34fa19d17376cc275df0ad0c7cf9499d9b67799af83f17010fdee1639cf8f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7b6194bc0c0201991aff44fa420052ff

SHA1
ad77e1e85f4d4e1d2989ab96e5bd6c1877818bcb

SHA256
51736372811f84037f643a98b4c17afd2f3e44b62b0691d1cc6ea80c3c9ad1a2

SHA512
5dafa3efe375dbe588de878bd71a397190834c4c67ccab25ac5814b319255a7ec59143da6719907c60cfae93d9e30b44be1af6f1893d28d61494703ebd95128e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
f2f41720305bdd4d300f51ff4364135e

SHA1
09f528b20d9fc706c926aa58d7058c733d20f84d

SHA256
e558ee284b3849ba3650be9425d11bc00f16b849bf78dee2a9077cb046846f58

SHA512
308cec8279884ece3845e180261fb5135ae689dfde166237e300eb562a3b23da1f2fc77a3bdd403c29a1b320784fa144c8f99930dcb996147d162b324f6223ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
e8b0152a3c0bbbca009b07b921402f8d

SHA1
403d2115588b5d5b273534a887eda26e67d1425d

SHA256
e2f20ae7214a2541cefc7545f30fec47716eca04b34b2b7dd67f44cc946f54b1

SHA512
13e4dba1ad55a4c8ad2b6cf999d56a087d4cbd8343f1ad043ac4b847c54f6caeb805aad8a392e980dd6c2aa1b4f4ab1843a4c8a5a49fa19370505fe724bf2b23

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
daab73fa082265406c729581c1d028c9

SHA1
8bbd56b8f5b4331b8423fef37f0a37daa6661479

SHA256
dc77a2c9df26de072bc87e6e11b36e5d9ace9f7a4b28ca8b8f955c8d0bfc4710

SHA512
63bd343a054bc2c18164f754f2b47b642a492112bc0dbb595ab32d1249b4d0b00c7837c0f61ae0c9f5e54b039fb79c7cc916e156ed029795cbff3953cd24bcc4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
2f02d4020da45dbf08a72f2feb42e541

SHA1
994a9f3b7fb4c7ebd6a66e057a18f84a030cdb9e

SHA256
d59994444e180ae7191c8220d505781efab96815c1bf32a8c89c9e8e450b99ca

SHA512
56f64abf1e5f378b15f520c68026617470f64dbaef7dfa662aff76918b5c95bb09171b2723389d078da3f487636ddca566ce07775534d985ce95ec693b33582a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
81c6feeee2676a8d4b329f8e1298abcc

SHA1
b122f24e948937dee97ae0254778e332084f396b

SHA256
b8397a23302f573122f187d25e1d6fcde2e7d244f8169782845997d15be4e767

SHA512
0dd0bcb63365a5ee9986ff1309993e9cacc681269e3b3072d7a6b276fa4046022e9b1e0ee3e0b70a3df6b22ef4a370d585b56d7da9e1a4313a38583ab32ac7f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
ba2aee3450ac6553f4ee8db2c4e23aa6

SHA1
79cc5214795002c75bb8ce5d92132c0bef7c1316

SHA256
c02b6fccab5bfaf504ec7bb5e4bd220d2d188046a8ac1ce629b6afd5858f6ef8

SHA512
c533fd3015da80729f2bb6cd02b0de3dbb8aef72f50e773250940c5d06c8134ce6315ea95df5d12d428ac5c305ad895a8f313f8ac5df93709013eb8e25cc6904

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
be165b66e26b8378cc7d8cac506d9d06

SHA1
fc220138dbf53b9db0126b08040f92b89310c2ee

SHA256
6d65aeb6168b19fc2924ff8d6e543cd54bd621978835bcd702a8c7a539a577c1

SHA512
83adc8a9b4c4f5f2edf4d4fba950e40a5ef2b8cec89b13576663a491c0430bfcba13dd7288a266e611c2d7e59812140b87ece83bc406e87d30b028f3ee55f7e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.EnCiPhErEd

Filesize
10KB

MD5
6c2dfd42bce8a88923f5c3b84ae9f8db

SHA1
461da6b47d756758efda9fc0f354c845d1878e2f

SHA256
b6284b8cf9ef111522dc4f456a7ce4e20733dee52aaa9bf6c04095905f0fedea

SHA512
b3800bdf4e0130e49ad2f93590cb0cbb41a18c3fbbb9e0f04cb9f87ba500ff86f8e39121de315bd32b36e2cfb7bfed5ff71be4c99944c0e8818518bef38b5c59

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
62ae0b8a4aa1355ecd6c6119ed04c919

SHA1
9a820ff44433540aef9a8d5daca95f8fce957faf

SHA256
555b3a7b3c7c62d1ea747763822cd204959d1b78a90251777584e3d36c3e97cb

SHA512
2fa9c7f154e7e5e412783b2dab2c60eb463f8e0e668be2d3bf47d92db9d53619e8547596527c7f2c7e9f15e1f8f7410ce302987af98a0cb4e315f21260975b75

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
29a8e78fc4aa89e8c9ecf575e08e2163

SHA1
51f89317913d2c12e4b681a8575de98001823608

SHA256
5008eb9904020ea498b64af15896c4178575f005041f88eaca6dbdafc5f42156

SHA512
c5a73f844878b87273082cbf145b56211aec667114e7e63f442db461cf000e76a8b9ba6df2cc95af0bdfffe9ac99083740ef037a43c0103b0de0beb1e4b0ec6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
ed1e396826c23f023dee8a65c8286f11

SHA1
083c95c3a309b44e1060aeef7b53811d7d8012dc

SHA256
edc1af4eba32802a239ae4e2a147f136772600fdec39f295f190e6034bda35cc

SHA512
3adbf4b634a3d374299ed33f4c7ad78ef3622cff1ecf5c11520b43c993b24c9002739ce9ad0be36c1ea093c0d7490cb67448ae7dcd77690b45f067f2cb376e96

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
f26af44b7da00f0fb2f449af06844c89

