xorist | a3c19a448c24e965c3467e7dc70ac417c730db5fad66cde644bf837feb3f1935

Analysis

max time kernel
63s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Size

23KB
MD5

846b3e30cd174661265a4c925cf73865
SHA1

78be287dfd593ec5e87b31ef20347bebb61abfcb
SHA256

a3c19a448c24e965c3467e7dc70ac417c730db5fad66cde644bf837feb3f1935
SHA512

9714acd51b2f23090169da09d3f9c5d804c3aca385de6e375df92fdcc0cd1a4aaa33c1c7e3e5904f013f002840b6f6da263c6fb8c7dfa503a2ab5aa3ae516e5b
SSDEEP

384:kAhgmZnWs/FBSPGvx2Ji+xN48gUbhFQa0h+dVkaioSSBMmVw+vNrY0BEY0177ZX3:k2gh7G527lLQaEU3OSS93fd7Bc

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 12 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3468-7-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-6-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-3519-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-4176-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-4179-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-8887-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-11663-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-12525-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-12846-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-12869-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-12876-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3468-12878-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (3038) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\it-IT\lipeula.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_9c108d8ac558a80d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\Tokens_SR_es-ES-N.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\license.rtf	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wbem\xml\cim20.dtd	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR-pipelineconfig.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	pid	process	target process
PID 2276 set thread context of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2276-0-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral2/memory/3468-1-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2276-3-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral2/memory/3468-5-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-7-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-6-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-3519-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-4176-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-4179-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-8887-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-11663-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-12525-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-12846-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-12869-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-12876-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3468-12878-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-60_altform-unplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-100.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_24x24x32.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-150.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-white_scale-125.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-32.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\LargeTile.scale-100.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-white.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-64_altform-unplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\businessbarclose_16x16x32.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-64_altform-lightunplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\AppxManifest.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-36_altform-lightunplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100_contrast-white.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_scale-100.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PayLockScreenLogo.scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-40.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-256.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-20_contrast-white.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryRight.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-60_altform-unplated.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\SmallTile.scale-100.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-black_scale-200.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\AppxManifest.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-200_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ha-Latn-NG\View3d\3DViewerProductDescription-universal.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_altform-unplated_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-150.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\MilitaryLeft.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-125.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-150.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinResearcher.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-more_31bf3856ad364e35_10.0.19041.1_none_624b5deeb86c35b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user_31bf3856ad364e35_10.0.19041.1_none_165c59d1f13fedf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..rotection.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a45f47cbeca572e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_net44amd.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_06a96e5886410b68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-ma..t-onecore.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bcaa185b8d0e30a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_bcmdhd64.inf_31bf3856ad364e35_10.0.19041.1_none_bc4ccf38b07f09e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_897437645b00229f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..uetooth-dafprovider_31bf3856ad364e35_10.0.19041.1_none_d5bb6f94c489f18b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.r..eattestation.client_31bf3856ad364e35_10.0.19041.1_none_4b9f20ed8ba53d2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Tpm.Commands.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-datastore_31bf3856ad364e35_10.0.19041.153_none_18c3ec06aeba9898\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\SmallTile.scale-100.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell-family-client_31bf3856ad364e35_10.0.19041.746_none_790086a2b15c8e0a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tssessionux-library_31bf3856ad364e35_10.0.19041.746_none_58a2a6ef1d633015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bba1e60e316328d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125_contrast-black.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..riverclassextension_31bf3856ad364e35_10.0.19041.746_none_f08256e7fcc2cff6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_es-es_b8410882a62fce85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_a838a172670dc226\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..otcli-dll.resources_31bf3856ad364e35_10.0.19041.1_es-es_92d914054e412df0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_10.0.19041.1_es-es_503c624eeca1a522\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-secinit.resources_31bf3856ad364e35_10.0.19041.1_it-it_bf66cb98ff25a5ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..emotemanagement-adm_31bf3856ad364e35_10.0.19041.1_none_00193c49e1ee3f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_prnms011.inf_31bf3856ad364e35_10.0.19041.1_none_7aecd5910914aee5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..appvprogrammability_31bf3856ad364e35_10.0.19041.746_none_ca08a5430d378c28\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_10.0.19041.1_es-es_7fff8374e65f9a36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_sr-..-rs_b53367e969aca6c8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_product-onecore__mi..sport.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9ba650914189b4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_10.0.19041.1_none_215d1c4c12e1d275\Report.System.Wired.xml	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..terprisediagnostics_31bf3856ad364e35_10.0.19041.1_none_8710409d232263a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.contrast-black_scale-125.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-32_altform-unplated_contrast-white.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..roubleshoothandlers_31bf3856ad364e35_10.0.19041.1081_none_da4c60f483a9f28f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netbxnda.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_258a64392e84e507\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_firmware.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_4c040a3f973bb732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\unifiedEnrollmentOnPremAuth.html	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netr28x.inf_31bf3856ad364e35_10.0.19041.1_none_abbf32e7e3ef296c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\Task Manager.lnk	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc_31bf3856ad364e35_10.0.19041.746_none_4fa3449a65de1c39\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netbc64.inf_31bf3856ad364e35_10.0.19041.1_none_d42e5683db6e64e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-l..layserver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b727902c1591ffd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..-heap-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_163614096fab5a6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\SquareTile44x44.targetsize-24.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-servicehostbuilder_31bf3856ad364e35_10.0.19041.1_none_da3337a8b76bba64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..lers-assignedaccess_31bf3856ad364e35_10.0.19041.844_none_685e75c3526a8f72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\tsfileicon.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-enterprisecsps_31bf3856ad364e35_10.0.19041.1151_none_c10310d293c6ec98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_fc2fa4adeb627fd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c1ae8635f6861d2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-48.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..erdatamodel-desktop_31bf3856ad364e35_10.0.19041.964_none_43206e2696bd0872\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_16f7041ee32b7994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_mssmbios.inf_31bf3856ad364e35_10.0.19041.1_none_461f2463c042786e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_10.0.19041.264_none_a199d25200715d07\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ws3cap.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c4ba43b9cb96444c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\saturationColorBar.png	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..2provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_53e0eda35e508e61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_834e36bb4e4d3962\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecoreua..erservice.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_eaf87331b1468e76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.746_none_642fd6708f928379\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\ = "CRYPTED!"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\DefaultIcon	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VLQDEZTNMFKZYVK"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0CipOHe37i9louk.exe,0"	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell\open\command	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VLQDEZTNMFKZYVK\shell	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

description	pid	process	target process
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
PID 2276 wrote to memory of 3468	2276	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe	846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\846b3e30cd174661265a4c925cf73865_JaffaCakes118.exe
2⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
c701d32c04242d9df172d9d52d8b96c0

SHA1
e115f86856150d668eede0b57bdf6da0fecfecdd

SHA256
88c32301d423dc8c6df56eab23f8bc1d0b23c1d53fd1c197ea194a7e7bbbd901

SHA512
c56e33bf503d0f26ee02310a3279f8b147d5d104183e17914466c85a851c1ae9db850f6ac6dca381991a4cb903847daabfa9faf4d25497c84eeb02fcea631136

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
5a27cf89f3d5e8b1515bae904b91dae7

SHA1
910c6274c9d43c4d4a631f66b234a5b5562b2ce6

SHA256
f3adfb30b8728939b31e2518c4ebf0967ba7a36338ea06277d6091e554d74e16

SHA512
935154143e7b54f05ac74543a9c3bfe712015e65c3c8b2457e30692665617f23ab14996fb9fed5fc18e7a3a8a8eede52a66a22b71f97cbc21deb8edc5da3c0fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
e5cbc84aa9a2ff12cd67cf2be15755f9

SHA1
efb34f2c7744173fe1b0fe77adad29aa52846e3b

SHA256
f779a495b39b17ae26ea4e43ed1c0cf389b07bb40cb0eb63d92827745fe2008b

SHA512
f9e51f884a62cb4e574e7439994125574bd2a28ba457f660ff805b11d04158a519ca67b108d7b2bec5d8d853b5c6690d63f213167dcadce1f401ab6fb8c5c1da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
77abd1f85f510ae7d7b0be51d8d265cc

SHA1
277f940c2a23c5bced76bff49503cf7d698a6a61

SHA256
93b4ac4e94a1cf1875d47ca1c33319c87fa87b8122f7f2ad51c94797f12f2559

SHA512
c973fa257761529d32f5cb7e73476214e91e0097625dc5ba5be7ab3aff8304b6f4c708cea9390c252540042ca4c85d6db33fe6759e698d8988fe1a780b855a5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
01d8d562e14add07ed987706e55892fb

SHA1
b56a2aa272322a1f138b73d34a3f3b591417b5c8

SHA256
fe800e66ee009e58f8f3821213dc181e90b4a1f7b69c6ba2fcd3867583400aad

SHA512
13df7a5c3ec82c7548b5761cf674eead24e613e6d0248f6249cb815a34ef766cda2c0fd7bce662a599e884de726145cef19e2d946ea7a840153b3a156c5fe456

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
f5bb4e4c1cd4b43bb64bae0a87117a38

SHA1
029569bd8a4499e929a5da133ed8a6356e1265c7

SHA256
93fc0015a30e92f9f796653e30ddd30acdd674fdddd83bf12ed07ceec7ef3b28

SHA512
94650ccba8c884399d73aff6a66c795962854cf2ca21f1695c27841f7fa7e99afb66faad4ab388611cdea3793855219b46b76df5aa4aaa671b903c59d65c5380

