xorist | 7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Size

7KB
MD5

b3aa1f331e9be757cdb400d278dd8891
SHA1

c1b5956632dbf7e961e51330e53dd4ecdffacee7
SHA256

7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9
SHA512

ea316b5a9e6aae42ae16e8eb3dce6a085dc15fa422ad0966a6085cf81a1607844cc4665ebb4fb08e53b730422c22a43519e29e7519b0f3266ba06f7f3dcd12db
SSDEEP

96:leZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExjS1XqJTSsfs/+GeZUeP:kzdrr1FG1WDCgmjPZjzThE/5eRGMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/2304-5255-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-5256-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-9758-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-10761-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-10884-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-11161-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-11162-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2304-11167-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe"	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbw561.inf_amd64_0406b31e81bea0d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@VpnToastIcon.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_20c8782372e47bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Licenses\neutral\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_kvpexchange.inf_amd64_b3c17aa69dce1e0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2304-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-5255-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-5256-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-9758-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-10761-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-10884-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-11161-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-11162-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2304-11167-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-200_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-colorize.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-100.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-unplated_contrast-white.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_altform-unplated_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-125.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_SplashScreen.scale-100.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionSmallTile.scale-125.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-32.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-24_altform-unplated.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-200.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-150.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-200_contrast-white.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-white_scale-200.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-48_altform-lightunplated.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_altform-unplated_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-100.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-150.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-200.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\standards_poster.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_altform-unplated_contrast-white.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr-2x.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-256.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\BrushProfile\BrushBump64.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-200.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_contrast-white.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LibrarySquare71x71Logo.scale-100.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_jsc.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_33b566d71f6b7812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dot3gpclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_d8f7d0cf7e2906f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.19041.1266_none_ee614da092435ac4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..esolverux.appxsetup_31bf3856ad364e35_10.0.19041.1_none_7180b229ade8dd15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_7f3ce865b633ae51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\INF\UGTHRSVC\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..m-manager.resources_31bf3856ad364e35_10.0.19041.1_en-us_eee49b3b2905c488\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_scrawpdo.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_75154f98c47279e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..etintlerr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_914b243583fa1ee2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Security.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_bg-bg_716e22d250901c5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.scale-400.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_755fa162c0cf3fc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ipxlatcfg.resources_31bf3856ad364e35_10.0.19041.1_de-de_d3d414e9400ec4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-powershell-events_31bf3856ad364e35_10.0.19041.1_none_8ec330b742668224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_75ed3dc76e3818ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_7999baeaf356e869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netjme.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_37ea4262450515b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netk57a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5205ba49a025de3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-powershell-sip_31bf3856ad364e35_10.0.19041.546_none_50bc923095e2d4f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..kux-rasmediamanager_31bf3856ad364e35_10.0.19041.1266_none_ed5faa94f32d5efc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..efiles-ui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b94ff247f3cc8de6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..onwakesettingflyout_31bf3856ad364e35_10.0.19041.1_none_623e57cb80e184b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_54fc031bd6317175\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.746_none_5e2908237fd796e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_400.htm	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_10.0.19041.746_none_3fa22ede0412c9dc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-drv.resources_31bf3856ad364e35_10.0.19041.1_de-de_5ac486cc36468b2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.844_none_6307f7c901eceb7b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.19041.1_it-it_058a8d9aedf0761a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.targetsize-16_altform-unplated.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_10.0.19041.1_none_8b6323099e7e4441\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_10.0.19041.1_none_b27c2f4ef5e67fd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1_none_9fffda291c87114e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-twinui-appcore_31bf3856ad364e35_10.0.19041.264_none_79ff08e5ee1537be\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.powershel..datautils.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_04784fc7c1b1989c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ffd87cc256dc4f7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_volmgr.inf_31bf3856ad364e35_10.0.19041.928_none_30299b60c292d748\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_aad5eb799ee955ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_410.htm	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..mentmanifests-minio_31bf3856ad364e35_10.0.19041.1_none_642743188b75ab27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-000b0c00_31bf3856ad364e35_10.0.19041.1_none_832eac48986c5994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..ap-rastls.resources_31bf3856ad364e35_10.0.19041.1_es-es_346452e422225c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-resolver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0c91e4569078d78d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_it-it_95a1a37ffda61620\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..rtmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_84b5a1946ada9333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3cde18c9f18b8b0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-corperfmonext_dll_b03f5f7f11d50a3a_4.0.15805.0_none_08e6554895dd9e18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_es-es_0be570c9ae221c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-96_contrast-white.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasapi_31bf3856ad364e35_10.0.19041.1_none_23288cedeee2b8f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-48_altform-unplated_contrast-black.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_de-de_91f1eba470aaf993\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Activities.Build.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.targetsize-20.png	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeactivitysyncconsent-main.html	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-xboxgipradiomanager_31bf3856ad364e35_10.0.19041.746_none_ec68f424f2203d62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wsdprint.inf_31bf3856ad364e35_10.0.19041.1_none_79f1ac404875c784\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..notificationmanager_31bf3856ad364e35_10.0.19041.1_none_87de5d573f7e8b1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\common-toggle-template.html	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TMBTQNPXFMFSJFV"	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\ = "CRYPTED!"	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe,0"	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe"	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon	b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
319c6e93f7ff85550b0106d7bb5b8b47

SHA1
5e83e044d247cdfee2e267337b5e5ddef00ae4ac

SHA256
993312811a0c1581eaea5e7730cb24ea565ea04199932aed199b33f3083a5b4b

SHA512
cc94edd47b0283dc48148a889b857c8ce5217753fc092ca245669e6b9dcbc87b1befdec0836008c094f52266f76be01c23ea2ae39a69b11adab8b76e940b674f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
9aeaf4d644c78415fcd43aebbfd226b7