SHA1
ca27189b536729e96308150ef6ebc08a5f50dffa

SHA256
2b2da93801233123d192fa9da487387c09c76912067535a42c911e9683165a32

SHA512
fb8b92838f9c7c0ee5766ba897b1ba5a97550e5ee7051594ec40cf91b694cb79f9d5b3d068d45f35689a0420af59f73f2255e67846045057ec628ec41359e4de

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
20d6c7191eb84ca621c1a900fbee9902

SHA1
4dfe84ebcf3bbb3805eaeef60c4b15b6531b4543

SHA256
cd2a34c50c05741d7f4d47acf09554af4cf730a9e6e317532c07d0c273fd3580

SHA512
f7449d68c8db6e8116483d40dce3abcb7e4f0e117883bf617dec02367945c739bd189c498292060268e0a4aecdc1c96a4c5aafac3a5ea54ea352da1f78d3ab6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
1f4ff507c6a3aeab16418eaf21255bcc

SHA1
ec9535a65ae98bcf75b012edac89d63215c1f0ac

SHA256
c48e9488cac14754fb0c8ec1ac2a83cd266cd51cc4275ed78d5a48f9f0c02ec0

SHA512
e5ff8ef22a8f7ddcb5b4e1a7d192f8b76197a019abe0de27eeb42592005d17a4241b0a794318a5f3285d38af8335761c6cc3457298b774761bd4c6a8d1b967db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
558b97ce0256eea103366f9bbca42084

SHA1
ab618feba8cd8e6010f6c792be3af95967095266

SHA256
9cebbe81edf7497b04d912b59d788c661a474685acbbf7c01504dc1c72f21bfb

SHA512
a9f652f28e45f094f81d128c3e4180f393ffe2cb95995b7f21bb1cad1882f8a9f5e4a38a18a2109d48e7cd0764d18b22971b4e0d31700db6d3a316c389771f02

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
f90cc6534e26ae8a2e0e7f49c76001da

SHA1
e0b28aeb2625becc5b8b0a54c852d58483a23691

SHA256
5485a95787cc61745f9fd8e48d89763c867c495f7569eadeba7e945a9f4ab3c2

SHA512
95787e07118809e5897fde83e98fdd793fafe557239e1bc5de786c42fa68ead1dde9d4a5822d87fba0e0631b3270db76bc127253612c5f0812bd758f1dd16402

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
0a6f58e33ef693c31601014d886373ed

SHA1
7360d9e41353be9bf753f8b12ce3a3f05b384abf

SHA256
1598b0e0993367a6c6d7f07373469408cb243a325d3fdc34cdf60b22b9b5fbb6

SHA512
eb68c0ecece8e608091fe210fd153a746417afcad1aaef804b3c218737b16578ce0bdc1fecd23311ee3538d9618c092cdfcba2a704046e94b4a79bc78c6b779f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
489e73006e60466b341060b99e51a7b1

SHA1
9fa660faeaf1c230b39c4a287cc1a9f10894406f

SHA256
c8ab42a843684e74753e94f29e160f555e51a1edc0f2d25edc4a108d99fb5284

SHA512
0bc867390d78be7e17f7e8f8dbb7eef36b6d84d46ef71fd6cd6d8e92d4575afd18e8aea062671c1143af5474f39a9eb590e40ba467b652c1a47544035e8383d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5f7b498aa3752b32d19b34b261f66a8c

SHA1
44c0e6c731c9f40cbb0357484682ba4d3a19c2d3

SHA256
b06cba24f3fe80cf9e65dbac1ea581d7a5687a178555420e08ca767b2dd3b9b6

SHA512
d07fc90e217525456cf0986f6c3c35801eece6d2f9fa11b37cf5848b1e9ec587e50e6052e8f95a43f8425599ec77e43ba7d37ae4d42bbe9ed471ebbaba1aa1ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
223bdeaa7828b3a52572f51970f9b619

SHA1
df1e7a22872caad7525b6b299e4dbef2a8fdeab3

SHA256
72a5b2165e12760df1d60768f9e169c97d15ae2c9ee04e8f60fe9228f706e1ad

SHA512
c3e2fd1d96971f58f5ff48e466a057e3a9a1b0c355ec06846ed40d5a3668b0b8192d060c5d867470599b10e0295c6757cca565691578f029c953b66b2deefe43

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
40020049901b4628c9cc903608ee9d5f

SHA1
12553070c0ba816e7fa197aec7e7150d9ab68411

SHA256
a465f01c4249dc8eae5bf1ce02f797e5f850f1db950d8c5a5ee4069757de0ee0

SHA512
bd2b25ac1ca1bd5e78f2871256caf99f68d47779f32dcfaf3e80b31378585bebde9fa61f72b991669617450d8a95616939c4f7e650fabebd9cbd632e5a3ec137

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c639715eb52803d6ec170e8ca2d45f27

SHA1
038ccd064b2ca05d3756d0f05520da8270250c37

SHA256
5260141f7742a2a3d956b0d1ce7b4c05228ddda07873010f887d01e63f275182

SHA512
a43cc616d92a81be21bed763a9bccc631d8909dea2f0b3241c5ba0491d7ccb2ac84d51f5fffe5cce121795c5177b0a13d2e5f54be92ea536a4f429c5ea2d300b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
a70a9195931afe179a7641c8a7a96ac0

SHA1
5487cadc2d692d804c85c31d613444b48158ba09

SHA256
1320794cb583b67571b9ff04e0fe78a87930baa5bac9c0aa3fae6bc5271de5b3

SHA512
6c0f6ced7ee8a62be692e80de55fa24aba434a379f9891366cb7337decf705b4810e4d84cfc0b61511d7d5ee9b647607aeea0669c43a5256a963d9fc97cd8b2f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c3ecda2778647276af2fdf07b782f4b1

SHA1
d36bf061946bb135e6dddbf0b1b10fc60149b757

SHA256
17cb1aa86fdbdbb4b59ecf8105aa763dd8863e47793f8316cd824aa31273581e

SHA512
71849109fbdfd2c9067b54ddf64cd1b85351573f542f8170c4826187c07813a8e60b8a884ad8a5b677c5b478f32dcfee6c50dca6f7feb3cc5ed3c0861e31a106