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
22191bb2ec046413bb49f3da0f72ecd0

SHA1
2cee766805e6ad81b581614a49b513eb9a793371

SHA256
5d6d8887a4ae279bafe6bce253ae7f9c03c6cc7ff69ee1e01cf410e671495c4c

SHA512
7ca2c3ec146f26f715c28b9162fb8372c4da51227b2ec9b12eea3d0c6c2558614d27fe23707a269d695c2d80897a3849de0d175e230ac2a29988c74d02e0c842

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
199874db9f8182c4222d4ebd6f40761b

SHA1
54830601fc37de449f1397feaad6678714c53d72

SHA256
c69cc65f54399fc63a6c90b446c98869e6f86a7f4552b2a0ae430048965987b9

SHA512
1e9eebf79838fc8dd2eb003d5ab4980460aaf2bdf24c77ca6f08734a602d028f33410f512e4a2aa2507771667bb0806a7dc1570de66453c4a30b5a191b80fd15

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
a20b81e4f9379eadc0db047f058da6e0

SHA1
fe1f3d749354935277bb76f51f1599bf39a84701

SHA256
c8511bb25e58f2494f304aac93b7e8508701048bf50f554eabae798808eb7f6d

SHA512
1b6bcbe5c552cdd86b9f08207649604fcc5f2c32c59fff631cc8a6d13e076c62afd3298776bfba38ff83b3e21117d1096a2211156d548e54dcf559268044b888

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
192b438ef9a840a793c5c851bb266258

SHA1
bb39eab4fc471e7db84ac0cd07504cb323783453

SHA256
6f4a6b1b176cbb8cdfe130b3394d458ecd70062e598a383afcbdf4741633e60c

SHA512
b14539a7f3252dacb8741472600ee49846f58210356ae846ac19964a4e534a0b494f132eebc9496b4f1a6ad0fab44abfcf10e6b7fab6f6445d4fd8c4ef7dff34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
0b7bc42a04348eca2aa024270e91cf89

SHA1
68a323b77dfb2075683a583bd3c4dc92dd9973c4

SHA256
8baa898fadf05db3dc07b012b3c88cab795dcbdf07643317990c0516260c6262

SHA512
cca42588963bdda1e07ef62c92b11e739c66dd962aeb171b118782fbd6fa002d2923e433141b9d71bfeb4303e2fe73c4cd5857bfda923a7daa337962bc35111f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
327c3acfec993681c75c48eb6b2bc060

SHA1
fd0e83a7a5e28fa54ebe123fcf985a06d6350755

SHA256
8bb85e393480d46df3fe30be517f514da2ab59e97375da2c44ddd1d944a0bd6e

SHA512
195c37361b67c99aabd6a6b65acf4812d1cc4b0ae89658929ddd8ed047973b6880b043f7d898ca2584d37e8504a1bc0e7e9e5c5c58d6157f80668b1f98060b28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
387ba5fbc544b91f4ca2ce3192b30282

SHA1
4e26143a57c11602c54505d40d5a4d4f20f0e34c

SHA256
355fcdb5ac1bb6144f788cacd55dfc02d6693a3b0e724bb71b01cdf6e9a5173d

SHA512
e4c184215682c54608be2829a2ae4a3b6ff82665c48e3230c0cb54c283226b8d4de6d34bba31289b145195145511d24de7582ceb8f02d88efd3dfc9cfa389bd5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
7868455794839be1c2b20e9db0d95af8

SHA1
3f6f0955b811adafc203f3aa60037d2904004171

SHA256
f9141d657eaab31aa038bded556125c64040177b75e00185d8e2536b4a0e6a8c

SHA512
34b6767c4650020f13b509de17d4571dabe937186ec05ee4bf1842df448485bccd8bdb6b5a8087e8d2cc029a18bb6c8f399f0460aa9d722afa5efde4a33ee6bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a0f31377705d7e7bea5135c83a2fc66a

SHA1
da52aedbb4b099a87b83fd3b362b648dbcbcf9c4

SHA256
b02c1089897c29dcad3c09d0a0af7afa7fb3fc7fb6a03c4f3cce521dce2b5fdc

SHA512
8dbc51dc27349cee3b2f8e7ee3aa27882839a395e7fc3147fb18cc8a3f26b2b19861f6e9d6c74af38a3688573076965f063af0c9b2c46784d0795dcb54cd4c62

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
f4fdebed84ff76e582a1afc508fce64a

SHA1
5c013433dec292a44346a82725b99c4cd688d0b4

SHA256
8f8c4fd823e1c58d949530d6b5700bcec63c8034d360d204d0cd058d46d888a4

SHA512
108125baf80e0d6ed59af2cd78bde264c870aee8f7b347025f087f42db34deeddd358383a1ec577d8ee6c1a335f507a07b2b9471f11dec62251cb624cd24cbae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
49c2818b24aae940d41bbfae79aba175

SHA1
9b4c9dd7683113a9e9c77ca853bb1ed18bb17e76

SHA256
6f0a772731cf731c7fcf2a37f8f554b6bb301aee117076568598b89dd0ff400a

SHA512
0d841f6f37ed1b1e416cabef02ec7d32dba1aff875df0afc9204e06557ec3fef8b841b327842e140de300af0d42a8e68c51ecf3970b0f516e5edb31af36d6bd3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
3848f90e9c20376a20d4f56fd9ddb638

SHA1
456c94fa82f40c6e1a88a76978b3e1dac4ae93c7

SHA256
393dc070c91a79adc1f93d8fc9ec228611b1af2b8542fd737788bd1ee0ab72df

SHA512
4beaa15e2e8565bb37af0a619a343ee35533dad872b17014f648a78239be769cc4e5e8c25c70d53d8899cb94ce92700e7935f0f764c9ebc4452f2a7cc86897b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
0f51d18f380ee126103a3c2315b65bfc

SHA1
b86fa4f1c6179e49a359c17e5a3f607a5ad951a8

SHA256
8e3e372a790e1bffb1c5fa9d98d8eafa08871feea61e9505e8143f13b3f91d95

SHA512
6813c0027cd09092730443571cc9a0475f3dacfed2cf19fe7024321516a8191e7974f1f7758697590618f26d4271b5184ca144f9745edcc4ab09c90c19e09599

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
83faa611806ef9d7153e053bce93a1c7

SHA1
6ddbe2e5a7df2d0b1c7c6fa20e53590d6357378f

SHA256
193b30af5981c7ab0b3e20aefec2d19a647dc21119bed0b3558c26ee508aed46

SHA512
e4a4a948a7af56d2b9beeb87d9cbac18e4c6e13cd8bad9baee3a4522c5c4e7b1ab9838b36b32f618f0baa5573538f2765c102d8cbf112e9a0c4cbe07b9ccf563

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
79f0eb74a8f07d527f86ed661501fd32

SHA1
729426b0e9c65bc6888db7817882010fabcf400a

SHA256
c2a7fbe5f24b00e13fce5c610a49a7300570558ad043e52d85513e38a8b07c43

SHA512
9897267fc6e54998cda527913f27990e5051178361e7a5eab2ea06bc1b7364f4d259c5194ea79416a79506ed101c9cde4f59474afcdcec99cdcb36c9e5b77a00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
411f6f48df460608a240347f13242523

SHA1
a82e4bde12e989fcf5e2b68a0412909ac2ac8c19

SHA256
4a2dc10f0b553c1e425d18ac5b0877ebd62a0185a81e0912c64871ec291c911a

SHA512
78738883b5c09fd3b3efeff17131ce720f197eed05dc6b2f20eb721dd7f5e060b820ae8afc2bef47c0c12c4514fab90b4e90a4c4119bc6f264838654851ad563

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

Filesize
802B

MD5
aad7c3dd0afd93b86deb16c9f9861357

SHA1
6c23624b26f6173dc79b659fbc66107cd9ac5272

SHA256
3cf575bae8e4de30fb5fd6163e93ada4f442ed1a6fc4618f6a7939493a1ccb12

SHA512
87b10a6f2ba0643ab19b8b103360f4c6e8ccc62b4b9061b98a310763d627b43daede6aab19172aac53e7e79b44d4263e88014513a5a5af0ad68eb494911b073b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css

Filesize
802B

MD5
10c7a74351141185f290f6cd9cef3201

SHA1
0244f47d315b611554e1b2f482549294ac29f6e0

SHA256
c12e5c77f0df33ee545d6b69a6ccb31ffb28e692636e16f8a9eb8d449297668f

SHA512
256d3b8e9375d96079c6ac44a5dedc3b94b08b0ca0117061cf781266ca9be66a351fa1b849fe9d613e19710a6225e7524e92bc7f2be3d652454345de7c5c8931

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css

Filesize
802B

MD5
0ba8e51b51e5cb3726388c1cbc2c181b

SHA1
daae6e0bd1f3fe6c24256137c89b6e940afba903

SHA256
12d98990d9ae644d6aa2bc657a55c25c865dd1e87b6b6eb845470fdea5c827bb

SHA512
2960af9f0efcc2be904a14c1b99cb9b764b1bd073baeb174eb1c48ed3611e6c65183f486cb05a410c1a8c5ad67c902f46e6f274e9a5f461c8e483a75df6da62a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css

Filesize
802B

MD5
ca54f5c37769e2698f88614cd73c64f9

SHA1
38055aa861a746f83c202ccf3bc485e7a9d790c7

SHA256
193c1a530db769cfbbfe8410300fad1dbfc624d899f9396124153ec7d9221092

SHA512
5530512a0526a648f6fb6d6b99d75a902fefcc4497f466a076aa6ed114c1c54d592d18260000b762c7886cb3241a78e1398776db1c98c3aad8009e195d143882