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
85485d06bc311c556f212ec8f166917d

SHA1
33f8e67513368ec194322096a13d5d4356398be8

SHA256
4ee3bcd0c64ce02575c1ebe87d2f4ee991b7876389a2e260fa0718dd4b5a4670

SHA512
434e87ded48e1782a4398349aa797ea5b5af1c43eb7c539ad56d2f51d36993e31fa4f8d618c4284db36bf6622f6327496e7dd75fc0f110a0015f4ca328957afa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
d0937ab2055b34eb588ed6573aaea52f

SHA1
d66696419fa7403191b432dc8d33629f2957ef6b

SHA256
6283a992e00dc7dc8c0125d3b73a8dbb94b617b0cfd01ded1e5b4ec4c58db3d2

SHA512
9f673ca1e40c76b2c878c4e4caf0e613619eed34945042dc94c6e0bba0982e8c73f113385bf849862052f2612433728fa4243ea5090e313d26377512dc61e256

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
b6a12ca2227bf2f8748606f061f2a3bc

SHA1
c3d54c41c6ba7d693439fbdc4991a2d4acb6c97b

SHA256
f742ae5a1ee1960681b736731ab60a47fa619e6aea263e6fa57b763ef4476811

SHA512
05ab384493ae3743ee8dc15492b917ad0723265da4ddd2ea3940a114bab23534489f317c05de5d43f15a826d4abad4128daa5fed42ba1091fabe60baeecd9d32

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
cfded959d35c153f08ae1bf94fd66c08

SHA1
37ee7241537b41d3c2c063877269f823606e094d

SHA256
3dbf659f990c642ac75a7a97c70af313190a4823b642d3200850541d3e4a3f8c

SHA512
d2ced9922ebc4be8f6781656560f4c2810cce15634e6d62deba68aa165c5863965ef6e5e676d66ea83113fb7f536907ca5ffef38500c4e5628477da86639f92d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
108703c46592aff438419c8fbc208d50

SHA1
716df19a92ff42c3b861fd3fea1f50204f801866

SHA256
9bb60ef0fccfd99edb6bd52b6965a7c7d9fdcb8299fb1a654aebd9006e83e8ad

SHA512
b168f8c066fa9cdf67f22fe00f7713b8bd7b690e3d9723b5be833c32064d36da0cc1826d23522760d44faec9664c20c881e80e6e4d20e335b3f393eccc4c6767

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
44077df2e871fba8385bc62dec4ae977

SHA1
cac8516ea2744f73672ff3b12216e81622003242

SHA256
fcd5353940003e0fabb97bd096716c35ee3119bd0e7129ea9b5665ce22bcdc18

SHA512
3c5fe949d455232b0093622b7aad497455266662bb053182dfac4aae02f23ebe99e62c0c515b9e330303fa6cc2e6edb40cf596dea4fd065dd4fe8c3cd61eaf60

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
61cb2c74f7fe3374dba6d0acc6ed2e50

SHA1
fbf73ef2a005f4514845eeea1114242524ebe28c

SHA256
c7949b508aadda65585c3779c29e565173cb7f42df7aa1e3632902b5025d0187

SHA512
5814fd3a8265d829960abcc02eef5488151414a8f4297f7a049694eaa49507c351468c8773c085169bd0d938be8873466fa6182075e743e7af1aab1683f93fea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
e64db1ee846879fa043c37ab032533f7

SHA1
27e17f8ce64fa763906d8816f075bbf4e36a846c

SHA256
4605e175c41b82b95212e49f984a202cefd13b869f62c1faee1a13f527905590

SHA512
87293da994a3842520acb80538bd317effe11efa11a52cfb8f8669744bf801b37b45d58815884aa22c9b69c332761e027b45ad3e8171a9269be971bf02562664

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
3c8c9097389912596f15f120f4b16da0

SHA1
fb13aee95513e0ff193edeacfb62bf60cf512f51

SHA256
00683f05319bfdfb0353399da9b6eea3d1657a0d8c100c0c1712c078bdb5231a

SHA512
64f004948674f5777b1e92b89a7643f56e47a256565ce6b000874d2960ddb9b4b271596ad961a7e1f42b03d0275f005fee2ce7b94492ecc03e28010ddbb1ae1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ec004c2c2b3eaca76a42805b701326a1

SHA1
4309c2870db6412ccc52bc850c2ed357e5b8928b

SHA256
eb8f5f628c3416b35d50ff618e5801aa14d516019ae3f5d403d42bf29b2655eb

SHA512
e31ece3b498b910e7d542caf784345fad75c385ec408675d896d23a830a3dbf79cc7f1b1f2aed027c72c874628f4d92b5d574949959d59ef0f7bf6abc8a6a035

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
43b2c92da740cf53895d1daff5cdd27d

SHA1
f002c448491845e2721c2547c766a0f699fa065b

SHA256
065d1f51527b8549e576f9d0c9d80499388430eddb2c22af5062998882442411

SHA512
7331bea27af6d2aa1ddc3089d0a4f3f86f923131b7e685d9520c382d9775f78c21cd95af483762e6f83e0b4e4e148dc9c088261218789b2e3e328c39a6902090

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
e39575f58556bc3da7ef61a9478ebc04

SHA1
bdc2201241d1bb9531643a93f7959510e26dafeb

SHA256
57c83e01104fe4843b87f9b69d1c75d0f052da3fe35dc05b494469a84a824552

SHA512
5df75eeeb878402464d466272c6f08528c86a7595b129236334ad3c772dae7967b712e24c90557aa02185bcfbaddf46c53cd9af373a9477fa3b36786e71ce9b1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
90d03d75b086c723ab66557c0c94fde4

SHA1
da62e53aa0a41335ceca9f9cebfe69ff2d5490a5

SHA256
878001a97854c7c185fcd4db632171cc5615f6b16ab71c7df17427ec33eea58e

SHA512
26c0948df0969319739e35f1e098c3242aad0df155126c300d451bf592b71996fdcd7ff4f3990b03eb81119e278aef0f64c74f35306a9865da48ade3b5ef05bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
4083fb90a2d1489bacc941e498cf1347