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
dba8b84dfbb1c0614e2679bba71f9b8a

SHA1
0501b149b8905f51836f2320ca757ec732fc883d

SHA256
f80c13e38d65fcd6e208cc3b547eea986c8460c55d0233a9f94340e5abe1f3b1

SHA512
353bd89643fc774bac090b6a262f77172e1f19eed1500fbb81fb61f236cd8ed5281574ce77c9490b3a1e8f91e9ddd5b1b21c86677c2691cb9280dead0757decc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
f3fe88d8addeafa771bbd646e5a290dc

SHA1
d2c97030f20546dc71efc2b045c0f994fe928a7d

SHA256
0ed391ed3ebd8020aa6c2498b6379ca8d1332738cd94219a21f4d70618533a82

SHA512
67160372c506d2afc214963d4ee2050476fe8ce380ba6bba2e813ceae81958a7e2f9f3e0ace24ca271b693a942380a5aee355a619a0f5b871f3f19460cbd1225

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
709d1334fc2a5d7c26029033c10cc6c4

SHA1
1b7ecbbf2b39c0e1a11bb9372bfa77a203a359eb

SHA256
986bf6ebd1c6f2a7d188cb0de2671cf6a2718e6a66e9f4d9b6b455eef52b7c24

SHA512
c0a7a37574afa18b9fd42a7c7b1f4f62d37025e4273113f0c4be7271180865d07f7aa60d930d6b529b4a24ac896b37271de15696815c421e2ec815efe8aa38d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
0088a684f5c231d451a01135308bde72

SHA1
82347dabaae90e75c69fdb1ce09f1dff7df964ca

SHA256
15adf763444306c4862b01b6662e147e97326f27f9b3ba95270d83559fc366ee

SHA512
874322e825c6f87be9f49365ac27c6007db9ef8a7f3b785486b77cee6ab92c75c85bcf6220e140a77b04dbbecf58f90983db1ba7d33d7d15ff4adbfb44993eef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
0c8f6e0e31eca20cee27dea5205f152d

SHA1
6db23c41c78be4e265471fcb87a636c2f2cf0952

SHA256
81f2c1dafff6d30f2a6fdcfcb1d823d0f64b406a32b0c491289db2b22bdf6bb7

SHA512
706ecdb8d7b85e7f4750781d4bdb3af8032364b4ccc8fc90f53ed8c64409f0f8d9bf9db2af453f9e69ff246f772615b6371c1292568f48859ad504029a62afe7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
e51cd50deb86d077c50eee59231acf34

SHA1
bc06bbb736bcede590ac881248e9a82eb3196d0d

SHA256
39315b39eda55629866d3fc5c92171d568d4c8088327fcd83657c18630e7119a

SHA512
dd5b00798bd961e89d7db8a75eed2e166401d91ad9e8510c0a5c46af76386d0ce791dc2d0ac97992d50e24a24a1e79ee8bae3d7d7e42ff1729983dc9ba785df2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
084470e5e00a9e58642090ada5eab291

SHA1
e8aeaec8280eb8fd19b08aa82c1f89b1025fee20

SHA256
5738d3d816a749438ccbb6a5cd2f97805667df68747cd576bc3b36a4b0d832fd

SHA512
230d562abc07107ea24d60bdaa46958422423e8320107788ef34471170ff8179cab761a2c01730e17be55a9aae45fcd1230a543c3eb612bb4389cee61b09ac0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
d30eff7f6b6ce6479a93a529ba80399d

SHA1
4d6c0716fcc9bd80697c4436657ae3b479c8e112

SHA256
c729288b10d24e56f6ba60769bf80e617a80f20acaa3149d84277091d43a2c2c

SHA512
2f3189cb58068e227fbd2d00fc473f57ca969fd1ec06212624d4c2b7a09d530228f35799eae4863eb32719a7cfc5ba73a6c645946735b33f9fb96428010dfbf0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
5b1f223d2ba560e1480366a8c9dc545d

SHA1
689c7e5bd3c60364afa5261e1f228d88c10ed0e1

SHA256
03fa61750611d8442f9a17ba9617981962a2747ed23bb579e07ce4c9a62bcb65

SHA512
885bc6e47e477e1ea4fb019250e8adce001d004aad304322c5b5350dab141971a665d06c155615a5e066ccf8e560863d986a71c33dc231abce911a3f64ca62e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
0154e01f24eb5df8359806bf35882736

SHA1
a0d1a325b8e3b105ddaf8f0ae60ef80628ce4ce6

SHA256
5fa8a32de50982332247c0f3d4727b5a020683373bc7578105e71da3b6dc5d7c

SHA512
d96dc6426646c6acdf166bd9faa506aedfd23d79062171cfaacad43da34d2a18393c017786fd4323710455731f77a74a842120885bf3485719056fc277bc2027

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e9a12f380fca5f525de06b670813f40b

SHA1
3e9c236837084a4db5dd81a458c14cfbd572fc33

SHA256
cb8108547355047beb1dfc76112c30318143214812410f117670dd60090526fe

SHA512
aa83cb93cf245184e853546f5739ec0b396c664780a5334241ed99f11625b307f3277f3ba8e6a11d936a703c7eeb9ad31651697e43239289c418da6ba766ce4d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
c2ab90fba6897eeadd83f3e73ef22dea

SHA1
6f6c937504281bee45d13b54bf01cd00f0aae445

SHA256
ac17f896f5c16170b99705820bcb2434729cdf0f2d8f48f4d17327bdb4d3b183

SHA512
1df46713fa9348ab94f93f6cd6e5251e1ba1b6d91b263adb60e7568f0f5e6e4c7497061764311e82d81b139d8a8df92bb48bdd478f7d50ee244916c19e2844a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d88a33541cb737c3375c14f60282755b

SHA1
d69d4223b58ab9645e5eb07bba7b2311736bb76b

SHA256
3cdfd9010a91f829ce55cb9027a1484058aac38f9616349707f896c56cb2bf7b

SHA512
920f5c07a23960119e4e37993d2a1289146f53c17af0c598f7c4484deb02fa6bead6ee0201b121019945d710b25a0088e0f67c8b87a4de69a7c163001937abe4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
c2304033326adeebdb5f5697bab57f65

SHA1
cff309109505f4ff429c983efe7b96327c3a2d16

SHA256
7c8b73c7778c5611f2a582db0a86effc269e7c7c35f7549d446e87a09dc7af84

SHA512
db268974107e6423b23da1a92ad3ef8d2b588e3639f17e65fc7a847596b6781d65476680fda1aa144bc069070f440990b06bbbb9b5764fd028721de7c99a8ebf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
530b25add0328034c862a30b51d0b16a

SHA1
eb99cf95de89e2f592107b20466e98e0d1f3d3c8

SHA256
749732ed9ae816d9c64c35b46a69fbef8e20301baaf5383937c41a80efcb89e1

SHA512
5bea39a0bccad3f6633dd8c81c4cd4232c737cad70d1ca10513841700ea43e4f48f50d251484407a42d7ed835a026006d292c3a26805d1d683e1f52eb458680c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
d4a25aad3a59d3377896958658b5083b

SHA1
b392515b92b87241705488b2c3d58902d87fa670

SHA256
1c8e0091a4d299b89c242faf12a6a81c3e90afc5fb529038237078691a5145f7

SHA512
d55d3c920905d8f55fbdfea7d8515f87e14226c1eaacc573e07694a4b1c7cd4c087bc21faae434e7b44400c82f4f87b9e73cb44c30b1a336ff5ce474987e1f4c

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
623B

MD5
bcf801b9c2c9d2982a5513ffb8369fae

SHA1
606a6a0fcfeca0ddd6edaba8b2e27acc58ff79cd

SHA256
891de44d41b973dd0dbe910f873058f86b7bf64bdb93cda2e309ad302c8aea9c

SHA512
69a524210f57042b2fc7c2b8821cc3c604f7fa23d9007f391aef290c6e03d2f45da253b9ea89cabcebcc8ba1d86b53b0cf32cf4c269c77d1d3e4f9e0579feac9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
c72cb6fe289da04d5722873c1a554dad

SHA1
ff9652709fa89280ab1915eaaddb310604f91253

SHA256
f8d67472a4db3ecd864a830c37b498ff0702cdc3abf94f2be384ae18a668943f

SHA512
ae03de8b71b9c9df77e04d0b44194d57b5ebc0cb45f30a22a8c0dfdf53ab10642b1fb811df3acbe5ba1bc0133eb3301026e16fa1b46525455406ac4811553088

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
c3af483c54d23348efc8459adca16b2b

SHA1
bcf5dd7bf7dfe3f3ac1847b2ce21c2f62dc2eb06

SHA256
5c2430b3045a930161df0b5641852f889a6b5cf0069044fc90ac7d4b9f445985

SHA512
2ec867459f340c3d58c395fc1859eda18a4ce7c7459b0ebaa4c4dfb5070df9251346491baf312429e943b1e4e60af7d5b564e38a52e385b222575006b6f4d4a4

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
a77b11c424e4b09eb3c916e8adcb3d98

SHA1
7f4103bc1ec08c3bedfde7bbe17386b96fb32fc1

SHA256
adb4af5302fe6215fe9ef62c256e1c516abc92741d740d21d9724c1e9eb422a8

SHA512
6f20398a00434143cd4acb95d77f9d105e697dfaaf8249b7a02ee35fb3b4269ecc92b6ad06d8b95b403095b39f6138e0d011e1511a5fcada528895fbfdb47bc8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
2a23cf018ad76f1b467b2abcef1568c7

SHA1
733cfbf71cbe49bca11a38883bffec0c286f4762

SHA256
bc62e87b98096b4bed254a3f7c980bc0e4ad491cbf6232cbe30f3474df463f39

SHA512
a809db0ccab056e139163a955e494cdf0e119121a84c30befc260d93086aa14cdf421c2073616e99ba7b0e2ea841889b80107067a7cb76f88b3142db0e5932be

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
da38e89734d132cbefc7929849d4fedb

SHA1
8148ef46337dbb165befd81b62bc708a15549514

SHA256
c758baf133d20ec80e297676368aabfe3d71c58638deca4ebf9d39734efb8f17

SHA512
2e4a38a97e6a0d06978923139cff6b9a54508f13b468db361225201c42222010ca0976492c42dcc521c953af897bfe2348230225a563e072675080d4418c6895

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
523bc61fc5530d7c6818ea1ba348c0fe

SHA1
1b34b45626f96888af4a4f5e4eff7b4590fb7ea3

SHA256
3ca4532c440578a341c17af99f9deaddf0d0e3456b48e0afa79976b93e92a389

SHA512
d788f42fc3f156b31964dabb743bf2064247d246536063c88f415b548298a39071ce32759fddbb69d4a4629111bb80be5cdf1102942162f1f818cbaaf983d6e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
cc237cc537e9e2149853e6797f24949f

SHA1
106f62ea06deb0cd7c1d45388d3ac2b24d415f96

SHA256
0f26350ff17e95782f6bff6c5d50b491a9ea4e5ec60b7dcbae64ea10ff4dad82

SHA512
f1d8070d0eb37af69e77895fe5ce93a7795b657c3ec1b3eeafcac6b2e716686a8c8a76511e0feab6b06ea446cbe3a6fe9345798af544c08c5df0f5b43b40062c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
8a0d1b560506b9467225a853ea678645

SHA1
129bfc498479e5c34ba268257f9605044f4573f6

SHA256
b72ae7b6f80826000e1131a6d8e03b878f1affe451dfa7f7405a7ff750a7b1db

SHA512
7c0533dbb189d7096363947e176a8427749ceaaa935aa8ad269e9daa079f68b395cf49c2d914f4590bd553a15897d04e447a0bde807a737565b60f76836f794b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
2093c17da0216fa435163c29df3f043f

SHA1
524b9550f89b8b7b438816b19eb47d430101d015

SHA256
572317c35fd7fed0f5929666724165734de1921bf01b34bd3e555850b36a4530

SHA512
0adbd01a3ada9a2f101305a920454bf026e9bea24bb77f131369ac03f1099cc6f266f7033caa7a30a6b06f5e597ff148e2f1141855d3e57f535f38a0c6802258

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
4dfe468273a75d0ee124eb88b5097631

SHA1
cf26883ec400c2482ee931b28886d0073c7bd6d9

SHA256
074df1f316d2ddf6e19ff729afcfaac661bc6d3c069cdeb69c8d874d648af3ee

SHA512
137f8e11683f9f13fbff18581c16a46438f967d979e63cf99e08d287fad4a86a17ac2a0706b89566c51fc25cfb7b83cbe629e9c241537908ca11dfe376fcb8e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
3ea268704220201733211502b154c420

SHA1
4aee204e5fb1a10b7945e2b4efb897cea352e688

SHA256
b668f5360f06efcfcbd7623ffb8556c30a213008acb49d3b6bb1a4d3f4296b63

SHA512
c46d6e0c65d0ebdb36a16d0b6f9c8e034fcd176399e2212c3abfb71c2d638c305cfc7c383e745112ca0a859a84495f98dbbc59f4691ad9b5e5c89fd33fd13c18

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
96782629f2fe63f24a4ceceb901cc0fa

SHA1
72adf6d2da4b1858bfaa32801eded7020b0e0f09

SHA256
a4e61afa6043e0e2628b3af1f85fc8fc7ec6d91820ca07edae06633f1d523ff0

SHA512
cef5e1c399dc319952231c469dba38897bf3a2604c391d4bac83feb105e96d537858fb415e0a96058b0412a3691373a8d8d7916a5452f41647591ee93d400352

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
1b628468e60e71cf963db2f30427e66d

SHA1
1ba06926a12966f812d2dfeec6e31c14339c4faf

SHA256
9b71b9452b958dcbf84bc44f7b6e2cd4c8ad84a28db131923f69baa85241b7be

SHA512
02ab663c3ef12a656e843d4efdaf4628660a3d3569ffa284e8bd8e9589fad0946ec68480ee0e93b58a5db55c67b0d59b6f00c6857f69ad77c207e3f73c23ffab

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
c2eb032ab19e57710220d4eb9dc53dfe

SHA1
dd8ffc13702fbd8169244abed5a2d2dd4a5e9d72

SHA256
274e4c3598e2e76a0a547533597cceafb1dab81c796eac8e1387736fba7d5bc2

SHA512
d1cc51ef247d5c1b5c9112b470689090c0e9e35a821a433c443fff1b68f2e6ab82000236349258326788ab2e6629b0645f6a01d3b3e99443089712963fb979ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
c193f5151bad97f449ddeb51f83ec6ec

SHA1
e8eb46c84f31cd33f0da58db6b98efe49a718c60

SHA256
39cc884ae2eb4937ebdb98277fa94093d53f7ae287907bef0b6a532f50be8605

SHA512
0fe627c4bff59393d8095629d149e25088d5ace215cbac0666ecf1697a8706341df0282e169047d88c56e0f1c13d114208a3c01736e95ac1d7f898128d0aed2c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d9bd6aa9dba74ca92769631e123e8a6f

SHA1
74ba4b23d7daabd5b0d277ec449912bed328bc56

SHA256
3c65fc816d069f48740855db0d6c063b19dc46814ebf3358420ff9eca9bb5438

SHA512
9e328a5c78c0c467c4e2728726b948d400bc9ad675eb6d0f6d7d757e4443399108ccd00a64b155b9a138ef5a12f1f50b139798ea8429325a568cf447bcefba5b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
74105098c822932aa446a1efa3465c5c

SHA1
809f7f39eac17e269600fee3ca8660a0095b8de6

SHA256
bcf5d450dca806438428d56e9183ef812df3addc262684cec85cc04ae39e3732

SHA512
b9584a5f79df0cea7c6543bb70413499db39b27ce21f218d7576c174ff71bb215f7e78047e1515c8f59f1354ed2bc40d10c5406c9683fa64e204c1cb5c0b3b8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
4b6979e505d2dac937c2c2c43a330ad7

SHA1
b70dd79429858889bcc0a6b10b8ee2d431967396

SHA256
f374acfc65a85b9b4e1f5dce5d8e0092c8a85474d75d5e3ae7a4a4f671ae367a

SHA512
0ee8b145ccbdeaa2ec9b236a35221c5c146aeb3acb2b20428299a264c58ed2152a2024f563ffbdcb83653001e93d92abba1e60e5578c6277f5bdfba0ff150630

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
0e015554400807b2322fd289e9d794ff

SHA1
46a796696bb1281274ceb7c7ea6f4e844f779d51

SHA256
26e2e3c165136a33ace9251dc9a4c14fd4f275c36bfab6b93a6c272a42c11251

SHA512
ae6903c3fda2032095f63236563b0acfeba73bdd350099b678e78d35b031464a3b7dba22a8c10b5974d69d4859a118acbf6aa4d5de09163808cf181f354e3ccb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b084f2fc086d8e882662fcbee1a74ebc

SHA1
9d5671800bc9fd9b68c17cb748d5ed9d197b880c

SHA256
65435a948fc77f279316827001205ae7a4c5be6102a6389ab8f5e12ef3cf449f

SHA512
65013d9c507b30202a12322b7147ab027242cb4e2f6dbed7634cf47720107a9e459d173951ef01c42986d1ec9104d0870563af5451084f194e1b8efe24b54cdf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
e7b32b10ec854bfa1c66d898eff32245

SHA1
9051d139029735ff36f5ee918fa2add5c940b386

SHA256
7ad53683a1cfa9ef732101024aedfe9cdc930c2fdda60af1e012eb3ae0a09412

SHA512
b6701cfaca837ca049004b434ca16e4d493fb40b9708851762b76db70d1b95689327c52fc0526d6b77969b4d1aff92a6c9f1da81e8dd21179f887254a33d1e34

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
7702b0b681a8c85b8e7d6a47f0e93758

SHA1
3d3d86a0ed05a6c245196db141193307644e1629

SHA256
a74f9b5c3a83c2051718a4edcdb1d711631345c76e8f9024040861c3293b6381

SHA512
844ea9f19ce85ade0b9347e81b58fe1d6b006deb629440dc6979c8e15e1b79df9df1f7f7d8d65c93735ed7c65dbb11c7ee0b38bd613f79bf79b90ed44d82a4b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
51e4a5618ece7afa32f574ae20ac379f

SHA1
b55fb6cb3d0c634c92c178c5682602ba1c99c0fc

SHA256
044f1a0d1d54d8454b10740e9d8f8635e73cf7f0c64952a7602e9d397d2b27d3

SHA512
844bab5055f00c7a861e69dfffc2f75c9fd4e8eed2fd672eaccb0349a6ab780075b7e7bcf8a7c317b22156260c63f99a025d0b4e3a0717c58d46ed374f3dbc2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
4e1c1f0dc61a7986e7e23c4275de36a2