SHA1
8e2410d63d2407a3bd69a1c98c2173d944c379b3

SHA256
0633f66770980e91d55edf1209524b8135c13decd20adf72be46b19fda6dd185

SHA512
89dd4eb86a0c74c569a2f7ea5e07567f7a859f90a08e44ce65556b8c95442814d7b820ee8969cd3d69619787662dd051cbdc40f49e37c7c9f1456b653e7da01a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
91773dcc97e14a885836b4ee21b1c9eb

SHA1
76b504a08ccbe3a784ea061a5626f06bcf75c999

SHA256
0fa2728dba8532466bef57fdb64d58ba03e33ec54a81aeae32bfea3596058c30

SHA512
2d4c26a9f2ecdcda6964e33bd0b352d5afef668f67e9382d49a8c94419c7af661236f60d99ef7100499eaa6c32c16a1469aca9711afcd2f65572cb34da30d6b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
9896ca7b95530bddc3cf626d2a30be37

SHA1
76c7b2a915727655f189788d02adbbcb26d93ac2

SHA256
4a97a62096c6676d7d29e4f196efa807c359e3f576da21e18844d426b217d613

SHA512
1e7e905549d6ed3a1c9689d3c697f7715632c5557601363dfec29d4f2220d3e4dd1cf560eeabf52e4212cb1a47bb047746e9157117261df73f00702c4fe59ca7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
8847059bbcc0828bc96127806e03cfdd

SHA1
af714cd77b1863093745e306620ff4e37715511c

SHA256
d1c8914db89e15ee302060fa233ebcc2d8102be5052dfd4c6d15116c6c3096a0

SHA512
b73d2589cd2783ffb844f75b50d289237ec0b43f919a3f7c8d1cadd29709ac3b5ee8550ea9218a157a92fb2f524a3dcf9cc310868f0cc586d59e6195297b3d01

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
e8c7d95a3d285853acec9dc6c3b1086b

SHA1
e3da0d6ebe42de41094a10484c72f11de8a03d1a

SHA256
f2f6cbbcf356950b9a10d7aac575edce4ef2aea2fab1dcb886eab6079bcde977

SHA512
abd7900bb0ccd7a2e92fb19971a5cfa936b92b11612077db85ac782c527291fdb21247a905389d95bd1d17ab5a27f310b6c8b7ceeb3d5c71a1d235bfab64fd35

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6c785bd1dc06df86da6e215fb87e907a

SHA1
41cc96b07a1091d8e1b4c27b4516b51cc419aa57

SHA256
1f6b85c007728316ed9ad8d5e8658655a3cfae58d9d8f5cd966496046e577533

SHA512
348f06a73f2c3f5a8899aeec4366c52a72301eb45f10c8511d3f2cb80eface9d8afc11fab01e6713a7bce9d14b8ec991416c3213439d76be0e880076d958af31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7a4ce811bd24e8126a25896c28e1ba75

SHA1
e78e9b733bc16b291154a07c526ba57ad7e68a53

SHA256
4e53764c4e356d32d96bbd990193a8cf9c5667d7618aa7e6aad0c241743c6e4e

SHA512
9336c44360e290e94e8f5f26041031da1a75004918f1be72742974d22929719ccd82cb318cbf159ed8c5d2f4d3840d8127ead066f5dae0a0c8d1d34465e84c94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
88f1972be97dc5896d0f2b49bf1020c7

SHA1
dd022f6e0f0126505add36025890c1101c03f6b0

SHA256
5192ceb9f839b057e0d8e1e4cdc9071a32a0528bd8f903cb86c82bdeb499be16

SHA512
11a78288c334d4beb0142557f10e324c0653ea494ea99b09ba518e7e7bdc2f4279b2bdb65800cd1e64b735fd3b2cdcd4c8e459647357de3a4d389b5b85553780

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
dea4915e462bac42e3678692684991fb

SHA1
c7f657676c2ef61160083a35ae7829a3ccc40801

SHA256
72062b3ad96c65bc7d03c33a7533fbde15a719258f898738b06409ec5a797228

SHA512
87e1f94fcaaa6fee60fbf6a85136593efae5ccd61d125d4d0b63801d2a39bfa8c2ad2a8c406b2fe7b55b8b9c0bc6446021264117a45aae36828e4612dda68d60

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d91d769e3aa9d33005aa2a9ed13d399d

SHA1
1f9735d9ce610af515b76b80007de44e0097994d

SHA256
52636533f141f58bbdf065c4ce9e356acbc0414c663c9aca0c12eb54f975cb4e

SHA512
d05e9947c5c9673a0253a67f0a7739fcd5757708083371844a72e0505b838e728af08bb1ae559497f1cd2baeaa3413bd3215342c498b5742b26f4bdb9f0cbab3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3b9ec5041b1d7e801d5874f00b0645a3

SHA1
e32889ad4849ed8875b5beb9e2db807940910b98

SHA256
e768eb4d70a940d14ae7b4704aeb9f8ba0d5c81d0dfab898bee09326325f0172

SHA512
1c799e28c4aca8c0a2275279cfd8c9a784606a4e17603dacae350f4c673631e3bad7e1d98b3e4582d2c816abae34ce7cf59c2ed83b4308c7f6ea8955cbf94242

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
670558cbbb418a909f84295040e778b4

SHA1
8f6cb48abfd7c324a31f6121fa3ce24b4daf084c

SHA256
553b45c875ddd67c613bc49f1974308c4d7ebceb396275d2843063dd05474fcb

SHA512
27ff2f53077b2967f6ef1fe63e5aef9e49d735490925fa56f81304531d9707cafc76d5072e554da135c3f82a48ac2de21570cbd4c15e1df0d021a98e80b80a58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
4e0db5f14d45144ad2e22c97b2d3f776

SHA1
89b21b2de288b6a1f7b5877587e59a4fbab7e7ce

SHA256
3c3b9ff835fead218c9e8eaf1bb13e87253eb3dd01893ec747bedf156f106a88

SHA512
7a3ae6d07aa3dbbad275e07f3e08a972887ad87e484aeafc35417ad872e00fddc720755d0dc9e25ad44742c9743657acf6f994cf666ddaffc765c6208509895a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e72413846b4bf5c8374409339ed7bb00