SHA1
9e3550fb5e626dca4a123bed8ccfa652f1e72955

SHA256
75db4f6b8021e1433089f2dd73e4483770432b4ce5caf3c4d829cfb01fc827a1

SHA512
936a15612615032fcd206ef5cd710bedcb0dd00db7ec43d1bbb848ca01c74005607e61448e7496d8800cd4657dd3688aa4c8c624367d4c9cce7383678e2aa545

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
dd5f685a89de5a0b0f5956616a81828a

SHA1
edbaed18330ef59bdf573d470cd9ea4450e479af

SHA256
d75b3aad38f8db560647987a37983d0388b8d6751ffccd06c4041f7917da9f71

SHA512
1593b05b1b6d3edf99a4ae8b59698b54fbaa56c5644787a46f0d2c5caf24df3e14d34f447ad291dbf4442d5cd93d338c90a797c9b438438a7bb702e6ed780269

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
369877768c59d889bfb665c5901c947e

SHA1
bd34e9110a306af4b388f51731a476e9926f92a2

SHA256
386898723114d2cef9df14b50f8d3c6ac8885bca50a74d923475676a51ca5b30

SHA512
6980990feb0996e0e1a22d619fd48c350edfef9b887f2ff11445cd7911124b60ed38e269a46e510aa519f19ca1803bdd64cbf116e71921c8e13ce841b18ed64f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
aaa66964e8281d9b5b1d0fdf8c9a17a8

SHA1
77a484aa2190343dd614e1f66b656fbb5a9b7c8f

SHA256
31f483fff1ed36d6cdc5f2f8c0d15d5cfa3150cad709db7e282d2f07c2f44a54

SHA512
704d414cb90bf31e10795f027f3c3820536fa806f9a0f76c473608de7d4a0759ff5c7e72fc2a828f63d07b48b0ec8c9590229c4d8687ff552575f05ae16487d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
74cb5694b3fd75d705226196b047fdb8

SHA1
65000fd373e790e29e2c8160fa77cfc852dca5c9

SHA256
fab22f24e4f75d316ef3c24d3163182ffebb6b8fa5ed00c741da2214af53e1af

SHA512
ae70419615ffbf5405bf38e5f3ded4d2a901460723acc30fae7aa31181894ba7ad9c0c6037f40282f6de92dc372b029c5ee0ee1ecd92ea71d0c4956ba7eae523

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
1150f22f5c5f4b45a14b23a86e88a79b

SHA1
1476dfbc6836636df7b08d76a85759ac5198bb61

SHA256
e51d0e78854870fe55773012e12f1d82eaebd6eabec71bd307d254523ab89369

SHA512
63c9d85247c33599e61cac6c42a82d6cd22aec844c569099e37553c70948895066ae83a492cdce6eae56e741070c250dc04b10c75062effd0c3bbcbfb1d8c6a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c62da97d5ecd3cee362e64cfadc14b5e

SHA1
f762a9cb3edf9937f39dc6819f744085c32b3a2b

SHA256
7199fa469182c83c2199f601f70ada724f3632e827329b99f9a89fecb02bf06f

SHA512
036b204b3b6eaeeacfcf9fdf7abf35b274050b8863d8a518cb929e74bb8e32356b7de713a8405ca25276fcd03cabf6cac76e160d318f1a5361a5255e782d9f69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
80595854729aa1057957cfca50e13619

SHA1
33891bc23713c37ce3156d86227871696969fcdf

SHA256
83cb3df9294931ace23ef4a74a7548d8ede0047a62bcb424fd5241eaddfc44f0

SHA512
b293464f4b0c04ac8c7377ea91c47eae6a9285805f0fe4610d992f339e54915d036982fbedf86251a57e9d5b60f1cd517aed59f5adc0399c4f9e5b8e6cf8290f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
5d720447144da3866a5d0a84a71fdee6

SHA1
9b501ccb845188a722651f7853ba9368a93bc1f6

SHA256
4a4ee749c10faa035642ee0f59d7de47dfb5a8cdeb5cb3184cafe0c25d3b5fe7

SHA512
06ab0ce51c8534a16ad462a775b186e21a55b16f05c46584943603ce8a9b02becb868f1ff5b83d820b43dd98c9772afac2f1b87c47a30c1cfc640ecbeeff4c83

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
c1e489b5fe808c75be310b73a21d8394

SHA1
b68a3cf0de37bbe848653e007f30c93699495267

SHA256
7e4c32ff143035a23b9c8641d45e0ec63f2f1d3cc3dba98874a393027e0693a3

SHA512
6af1b23d8429da15e94d701b6a56ea8da7256623e518c9dea5d083095dc6dfe1c64b60c688013bee26fd751f3fe991fbb2952b2d3ae57a72e7f38301d8a63a9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
f46bdd289f34368400ada352b4277a8f

SHA1
326b3b0afd7a6342bda669c9f5a5832a0986903d

SHA256
b35743427b37e4bec1e033f50793a92af1fc15ba212d731490faffad8e943993

SHA512
54eaf65cd8f7e9127c617070fcb2d99211294f83673440d06a2e01c206e0f277e0d84cdf38504b4c700dd9d4b89435030ff0adfcb531fdbc806f2d542371989c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
fe21f6784d8febe2d736f6d8d3117d71

SHA1
53c4c2d4e7a2881417cd672c8c9132e8d3cbda65

SHA256
554829913121086ddda6138e11b50b65b58033c315353ee526ac63300d16e03b

SHA512
126d32523b3123070f97dc8128e5440f93bbb9032efa557fa47b4cc9365e2cde375ab34c55e9280ee0dac24e0e45fb00bba6919991d30be1790436cce3575ef4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
58a3b0e9e8f8b352d99eb8bd771214fd

SHA1
7dc0457c9bdef67b3b16e15db21b503a19fe5fad

SHA256
32186ba52529eae63e4d5a50a06f84e8f6d4dd8b7ca522d9d8c463db22186220

SHA512
b52ad91f7e53bfab7bab7258659db07f34a4c792899699b1482bcc47a31a32b13aa1064ec757e5b10069a626259b7ec583bbf6b988fc4e9a0fec3c20b028b30a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
a2bd375d08471c1780b986bab308b3f3

SHA1
3e712905b4e586aea086b32463c8b7af6f73cf15

SHA256
46caedc5f73a68f6a1587d645abef19b13df6b9eb69e09629dda012f8a1db175

SHA512
a19b6b99534e8bf53fe2771bec318016edd76b4ae766009fc9585b6c8b50340887347756742bd91939b0288361a07b31616c7cfe16da59551100cd614d7b3cfd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
0e8c103f7ad7c89c57bc170e03e08bfe

SHA1
b96c4c40a7932fd331cf1a0092dcaf0ef882e4a9

SHA256
b0f2391f7f8e2797b8f85c3ebe40e9e34de8b1aa5b84ecbf02e1755259008fe2

SHA512
be911fa54d99a04288141f53675a2d2c145a1731515112f14e31bfb7b0f7dac4b1239ba32f2b1bb98e0d98d587949e617bcec8e4f1c8808bc8bca651d402e4d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
3e5f2d6befdf32d9661918e81a0be847

SHA1
eae0debe08d969cf3b613158d48ed31578a49d2f

SHA256
523d004d5a17256a64c2d6b50e2379ef1e434ea21a8855d8a1575bf450ffa250

SHA512
fe3d5c7f0cd44c5adf40c36e2d00084269ab48d2bf1d05272d4b62740692aae70e5160abf74ec6b141dc6c837444d8240ebdf9030e0038e047e4437b673b9b3d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
91a0b26be7dc3420f33d0fa8df78533a

SHA1
66ec4b054a5c157459358a930e36de5afb1912d1

SHA256
de121ea997f33c03aed7a2052014d28d36575236976f73124c93e72fb1e2b827

SHA512
0ecb05f3de94bd7ab083a939aed9b3a29db22d32c86cb56a365d8e179fb19b968ccaa92cd8d62e75d415e212cb8b313c0ed15a99a19bc7d394113f3b5df546dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
4929332641796ce29303804d7a49a206

SHA1
1e4abd8e79a96c8f4e92d6ad4d01f71ccaf14c3a

SHA256
4f4a9dde4e97318a6c1e2f3c5dd657ce42508e58ec0655ed8a01be4e049c79c3

SHA512
e05ce515689953af3c2a2459472cea51ba4883e5bff5c8e0a9ea27f302c7f6acc74ab51aa8e1441451d879e9a58242c3fe5fdbe03c7ed3e5d98f6df20a84668d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
3c30557c4d0560b4d28e23b226c9a747

SHA1
8504c75ddfcbb343deac1e3bde3997f02faf4c78

SHA256
d6ee6ddf587e44005f95ad30a4aaafe830f8a489ba29645327119e2ed0b03056

SHA512
bdb04bfbf59d08858413cc13870bcd307b01e446798991abc18ad7b1cc97e5b7aeb15a4039925f8d004b09a9acf39080699b5df65189f25c97738e0d4591b086

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
c889dae0c849d273e213f0db96d52090

SHA1
573f1c5073b8b3a546fcc54bb11fe2cbb39fdafd

SHA256
84286cef9afc5bbe170b8f69f092db465713559ea732420567d12b3d26ab7d1d

SHA512
7c60a7e68eaf18fe06e1bdf521a32741db609a8f6fffd67cb0896a46be6d277eb3dda5c2a5bb243161a613326d0d162875ddab4caf465df381e7cb61c11798fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
926f159b889d721f23803520164b0329