SHA1
4f7e1dc64d5d74d3992b8920f2a17246bd063360

SHA256
4749fbe18b0f41dfd84317010aef56b35d6201095bcbec17e9291486333bf46a

SHA512
0165ff8cf19f683d5fd28a65b91f91b1a18a56763e7aadb52c4487f37c8421092cf4b26f01ec41c5c734351ba34bc80a9db353c97d8b07bc10cb68d66af1b648

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
000db938b9b98e8e2f4f91d59c617a2f

SHA1
125c9a8db1f9c56e5c1a22d4420a65167b270706

SHA256
d381541ec19188ef872b2805d0af3caf13ff2fb7825320fd66baba9d88ffd0dc

SHA512
b7748c7f24a34a71d2826ecb00d8bbf0b9c550fcbbb10bfec09af6d7f7d0921fcbc8a30987be4db8c73a2922925b322c7f2fb572abe97e769adf294f808d7454

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
bfa3b7e9796418a7973eeb67de908c3b

SHA1
f2df0f56e306402de60aa85d6a15f068c5dd8099

SHA256
3af453df27485d792d13bd06d23527ee9f6a10b84fe9acc0d58d05ffb2f28c12

SHA512
e81b7722947271f2125166c91a659ce1b2a8fc85500ac8316027a2338f3225b4d506e3a891ebb70010fbcc6e4966af89aae43fbb1c3eb651256f8db7604d503f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f74842d949fdf4ac605da245e5c61274

SHA1
e19ec1fa17f10e02a27327f4fa382c7936026ac3

SHA256
61b11ca4b4ae00ae1f487cb21142a58ab7891ac954a7e7f9a1df03e43eb216a6

SHA512
088121ddb87fff8f7d45102d21fc1f86170fbe466a51e3cea0760c46d1a1472ca63b09852c7da4204e67a6f31f388c6008dffbbbda6eb87d1f763c3563790975

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1d9206e08769d139d44ef03b61ee734b

SHA1
642c73303b52ff23bc5270b214143991a3a1c807

SHA256
b959d93851c91ca528b733b1f871150b002021d9343590296efda55c154f5127

SHA512
8f0674c0bd84f99a6757fbad82aa11d7ef137f48b14c13d4cfc5fc8c518d81ab701c97c5eba594c0a1f8e03c91599703f23d48ce9919fb59e930006d98d174e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2c420209a21e66587a1b02faffb49010

SHA1
f1153cc00166de43f3a8ca6d2fa9da60c6947dc6

SHA256
1ea1a7d77d4a9da3af3eee27d5698019a33f7aa9b8ee1b77af58ebe0e50b0dc6

SHA512
d62e5d14a82887cd570e8d6805955f352ceff320676f0e12d839f30c012a28c88032dba4594941820886d65bff1aa14b3abdb6e417bb71eaf0c36496a7cbba5f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0f7f8aac88795e8afb7efb2b55441ed3

SHA1
28b4e8f422a37f27374e13fe25d23e9bdef0869c

SHA256
c806584b8e2dc9a8af0ce8450095f2622c85207f5581c0fc71782f8e9492990c

SHA512
65b255f0c89fa673b5e53373a44845f11939c71889f868af96c7b9516b93299d23bbf8a248e4de0a61fc6a62cbae8b2ebf100d7fd8627b4b3a62428f5dfe55ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
a9d8a5414351e9af627c37d327a98b4c

SHA1
04101337e49bee1209274d9fd367f9bbc1b27dd4

SHA256
b5839c2004b32dd67de1aa11a48d2b316bb85f17cc9272083cc778c29f5939f7

SHA512
1bcc8e4c6e1761d77fa65c9cfda76211ee8d077c32f4d0e446c69f3ba4db63f47043ea1845a759004882f0a6957351c282b7cb4136a8a7f1dd48c4e1315ff25a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
50512b649e1af1c50f92dbc383a9fa29

SHA1
8fab99f173d3340b62d027cb98fbf9b53fb6cb22

SHA256
79f18129062b2c7c64fa89775510528543567f63fc0840bd6be42104a51cea6a

SHA512
818317cba9294a4d44604b5cd0498aff8490caec4d3c7896c1433a8e1799c139febcb6588c824210e28392a208161b5a2fd6c9bde0ccd68f4a422666487ed6c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
27e018768039354c98acf6acea44fc29

SHA1
dde14de71b207edb5599f9cad5617b0be7687f69

SHA256
f2d86a66a2451624a56718882e544cc33a3cdc9acfc00de8afd653c09d7225ec

SHA512
291a029f71ee8159f1e845cc80c182ab55e5d48db72097344acd0260d8332864ac45af744752784d601ffbd5a0cbd7626c4fa569df8c12d9afbb60cd2c7abed4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
f2cd0edac69be7a0e068ed4b9a0eb621

SHA1
ab17d4a63fc4da787632d2eb8a0e846109b6dfaf

SHA256
11332d0fd65673274d078beffbec3cf09dee85ccb46756d37829cf6c2443c653

SHA512
29eaec99463755a062817b0626a9a9a3af1e15fd79178a04657d3da9f07ff06f273ec0fe656259efabff7656be06f9cd410fb0683635836a3140895c89bb1dd3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
40249f77e6bc808596812ac741ed005f

SHA1
23e3dd17a7972b85c786e260fafef8bfc57f36bc

SHA256
5da2a8228304a3d9415b8f3f1e526b06e6b706a5cce447331e2d709c716e316b

SHA512
1bb1ed204a8747205352fba5425c2f7c7ee421fd2a6408e12f8948211edceb010ce2a841e7caaf7945a7cca246755c17bba2fef19240ab90cf58cf6b09735742

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
84af608fec9ad8b93d4de718c8e6b27e

SHA1
d712d462f16c8ca7502f3e7b8b597228ef39ca63

SHA256
4150a7dcda8c1a67fb03bc36abf449c92b367a7cc02c7e3272c25168da0e2260

SHA512
df31bf547dbd73127263635cb2af0cf205714ca90298ed857f49b10332c1412b769e37f6323d0ed9dbc4131119b51302dd3837db4ff53eac12aa415378cbc65a

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
91206c8ee503f22d609e6aff2e868837

SHA1
9596e66b6351b03d433de07a708bfd0870886283

SHA256
1bca10b42789dd66199483d9592acd7888b4a5dd35a0482a0d669ef7bf2c6b96

SHA512
d0d557c29e6b5f34341253fa67b144b9544ecdce326e0af592226b4ffab703add6a2933c1f20db74616636d65feee2d3f84337360306bcc6296a82a870219905

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
4239b06a7657fd411161edfc153dcd92

SHA1
3142f4e20260aa69190a9f362ab9d1fb0608613c

SHA256
36c6a17ab7a6c5a7f0c4782d51187cc42a81732bdf0674bca7c6d84a7fdf8c72

SHA512
dd9b54e9e37e01226d1fdbc8d24e4b88807bee41926f3669c58965400dc06856a5d960ad2d3f08a12c0ae3ddbeccc95bfa515f4e1ee76ac43f3e43c2da81dde4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
5f59993585aa361d757f56880417adb8

SHA1
3d8de75e008a141626ed33b6527d850bf0f8d55d

SHA256
b66148db953333fec1cb7aef2969892353f57a506e63de3b8a4d3ed6aeff3a13

SHA512
f4f241af4624822ded6fd9e07461940f78a064ab6ad4c94244534b14413389405a5335d6b70a049760ccbfa619e535a1f818852b979ccad38b23bdcfe3f22e3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
3dd793f77f0aa6e9248b32cfbb575d40

SHA1
705b55f72b95914c0df623c5ee664f14b3b119fc

SHA256
ea76824be2acd5c85fbc9e84fabca5e4fdd61717e7d88cbbae6a66afea073acd

SHA512
2892c165f6012cf29efdccf5733bfac8acb48e6aae87b2b3a61d095bc0151e3d9f329483555d6acfd3c0744fbf52be1000b317ede8b8fa139a896452fa642f95

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
21fbd1e96b6e58659a95a4d4fe7997d0

SHA1
77b00bac8524b940c93fc6b84462cdc4bab8b30e

SHA256
4b331a7dff6608f9efba2e3dff9f44d189dcf2eb33896406767fad7c0a9d3b2b

SHA512
e4f2eae9427674d5fca57169c64176643ba3e5b428e56b302ce72a2696f69bdd94ebbf36630baea3b6d43494e2042b51313d12497450e19fae57ad644504011c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
1b5ff085d0a5eb82cd81699cb66f9f22

SHA1
8556e64d3e7d9bed765cb120de50f3a223618da6

SHA256
96d20c240d62722a8815be092c691a7759bfbd6b087917cb5d58c0408922e4ec

SHA512
9f2b9af23cf888c418e3f826162a66fb0d16f6b824c37429c06d5b8cfafccfa35849adb056b58ac7b53d65505cb2efceeada3f8088cd93e11cab71e44e5e0991

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
19ee01ea09c103e59545df31e19ef73f

SHA1
c8b665a9de0da9ce85c70ed7fc5eefe048500a75

SHA256
f7a00f559d1948daf128759421919e96106fea947cae4302e7cde9e1960ce20b

SHA512
2ce946324e02f4d7bf683201467ec024b4904026833d71715fb6c056a940cd35d3cad6bae1006871f0a715c52d2cf0ff84240d64205e453f5bdd33bf77b32ae7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
f7fffc58834502a5c1470bc6dad844ec

SHA1
31b63ee3efeb3d2287b49f36a3194dc593961595

SHA256
7f5f8488e4d8c301f1b7b365a81f6ab666a55ed25d382006851d60d461f8dc51

SHA512
cdf80b43f7485ccb50e89a2f044b2fdeaf7e4d07ff4af8cfd3b9c62135df34fd3b64b75142d1dfc1b4a1f168f038dfd2a3c5cb748364c01b273981619629ae1a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
b79487afc69057ecc2a7deb17e5771ae

SHA1
7daaf35f8d0a035f181b70974dec2cb58ff64caf

SHA256
ad0cbafe3b815301b13c254e5b7d32bf66b97f233c31e6df535634b855a5eae4

SHA512
84c2320fc13474e0971d374ba43f748a82c048f88e801905662818f8c910c227cc41dbdf77eba833216e292a7e8d3b70a53e6f297f4cff09136808f37bcc86d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
1caa6ecb41e8afb1edc57786c691c48a

SHA1
1d9c3c4af67835473bd4029ffba26b460ca40244

SHA256
bf4677fb4dbf8fa2ea69e7470974603da7a2e50171c6232396b02aa28ce14c9f

SHA512
04582ec1836a15f7836eb79a7373cb8f85ab5cf4be67addec7d28f2c1a06378c3bc2b7fab8d89e5db4202291d87f1faa25a0691fe6f494d5b7357dd2e506d0ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
addb54e8e06b1bbfc44ef38e5b564ef2

SHA1
511511767193049aadf0037b7a453c9661a46b39

SHA256
1c286845e088ade3f00d6fef96f1b6bcde7e468b20928163586ba213ee105776

SHA512
571a9f81191a769c1fc1779d684d0a872753af1c82c479617cc7bf0b8559ac26830d26cf6528a5a67c4acb60740050a61fe51c6e5732f572db5e8d997471955d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
1d9471a49499dc55a3d1a6ff7c8bdf69

SHA1
3818f8f2da6b1b22283fb7440252fd30d0722778

SHA256
c4e1202d69be1d921c977d583531d4185a8fbf16fe1b30cb51dd56c1599655ec

SHA512
03bd3273ae2af8de33d2063949a5bad44a4a7a2c2b7f1917a48bab424c725375800d4a29f1cfeab322f90ba0a57c27544fbf1b09be58a1c0ca3ede64e7be4a22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
37c08fe7da99cc6d09cf17f35e854035