SHA1
5c3814ebc9c0dd2e5a39ba7e0985b8192e9082e5

SHA256
e8046c005a16897311742c5bb0be25e8499e260feaf5accf727625cb25c64732

SHA512
e3a817a24aef22428c366717da690e1c7d41d140ebdaf6dd75d4b7b1f4c66a952f6f82e69f71016400e5ab895cf2bcad9bb62aa14527c0d2d9f7e3799bbb8bbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

Filesize
8KB

MD5
846a51bca5bd9e1ccd412e218a4c9f9e

SHA1
24536f90be8565469c9a23211e7fa873d9e13f3c

SHA256
ad0d7914cdaef42b666c0566ee998cf1dffbd7ea8a89d27aca9847259c17ffc2

SHA512
0d796b697e141d2840f027c4a1d7597f6424b7f45572e46bf39f884bbbf034d4ca1d16715a287eb2de495f50f0cca78686e014462a5f12511a91e3c1bb7897d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

Filesize
77KB

MD5
df270a20cd3ca86b459670a4a3e7ce76

SHA1
29fda7ed72a934d2dfe6353f67c813fd8a7cc2b8

SHA256
8ccb01e0288c11e17bdbc199d8de9fba122cb2b78684806e5b8926f3a2067c45

SHA512
16f7b76a88e5d269c3e46ce04683862c89ae2b2c54edf88769c580e2673d0c5502e7cce33b26e9d5586d990e61554b0fe8c43ab913877c1bebfaaf24e0a72551

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

Filesize
48KB

MD5
bd6cd99f0738a475092384842b547587

SHA1
3a51c9f9f7bb8f5d5b6fe012e1154afdbd10a80a

SHA256
9cb2ee306a84d124d1d253db2270cc3c5a096c554017997cf63191a69ab97e7f

SHA512
076c02189ac2c24c71d6d37fbca11d546f213ed2e6279ad5ac2afffd370a5782672a8c13e4f9856f04cfc39fd09320ff4b24d99cb56dab72f63572b04cc1f87a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

Filesize
64KB

MD5
332568a44fbc5e8577b28ddff8d11481

SHA1
6cf40641500fe194c119df1f13c7ddbe19b2dcc1

SHA256
622c14681dda5277990c2f671cf561c6c7ec3637a8a493c0684570d7324aa6be

SHA512
e41c163fa392394b8e252dc45de2cd1b658926f11a62568d2ae0c2847471f1d575fd976c46298910dc7de126a181ead2cee632b74d5b384d72477578ccff0b6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

Filesize
75KB

MD5
972023c6dc62ee5c695067438d65a6b1

SHA1
949381069a8c6c14b6634b7bbf42294d544e7597

SHA256
3c52745d1ca0ad0c74b0a719c6a4fd2538f1e181299d0ddbac28162d0b78fff7

SHA512
65dc74fd84cc923c8834ab96d20b0d23720fbc35a03fed5afeff56e7b9ef81550013a8656cb3853dffef533a3f22feebba6baf5612fce456ce983339b5b5be70

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
f2b096c56f36e61e84caf76d12312755

SHA1
6f7dcc4e32576726c6e9b1665e0cee5d81aedd0e

SHA256
63990ef3d88cca826133700d17c82ed1a068d68802a2da43fe2db0970aa32163

SHA512
bd02042def07a2ea718df28bc38b0ad9a3b09b1e8feaf4b794d2ce93cc352502d2852c8ba13cebda81d7ea96ffb530767febefe00d2af41decbfc8adb6d300aa

Download Submit
C:\Windows\INF\PERFLIB\0409\perfc.dat

Filesize
32KB

MD5
a362ab6e3f55ba4fb9067b3e283bdb10

SHA1
dc84a9a59c24f8a06079e62a423b03f8aa604fbf

SHA256
9f1caf76de626f88606258e0fc26c73c1eeb2883c8001648048c6e6ee95aef70

SHA512
241bbeef3c3ac9d660860cab0f25316ed8fe33bac4f1a823ad1949431d34ea0ef553670e3605d8971e70fd15a27bd4e4be3bf574208d5e5727164dc16310530f

Download Submit
C:\Windows\INF\PERFLIB\0409\perfh.dat

Filesize
290KB

MD5
e4f0c651d5a1edabd17f1b89dbd9873a

SHA1
eac770b75100e432fc96c69fa9a4675981162cf6

SHA256
1493c602ee2b0e08cc5a8f36f6150d476ac838bd0d757319cd92591723407f69

SHA512
00c827cccdbda00c7672d3a5a262029e8dbb7a85abbc23df515e2dc66dd275ec2834f5e8e05d015c766fb1684f66629d8e814501efd3b5662e5ceb2819dea506

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
3c6e968e666a830be2783a9aad6871e9

SHA1
c5f8e75ca22673a2111575711f116639d9d6f06f

SHA256
5e12c8b87eb99ceedd4fdad4bf2904aab04749447fa91de15869e35d2378e88c

SHA512
44da1eb78d92b8cdd2f9ff700ba79bbe195f7b3d360f09d01d1be8803689d91d4bf5042a117d2c09a7b3f4113d3cc086e31e98e9d67e1816d6801d357c591ced

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5aaebe42d26b260bdedf079c3b2f7e91

SHA1
82864d7384552f5635ee436eecb29de10d933316

SHA256
01494e11c24bf3e0cde8b311b803ccc202406ad517329d47c20450717de9598e

SHA512
6f981d6c2ad931342ffcf2072060a96a0a31e393175792a563856df7738a2a0b071d2909349b51ee4adfd4819e1e24522ac3fb2beba6709d58eafc985dc13529

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
7ce1e7c8fe411cce17e766591fae0e6c

SHA1
e952c864aaba9af7b96dd322d565fb904f43df2b

SHA256
696fb60b8ceac6b6af27e0f3997ac718f61b5384eeda9ece2c798dc375e0daeb

SHA512
97e56adc61dfe64bd13ef0fe635d5cbb549b1f30d3c38a43804ce6f6f9288e9b3c12a58a7e29d733230a32ef6527f1f3dd3af16be965a834c515f4424a685ba1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
67df55ebf0c9aa7e11f79655f16eb15b

SHA1
a657e292b7aab306ad88643c92e8642f1305206d

SHA256
7df1c92005cd3a2eadc868803701a92c84410cfd29fb00b320f4f9be4f2d5197

SHA512
64a75674830c062ad1d62b5eb141c61df9a94a31ab3526d0becf6afa29ef2ef4a18c4530a292807674a132410e570b1798e0313f83654953a393deadc6fb888a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
0223e6993533bc9edbc2f647f8aaa800

SHA1
d75bec26bd75760c45b1effac009bc6e83a95f48

SHA256
d79a865330c22067184632e5a5f33fc2fe95980a7a6246ff7075ee4d5d6edfbf

SHA512
c9322cc11de9a19686ef91b9b95dab05c383aff07aa0303226785c4b7fe02d46319b774617d0ec7c4321fcdc19fa69bf02fb9c0f1e3047528e3a646cfb019b3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
217d3ee288ad884cd112dfb87f98a42f

SHA1
e4b7d902ac418b846b3587b736081dae91056656

SHA256
9e302a87a0bcaffaa64b362f71387ebc2a99ce5378987c9a922f824f6eb29c8e

SHA512
fa982ec66fdf19a92aea9a1e458430241ac006ab2a520e5cce5c3da34467945fe56f2f0813e862b9a9fa5eea587e414d8a33cbf0d1085c8d739f3aea54b3f1e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cb72eba16284d59a0d351321e7c16a3c

SHA1
f83a65500edc3a98ac180adc8df4cfc6ae8af1f9

SHA256
bc907d3042f6c95c503a154ba01beaa9a4f5fdb17d14115a6e02ca609400d585

SHA512
1243de51e53ce0ce9ce999a6d0fe6a9fd3430180ea6860a96f7a225e70068742677c4d1018300176325b19df0acf9493813cd119c02774456b368c1d68fbe861

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0aa3dffaf9ee74a2fb1ddfa3f9aa0b51

SHA1
8f66f55abe962ed63a561ebb96aee5d67d8d788e

SHA256
253b90b70c4d006d88e3b4501f27a0d39149df8cd19101c7564dc73d84f25acf

SHA512
279965b7614256f1b5e23ab593b541ec15886f9d559eac28579d510dad81e3d199a26f53db27eab15ee494b1f0e7070734ed13e365c61d0396a9be21e01a8b7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
07190bd8aedfe203dc137c95a1703458

SHA1
800a42e882e58169d72d60f10da2e3ad20a524e5

SHA256
7aa35593707528a09a47cb2168408370704ae608a64168e7379f99046e5314f2

SHA512
f0f9602aa43fca8aa0e8f427d9d68abc1dd72b377113cb6d46f53a191919fb73bbea52add9f716b44dac9866862a6ad72f38316970b21ec8218a6fcd732bda90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
3b2587aa6c24f5c5adc1058833d8db5c

SHA1
0011fcb7b14be3b54b4a292f7d3a00937c287bf6

SHA256
1e4af6e8df2e291daee74757e6ffa38c1942d29672d09cc66530249f22afbcda

SHA512
20c6088e3f3ab81a619c6701c6531b884fbcafcb0140385f41dd1cfb12084b6a61933b4c1c1c7ad7a2635d7d2be7eb46ae13010311dea598b1c31d8066a1756e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
999e94040bd0454624b382448ebd69ab