SHA1
ce5e139e4fcd2b54bf8f34204128c1086507a11b

SHA256
4263370bff2acd1bbaa3f8caa084c59da1133e3c64ca082bd72c1d62bcd5152b

SHA512
5fe788eb0f26b4a0e2ab5e3a6ac1228d66866c9679e67b7416c99d130abeadc58b5063e3216913005f413a388b694d3f48bd7d76cc5473a814d3c6e56f66345e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
367332d9aefd73a039c690aced323478

SHA1
c1ded17808089a06f8f00d361ea88d123c665d58

SHA256
3caf53e6e940c86fc15768b4af35431f9efd449520a16acc2b852dbbfdb38662

SHA512
b2bb1480997f75468df4629ef234bb6953a41267b22b2d03267694f182e62bdb862860b37418a42e5bd2b91c491e15c698d1924f111b5c23db60afb61bb83fef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
f5595eaeaaefb244260fef2c757339ff

SHA1
e288f2f3f24943b2fe1502b06c1432d9371568df

SHA256
545a894164954b788b40234b8a7ff1555aa871ed71c7b72e02a41d146e1ec961

SHA512
9b6ce08646e6c8402ef43b609dc0ea0bf940e03b3ff57f43f75824d57c7076e2bbab140a959b5c6aafd9eaee164893b3952f3b57eda16a7f3c79672375de5f4c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
8475d4e1a39365f211a5aa300e6ce522

SHA1
2ebe65ff207974ad74d891882b4e9a3406f67b40

SHA256
83397dd9bfe93836e13226efe491186c999e33a59ad6ce7dd362c08bda00655c

SHA512
d35a96d46daa5c2d1bdac5d4cb274cd6a74e11c7e7533fc6e2b2fc5a2e711749de28e34bb8765993beaf9a7f48bd5e9cb77cf7f1f9652d46267e5a2068917e32

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
5abf065f1900e5ac87bd13658aae58d3

SHA1
0e152c788fdfd5ed77257ebdd69be27893ba5cf1

SHA256
84e802152c429c281588138567e9d89b80e3018aeae1932c98c53adde3680519

SHA512
81fdcea2c3cee5638fd84fc9e8c414a67a2aeeb8c7ef96d2572d825ddca679b7513c6ca59444cb4530618beaf844116a80addb1140591c4df01d1b5b2b70c639

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
ec22c4b370d9051027fe604901d87dd9

SHA1
005e8c7959edeb3687c6bd0f4cd0c376401150c2

SHA256
2de2a5a59b4d76d80c1fcd8699ee43ceead5543861b2634c16a59b56d1db2576

SHA512
07a15ef420b28114a6d73772f7bd188bdb2b3ead6bd369ef5437c348a34a9194b99615cadf1529c2dcffdcc5317c1dca5b802e458ec920035e7b6fd20cb0ab78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
a052e9e83fcd466897125e4f7ef82cbd

SHA1
a10b01f2440dbdc84c52981e7dd991429bad3414

SHA256
99179bc10dc3a1b3bba2e249cf5330cc8154211997844396c2d069d6512ccee4

SHA512
2d61d16ed0ac97257a21fcdd0bf7a713e5203b187777ef0afcbe1176dee57b6bb6299a9d11c7e1dcb3ff3ab7ded0cc2b14161b80887ec8103ec9d8174470251e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk.EnCiPhErEd

Filesize
1KB

MD5
2a5108769e47f89ff07d7dfa2bb6b4a0

SHA1
29c73326a77cc20b90d4965509157d40d5c62d2d

SHA256
559d4e7e2601dd00b8f3e68089d772482e7309654a5bc850f504df4bd1d4d286

SHA512
943244e03b78e02224bf0334cc4140b7704be3804cabcc04d2f9944ce172100c96da824b2bfa156b8dca6234fd93fbba5453e59dcc223309fa46634bffe37132

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
d72d2388829557ea13947067766e10ba

SHA1
86da7fbe37850d01d2a5ba5af8790bdf4b0a272c

SHA256
7794b2b85931f88d95541f513e86159b711548101da2f322c587dea7c1905f5e

SHA512
ce06642c40a1806e656905401041fac1118187fd87d08e1778b6dccf0bdc0f3bade754fe5969e4a87777aac01475ac6d1b62da62a81b3af061e423f888391f3b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
164d514f5f442d75f0724dd412ab7158

SHA1
c7517c114c3c24e11fa49e1606d9a72d37fb9635

SHA256
892d83b98afbc98979f0f885d2c2bf22e3239156c7789579fa7b51750621bebf

SHA512
36b8d7e0ed5042787830862b605fd4dbf7261ed4cb83ab6359b59a647e89ccdc3cba43f86b3ffcb38fdb4a78adf7e03c10597858563c091c61019ade8d9b60fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
aa036c9fd291a3f52ac513796fc7ecc0

SHA1
cee25ed008bb6ed338ff149edaed14d0d3618339

SHA256
0bbf6366123dc2bef95114f395b8860f26e409570084dc4f66b2a98c5cb49912

SHA512
a56501f048e1c941d565a29de569bbea9bb42ec51cb2ffeee4a643b94b83b45d7f1a01d258844a74a3f2f3882a3428420c10fbe11c437bea51f4a6e9086e6f17

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
58dbf1340112a189026b1238a049bc47

SHA1
c77061606f739e4e1221df54399cfb58e4efc3fe

SHA256
0a68b2540cbeb5590bae461019530a8afdc94d705219608cca8614a840269cf4

SHA512
4ffcd056b9730b842a9fa489f0df122da32a53f7e49b3e6a9ab78cd63f04a252d49b7e28e6b4ce53eb6059e82e9420ebbf62ad20b1a2c44713db59bbc0751baf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
10430c1635b8295bfa206d68886fb2b6

SHA1
194d0db798d65e85b152458a3b9938dc7a8496d2

SHA256
51093843a02583c136e1468f89910c76bcf501e3c831f7dc2ada09809d6da7b0

SHA512
9cf202b0372ab2bf3439ebb106f72b14194fb729cc440ca10b900573095c9336be6673bc33fbfa3c4ecd99df791b08b24a9822019f85cd596d2f31eb14407ee9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
87b0c6a87948a2d58097957a9a2d3b01