SHA1
23b66f62ab181af6685ce70e7ce97d77931c7940

SHA256
2b18fcf0c1cf318e77b7064ed406d2f914375b091dbb1ddd1dd427fe43f0ad64

SHA512
934c949fa5dba143bce44540819ab1b2f2ef0e1cafc8a0fa760bec4965fded01915753bc3432b5add022bd5d8c4d672a3b2022c46e8120f2af1225a35241ba18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
011444448ac5a2c0cf622ef2e55e485a

SHA1
b6647d6af86ceaee6d9950af81c179c15c9c0c10

SHA256
7c49b0c14b307440ca90cf6d9702de7afaed043c8330a7962bc59c77fb30305a

SHA512
f751ff3271ddfc1ab638cfb264299ed3bcb5f71744cae1c86a3bd71256ce0ec6678c5d6cdd7520cc3d5dff6b8a266e084e997362fbe22a06e852eb9234d31832

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
28a37c92e0e08c5ed6394ad087d4d2e6

SHA1
7349435d2d3226ce314d1f040a35af1024792ca3

SHA256
962f351967d9d86470e02f69f792b6849c248796055508b58104abcccbeba78a

SHA512
c91cc3eddfb1c20a9350947205b20f561c13dab6b013a43187efefd1d80038ebeed5f5bef1235a0a40444e1b11f9b9069b817aac4b7660e2575bdd263fe71ef5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

Filesize
62KB

MD5
e658b30d42a0a41297509dc663e6a80f

SHA1
2bc5b29c1f2aa060ed7dbcd27eb11d341db60228

SHA256
590ab8e4b1859aa8ae71a0a7d8bbb97dedf6ddec56bc287e7813d0be660b26a6

SHA512
4d4c1998a2dc660cfda5dd1c5495a7fb6654ece79d4fadeb8e9d77208d8d181b9d60de314e24756cea643a23c6367ce663887ff83669460334b9adb816aaead6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
9216162950542fb40ad60efcd7ef4e70

SHA1
4d630e53a495b0352a976ad7a2ed80ac8cbe8326

SHA256
94ffbef6792c327a1b187cb198fabacbe9075584b9b6586605583d2dc860e3b1

SHA512
a65a567daee99a1eedf7b6fd6dac9f3145b877e548eb9d8f0d4d55218b5a17e07e7f6cba90eef95d8de38379a5566351f01e7ced9ca42b3d5a833bb12c11c412

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
f3cf9ed8c6fa7015f31d6a03dc1df0b0

SHA1
024b7c62106ecf28d3648956fd76ffdbeaacf560

SHA256
e68d40e8a5572c873ac08ce89861f42fdd7f595ed878a066bec549c18166cf07

SHA512
01716bbffbeece6d08b0271e65e88f1bc8f71412b771cdbb7e99aae114f6bf94f19583c8433c60bffe07c08d02d1873d044e6c34088378c3e0907592b27ef060

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
f72fc610ee706a3af54d9c594908125a

SHA1
ab280efddd8d396722885bd98e47fea4ada78b41

SHA256
3ddd963bd464658721af0b9554e9c4abb56ef089e0c081ec836630aef78f096b

SHA512
e6cc5941e0da2379ba46d6d82f47614fc339ccc2165a95d7afee1c39538fb73200afe0b0d0945b12a7eb8e62d8b2427fba7ac5db494588c8766602d0420a5aa4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
fd70de997b1eca7ba9db1cf133003611

SHA1
5e45502b268e2b31e6cf18c3c3b840e165d962b3

SHA256
a3c8da450f55bb784d2bb1edff3ed4c9bcd0dfd323875ee717464ddbb4d85da0

SHA512
40d05541b06d7db471def977c767514139ea8f7fe5a99d07a66e6004a56a4b2dcdd2c3737a601426a3ffaf57dcf437a875a0c060c2ce5fa7f9a9624c003e7d52

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
b5928688491fd0c3e1999daefbe3efe5

SHA1
37bf752c80ff2e6691125df867270ece7c976b87

SHA256
c23ca85106e5e69d8b790dbff50d46780c8d411fbb00bf4854afd901b00da3ef

SHA512
ce25c502983755647600f384603e3eba7bf81740e9be4918087b7eb176912be916e1ab2ab50d40f889539355fc10b7ed40f963219cea937d902e61deca4e8e9a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
56fc42639bc04eeb298db09886c7c031

SHA1
a3f64474dd90d7ec7a5b6fc1bc1440458fae9a1e

SHA256
4d1240661ef7f4b208f2b3baa4a14e7ccdb5b1f2976055f3b65ce81e338a825d

SHA512
697e2b08e5307969666bb767e74d3bdbc71143aee616164ea9614a8aef5a25dd02149c44abecb6ea67777970cb415d5fab3697276f0b48956e20bd63910e01a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
1856ccdc1affdabbb6742492fc6cd232

SHA1
3e1062da562b1f8a36757ff3384aeba633b8f226

SHA256
c5419f263eeba40e4df774efda55b1786a9308461681bb0ff9c4262dc0e6959b

SHA512
189d32c99e64c600d9f3482ff6770db8acfdb9e1b5d7f89f1c4e45544b95d7620b1ff7eb1f5aa3eb146bc5600d5779a8a9beb15fa2485d98e78a0ff335247590

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
8dcbd671c009dad0b426a13ade83cffd

SHA1
ca1b069e4897f7ac2c33245392b5014148c37d9a

SHA256
fc3fb3c4bd29c56885797725f80781bc43180a39b81c3550284d0f97c065f9c3

SHA512
9fdf2dcf5caee7f7bc378fbdbd49da370e577386e77efb1b49daaaaa13e8af6eadb5247370ae77fe5e14287fd33127b12d163e85602daa1a5ae0f70d1cf753bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
01a8e3d781c4a6cf5f46963ed90cd49e

SHA1
a4427907aa86200d9ef1385303a37ba64aba5b3c

SHA256
ca84733a93b3be1b34576e0b5e48a802a67102bf8629376bb7874ce21eeb9ac8

SHA512
2635e87c41388b080c88b04dce6157e3e7691639d9edc1610b0e9a114ddeda03240f2ae7009cfa7e8719a512db6fa3cfaaa54352056614404f93dceb66df0d1e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
85d0cec1c1f3364e558e3ba2c480fb8a

SHA1
5510a37bc1eb411f90282584551a480c7c2f1b30

SHA256
8d3a0c3c26361be6bdd1d4ad466694d9c162f81fd5eea4d1b0983385950d586b

SHA512
271a7fdd787e81aac8884bb1454ba6c38ded5f229074188118ff8126011caa23f00b1fa3b93fc7b2188a079f8428d6aefd80a1dac865b734f98afc7308963c1a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
a6575687c9a1746b46a48aab150baf3b

SHA1
fd96fafa85bb178bb6610e4b036c37f39bf58092

SHA256
be7c49721774de4c75348393aad796de980dc797e128c615f433864141af7a76

SHA512
8cdfdd7dbc5e5a79d26bd04b15024a4cd3a6ec406023fd2d93347923303195fadac732686b8d0d2b2db720d4e147895e9a06d285a1cbd79f49f177c14a6734d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
fc3693d14b19ba8829878a2e2d51a667

SHA1
e82e3432d0eced6286e60d3924404a0654d96009

SHA256
f48a776a30a8af58479d222682f05a02e25ed3817f1202a144a109d9397687ed

SHA512
236726655f9d4e1a4d72ff30b809e49f67fcf9c6429dc4cf865dcb7c574260b65e05b2f2eb46f891f569f062dce6bf1dad17498741ed5405e5fb0b5e3e222372

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
cc638e2f703d74f0c3982b9e147b1e35

SHA1
f718059fbb49737d591e010d5d5d79fc8f2c9659

SHA256
7a9347ee2df667b6f4d2b2dce326247ad6f60fdae95f025efb116089c7272f6a

SHA512
2188a4cb5ac82baff941c092f253db70e8cc4e73689b7a1484391a5e0718f0984054fd90cb947881238552c7302ca3539aee3e2d3ed461fc93197fd41de31ece

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
fade5c135661d32991c590f8ddff180e

SHA1
a7994569e7c5c00bed98c652d4e41b314369e960

SHA256
195a2f6361cfb78424d760379f14578fce33d38ac9bbc6070f0807c1654aeeec

SHA512
2eef440edfd1965ebf5f342222b24d907e51fa12e9b31bf0b39f1680abeefdb8d1fb065e93c4664e789206fe146977317f99c5cf43fa0254241730b521d85333

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
02967254d8e712cc047ef406bb72651d

SHA1
90719051b18a8cfafed244a46c13817268d3d6cd

SHA256
1990a7c456581827e74c4695cce7d87c34178b1456b6c11806191d517eebaaa1

SHA512
20ae7eecc5933fbacff43a0bffc7488bcd40ee58fbffec450cf84dd7e4d1c0168791382e5425542b872a94dbe8b0498a3ddc8dc520f5972040b2b8b95258b2fa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
8bd9206f69782acb3e7cc476620e9c54

SHA1
be7ccf3f559855f85794d8fdde82c56c5e15fcc5

SHA256
2a4c7ed2f607d6c7c8f5d2f1dbd570c42f2e4f56dbf899ea28396a352ec987d4

SHA512
a2f4386123ace8a667ae7f6d122ea1825c004bc22171bd6a3f7e4e8e37d2b87969655d6e260e9428b91c25efe9289d5522930b9910d22ad3ec784652f07e6eb1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b54fa6018b8486268ef332962e562ea3