SHA1
e35291e13bcfd8bfae1aabee51fb8b31cebc1b17

SHA256
b8cb64c4d233896d8355e692aa809ba13eae2f67768622e113011ecf4828ac3c

SHA512
38c90e0df96c54e764861a9f0ccb70b6dfaf5dcf06310cf6b4b9477f1658764166f23ab57163024d3891a81d9ef55b4d5b2995c5489902e67f38916d1028c9b1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
b3c50161f44c41c42e10303100017ec0

SHA1
31408181673dfe76ca336d32d1bb13eb706064d2

SHA256
b0a94f5790df3ac957a3a6d8a3a7c4e50cb915dc2159eef103cdfba1b985573f

SHA512
786bf974f22bfede32e94ebf79c74b95c4a12c8223290d3002ed2e9a3e340009304d50c353fcc1702a6cc71348072dd5143cdc2b65f21baabc3be2b15724f794

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
98103306e38dffbecbfeda1f0c764dd9

SHA1
0dc5e9e6f235cc1e96eb22a7a2c02016d9981115

SHA256
769c230f746cf8428dc468b770ef758f463caf57294d6b0efddd3a69f5467be8

SHA512
c1f611b1f9b8aa0bf5d57ca119a6162d804bc1f713b2bf50d9ec8de297b6f0ca795890f2da440c9892471ba5c662678c3e1127b8d383fed5becbcda15968e0ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
7a1e4bd418e6a115941f02adcddbed9e

SHA1
1f2b8dda0e96a2ade54ef69ec25c784184bac983

SHA256
7729640509f7df61792fd2ed2b5e954e89dd0d56f2da67d769668f3d82cf2207

SHA512
304742e11f2c6713f62255459c0aff9124acfaabc5b22c6c3d140155b1a46ea39de91d53a6b70170ea10bd396aa1c9c05af3e9726e676da8e41c492f76d71acc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
d0bc6566e41b8fe023461a287ab46e45

SHA1
bc737ac806e8b68f55a9517546eb0e9828e1d360

SHA256
c2a2d97162cc9ceb3880118444145263c90853780aaed8b5eaf041a7cfbdd36e

SHA512
5e6d962783889de21870fc5473fed88cf3720e76235197b7bcf8ad1275cc73288f7bd64c29fea55073869afca5d9c92c9cc62d1b881d4a7f4a0edbdca7af6bfb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
bf7c8030e4e07f1806ac1558c9a07af2

SHA1
d9e996c000065bf7942d7ba425beb0d44936a2fb

SHA256
1ec157a5cb78abb0f53eaef9914abdb0e972844da3944cba891136bb52c848dc

SHA512
469be15df0961b21797f142baa31b01e19f8ba7aaff04c7ba63152b9b0d19bbc3a41b9f6688f2f68259883117fb3b41696aa1cd0f4584be6951008be0fb46a5f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
03bbf5aac06291b7918f9a089266d55d

SHA1
45566a18fc52968860f6e1efd9f45f8de0e2a09f

SHA256
540a4fc224d04e113f98afda12c65cf153367e4f5dd1591632c5b0cec5683642

SHA512
a8c0fe4e8ecf4fbf3088456ea0ba0cccbe0261431250b583647280f82620c2aa61e7517473b6605c876dafe792a177f418c12d3771a336649398f78c5a161f6e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated.png

Filesize
296B

MD5
c869f3be3d28cb4410d3f2e85489816e

SHA1
67332edcd52d50e9b77035f4b7874a2495e8e742

SHA256
8a26c19ea7760f3bb56e2a2f448eaf078ba95c6abfb5bd56bbb57643f02bf6c8

SHA512
3d90305fc5932342e73f1e63ce2f5ca8eff6e266d5b94c0e1821631a52f4087b83394cd4deee8826bc3abda5129525951f3d65abbfb9c7614bbe4900f5fdbbf3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c2049bcc5319db053de9a4c5f6ba044c

SHA1
0652b82e45419cf4f45262fc1e8a1657c47e2707

SHA256
aaddb1b099ee347a03e858135be70997dd7c734c86a25a62e9e6e8645cea8c8b

SHA512
fe531586b23f237e7284e78c7d1e2a77f696ed27a2b8ab11675bd73f9deb6ea5d5182aeae68660a4a0bc31654e2a2f924c6caaff7cf9b80ff096b0165d9ed062

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
feb941017e2e129a2603efd480fcdbdd

SHA1
3147d48ffecdf4135fdfc3a143c889d309d5791a

SHA256
47a75c0a2f96a732176d1df117daa9b2bf11ffe4065e53fc34ef380f7f7314e4

SHA512
7fa157d617fc13bfff5406b833f9c715712e1f4ab819ac02614388e5c4ebb5c29bad07c356eb3ff25f40cb99c73717b65519c6ecd102a50ff440235ace2142b5

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c1ae26243a9d75ead68c85090a2bfb03

SHA1
019d03f9323e8399d7151ba44ad92253a4718acc

SHA256
16971f092d039c3e290934853a8c4497a5f9df2c0b24d071f13629a91929b553

SHA512
f2efe264253673e8c13a405276ddb8ec0e27da021460ff63f7fe3c91f9fd866a4bb4c7f5f94e27a15163cf50bf37722dcde646cb98ea3ff6c2d0aedf198f85da

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
7ab8c35cb51047cef60780220f0b4b52

SHA1
b0f53c3b4e7fbedc277c2ca23be79e16bf488e70

SHA256
d4aa42e8338d38551599f7572c23a449cf1ce4bf16fe0b108a1bbbb4d66616a4

SHA512
f96486fcc2be5e4f78a379d144012add5d17917c9ac2dd889233e08b7fb495f6444eeea5a2656154dd46907c0bd9abbd6e840e5647fe47aef4ceaf0553ef3c54

Download Submit
memory/2316-10998-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-10881-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-6396-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-6399-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-11309-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-11314-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2316-11315-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download