SHA1
98ed8c86361e3a6d8ee120d09058a97ee986d4b6

SHA256
9e2cb7f138b5c78ba67824f8eea241d9ce92c1fb7c0a64facba6518dbbf7228b

SHA512
d51ddf7569376cdbac1bd77d1b647e967f14c83ea8369f3dd6c5b1cb2b2127abb44eae7f257937a24bfa8cfe0910ae358575abfe0c4aa65e0ac59e98150d58df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
9e75063cc018430947771af091489e82

SHA1
cf21559100e46a26511719adf562a0530d3636d4

SHA256
cef29ce4b5c264505e3cef8e08137e9ed10ed60e14e64ace3c653b27e8eaeed1

SHA512
2294fa7a16eb6773caf63df77b56a4e5df7b28f211d324b4a1feeb788fb6da52487acc114cb059dc417851943dbe785e02ced50989178adb656d356654537d8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
892648cb53a4c41db14deb862cde23b3

SHA1
58fc62d60dac3404187ca33182a30edd049942bd

SHA256
8f750fa1edabf1bda4448a8db364d883075042827504c9c55673f493bf9a8e33

SHA512
d38b42262400004e113db765c7b53ee0b5c481122607bc95a914a8e6520c376eba58897402a0586826888271a2d192d43f122e49fff5ba25c522de23813dd6ac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
f99a03bc7e913ca71214bd549d8e5745

SHA1
ae16041064bdeabd71cc7baf66843624d1554822

SHA256
3aeaecd0a56d7940ea7255d0acde1d65958cb382dc94728b9b4449c2f26e5b53

SHA512
9c163776d8a5621b0df810ae47510f8db1337f0b750617903198b140ad36fc94a7459c4a67c405c1a294465594647a59448131f50a2a954e95f61f80878f6406

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
d408e8b555501be6947f52f125b59d40

SHA1
123979e17836b6bc93afc0fc41c13c895cd2c0d1

SHA256
b6da5548a209adf095e27c3a39050ec3fa25f76c78db8b03c9b58dbd8cd6ec52

SHA512
b9b7a855c38b7e3b3a79ca77b1dc57d6ad7a5540e1d7aa24b5072805349569d782f20c6fc6aab94bc61afe8a04f474e00b15cf78122d61164f85f691b3ba5fd8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
26c4ede942b89aee0593675f4f43b013

SHA1
e56450e31c4c8b010ed8909d120e01ac07a98614

SHA256
7083a6e9140c8bbd089c2d118ae1ca7a28f56dcfa4cfe552716724dc53e2d4a1

SHA512
bb74652f22f20bc697ade7afe334075dfa329e7dde3c3456bf7552f157137ce24ac13cb26353188cbfdb459586158edfe522e7d6ad54af49ee6b64e6375bb9dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
be812d5996bf2b67c8b82cfe10cad263

SHA1
635cd36cb26851e83daf34bd56183ea2cb951a9d

SHA256
92d91048e9790e44f9222f3294ae06c20e1b007bfcde4bba19217fdc794c53e8

SHA512
13ee74fc7f3bf3736636e4a753ed32f129a729fa64963877af7378a05fb53d993ee78eaca9f2f5628a6dfaf7bb0c4ee0a37ac851fec3bda758e94cc517cbaa5a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
015ba466ffd648e1b5f48fdac9f123e2

SHA1
0bd00247a6ec6a622be4e1ec23799a2dcb0cb884

SHA256
43cb289134f399195229cfe6a057fd6f88d1761e1754385f46a73ebda2bcd30c

SHA512
20399bda0b3a27a5679b4f4bdb1bbebad219e578c0536d6b9ba773ba3ab621eefc29dc71bbcdaf6cca64b65fb77f86bc77792442a69bf51923556299e3ccdd86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
5ed76f8acf319190b05c93f7870431cf

SHA1
805eb51729513fcf573b250e55c6b8cacbbb4344

SHA256
4c30ad6aba4bdbd16a24f2fd381a86a540702a6860d0fe109a5d380ce6d007d6

SHA512
45b87d8430cb7a20622b62a7c23b1c7329fcf217f133f691c830815c96284f6486de74cf16d4d4a55ee61d5f6a743616450017a4dba3b3c6206ba9c8accebdc2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
62f9dd83653e398798dad25fb1e5f697

SHA1
cb9cf9224f8853bdca2cffe5d5f7fe44581c8526

SHA256
0e184667f22abfc6f267b6a21b433e6c888fe1e47854dd0df7dfbe2dceab2c2e

SHA512
0ac63eb93122467ecc10ab6e73bc1264a57323903a54c60199461c40894ece01c8b5ffa5240614f9a71ab653ff8350500439d8bb7be21c053e6beab5d43cce2b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
faacd845241ca3b6207432d611f68ab1

SHA1
441a4d58d3e3cd9cc2d40b719cf20d0e74252848

SHA256
9e4a4f15b675727eb19bc2619c7e7b3b0f4e4f8076eafa8ec3285a63320f43de

SHA512
f2acaf56750f7d1abb809517d867fad3ee59a51dcf84b7f81c0ed6f07d44d38f7d5a4a33db5feebda5eedd20d7014219650a1108132d0f4cb336839bb7840157

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
02459f247ab0992b14f096d26231ace1

SHA1
b592609508649bf65ceab0d330c81461dfa99567

SHA256
54dd03aee765d6df9628b9111795ea27200d79317c5b84bb6a83d31a771973fd

SHA512
07a49ae12b649292eb64dfe85734f0bc9e07d84871d4c104552bb0661a31710871d194994e41780bf90df25f8e1bdffbf7f5e2c1136d5d36f8adb28957cc6992

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
e69f73bc75ec8d7918d1da78a5d05e4c

SHA1
a3850f8b74e33186a34721403ec9ed2b921188fb

SHA256
c536fa17a7b2d68bfcbbfd371d35ad710c3383fa01f5e0793ea5932fb6af4c49

SHA512
98a94fd58685a658da6771339ab4c96c42157a5205a11ec5be25683bda128c165a5d2ef82e7a04d39b2cf4079dfc1c9ed4c3d8c51a4edff22c0926b0ab8ce497

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
3d28b7dcabfc624068538ffa867dc1bc

SHA1
1f8c481596f8f74b9bc7c524cdaade86a3e5b222

SHA256
4a2c6cd7cb79695cbab7f158443b404e8580985cdb5fc3aaf115398e3707830b

SHA512
02116e18533bd0d60a72ca889b9c328ea4f10f1bd5f5882cef6d6ebbe2c2c22b0a8cc46ed6b74e1dd8b580f820e1027ac71bf2df7c4004150bfb547d4a201ffb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
40f53c2b284d4c9d5c67fd43c6973224

SHA1
df7a8b117bc62c25a0f4020c30d12cbaf054ccee

SHA256
b1aa6701d671b4895a8fcc4ba4cf748e4466d8383cc16ab9687943afd4594b45

SHA512
5f715364390c48080b8dde4fce03de4da92b3550c9699cba9c21bdcd01fce22c9a24a9996eb3877887439de3f30b9b53e357718fb1872c2a94c6de92e73d281b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
70d50e46c83752ec3aa6aea4fa0f836b

SHA1
750b26f24a72fa201394f1e2e56d5dd8d41ad75b

SHA256
472ba3dd5876a455ecf0efaecb6d7df44db92c08d3543a552fde668f64965c71

SHA512
fcb909d615659c954bdb1ec917e67ce7122f237c1341c082d501516d91b88d4c7260435c81fd00ad4ded6af86c8fc6690e84854b3adad5b11779e4c587b681cc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
1dda30b8fd3e4f7031ec90fa6852715d

SHA1
bb09fd5bf6652399b9af25b081b289a5f046288e

SHA256
b2a4aa369cd004b0e3267cf5ba8fea85407920eab9b7cb95377ca436921348ee

SHA512
7085412ec2cbb808e3d6e049027bce80e3e29580dd52f7463008b48157f9683c6dbf68c88ff14ad08ee039447a056a4e622e9082fd0a9e9991d95dad4f105dd7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
6ebb9680308c79c8578664eba05d0982

SHA1
16004d2e200b4cca25c21b80ababd00a7f5ef74a

SHA256
3d987862bb11e1403d8c9c7da80c5afd72eb060d766edc4db5f3f2610ad0fbab

SHA512
5751f4288696005afece08b1b08881b38703784dd9d1b09184c8608818e9f82e0de97b0c9b0c3cf2d0eb645b0d88d3cf19684571b3c6b6a1a7309fa503915be2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d05b25e04178d85f99c84bf41160d4ff

SHA1
d0aa3dc2c9f522b6d845c8ad683d9d6ae3c79c11

SHA256
dd937503d8985b23bf575ab4ca2d5324fdfef9fb79cad58addac803fcdb28a0f

SHA512
04ca653961fea819a58626157caa467d407df937829937819e9f1079d35a984188d15673932fe20630939ede3d23edc295cf61c8246b974ddb8464eb7ab9b544

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
4eff7c7b5188325cfb200cbcd5b6cade

SHA1
05c919368baee031fcd9171edfc95e02f1586785

SHA256
aec9be464bea9a7325a2c05b103660497dce0a55af74144b0e56b553af09d8b9

SHA512
281872cd21fd004469ab8930d94f5d4eff8208285da32bf3f171f0bb67d1972284cb7adc76621eaa0c904c30fa04c4728e39c7e11e360c3914f8165a89b831a4

Download Submit
memory/2276-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2276-3-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3468-12525-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-7-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-4176-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-11663-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-8887-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-6-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-4179-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-3519-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-5-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-12846-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-12869-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-12876-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-12878-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3468-12877-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download