SHA1
40b855373bfb9728bc3e6baff1b542beefced874

SHA256
89e12544ae10ae534413ade4c522068ad92e16da4e9d3a554f45480e02053d54

SHA512
270989b3a13d3be831e8ebe70d2561522a26a657c9ed6966610c81beb452f6f2f696a86630bf1839f69541ebbc295e114eab1826de8670c3db51c304e8cf79f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
157fb8c92a5a71619f9faa0e515b455f

SHA1
2de774dd80b9f89cb4c84e0a8978bedbcf838469

SHA256
043703461227659e6fe2ae1dc9a3f0adc2ab0013970be4d21f149077f83e07ef

SHA512
f8b9635deb7c0aa5002c90bf44812f35993057f748d9b0b5e075655c0bbb79871eb5b84b013db656430cc61e25c27e2e62527d556117bc65228ff4c1373b796e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
90e76e5861c3eee5f58540aa8d2f1033

SHA1
c98507b894df257f47ed9525354ac7aa6eb3d746

SHA256
23afde195bec27e58d0c3116455222157ace15029443f54954b4e22d82f28b27

SHA512
fa090ae849ac0c96c21f7200c4a3dd6ffd1265b8be55d3ab44c68d6d65277604fed0fffdca20577ad8532eed1a285fa18068b3b7e0a6b809447aa6ca0ad6fa8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
0317d97f8d083ad2a023a729f40fb2d3

SHA1
0f5cbb2b94e211e640e00c850ae838680f4c6f51

SHA256
b4516e711ef3dc0104b05e23f724ba684cf64f8dee0c5c2cf935ef2e1007393e

SHA512
a8e77c53791c35b2b0847c5c93e8212e1ff79987089a952c3d818a7e559d66115ca2a1b684e1e411dd164e9bb2dfa19e51abc9a1a512156e6eb623dd9d1a1e55

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
122ace9ae5506b0de7d1f0109c31c796

SHA1
d7434bf0de75a25f59cb8ced1c89fae79d06fef1

SHA256
760235c0ac50ba35a9738e1306c51d923619a6a4b3ad72bafed4947c17c8c25a

SHA512
47ce9986dd7116b70ce46a2cb120c7a098b3cd6f388ccf9f6a577d429753a9250e0983202fc12de9c71f06db7066257da39707b83dd9a6f4c3ad992b1513f15f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
933c78d826e2cd0086e77d6cbab41798

SHA1
217a650204c6aded791e7b67501f5136675020e4

SHA256
2546a189ce668073dd3cc1a490608848e140fc9abc982b291ed4390e3be48987

SHA512
9fdf3d3aabd34316bfae7d5c300605e6db367827026da97a64ec0f4cb86bd67f781eb41812dec72662bbc12efc3e7beacb5acf9a73529e076336cb3b12bb4df1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
5a1b7fb13b609d30697e14ea66d4c933

SHA1
8c47c547669e6d98065ecb6dce3e1ab9cf0115bb

SHA256
b54993b76181ade13e2f43a5c7768b05602a87f86584535e7ed376cfdab4e615

SHA512
f73342f75da83417fa06e4699495a1002431659dbc7a9a7a425352e9772f01ab9a7e066f322ab0cb28967204077a219cee0422d2083f6b47c3fe80ab93fbc21d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
22c841983188e9a6ad69ce8a936e06fb

SHA1
510a4ef6695a57d7b172346850b514d84b4ac051

SHA256
f29a08a6d4e38b7c595fcdad6af83833267ca03e5808b062f911ffc2dd6c2706

SHA512
92268f7e0b7fc3ca705909701b9ecaff0cbc03653786a2911f0948644d4f3b0fcaf82518d54562a469257005da194fac1fd2c577f7822f3166d19e5a45b0087f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
4b464756b2d70396f95ef75f4dc5e08b

SHA1
c5ba3720c5212ee7199d406ebc1e57cdcb115ce7

SHA256
041cc9d393de0a54394604425334561f3a437416c4d5dfbe4f0195a1a8e283b7

SHA512
0f8a54908a1f3378d97a5f35a4d2d0ac95284eee0df3103e47cc10065fc1825fd0c1974352c6c791618cb511c35917d418ca1439d903cb338a4d28e309d8426a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
973941562e9c73c6bcbad4df2bf9ef59

SHA1
bd9bd92299dd25facf5693a063609defa23c3973

SHA256
0ecb1b818733c7329e0520401a134c55be8e097a7635f66558054c1821156845

SHA512
c23af930052a517ebc5a039b538454f5d719c79dd0bd1fdc0cbe4843d056335d895088201de51c90a4eef156c8b6d021d4d25345fac08de1d7880386319054c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
1b33610ae284de22735fe8221080cbf3

SHA1
f500dd057ebba45c4966c649a4b3cc48a37f2578

SHA256
682a8c72e7c447e97e1dcf1bdb539290a2e51bca85e9744024504e45cbafe050

SHA512
2ae910a31cd12b38f27645682d2a00b43da392d95edd1bd28d8bfbae3f6a090f374ad1dc7906f7f85805c6c657ad7408a3db03b30a26f528ecd4dd93184bc80a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
545ccedfb1e07581595bbecb5cb34ffa

SHA1
aecbd2980c782b8b7c55187db0b2f3cb4b4b97cc

SHA256
c0ce3c84e842fe5722f71e543dd21bd6185a861a7481aa3e79ac749ccff23122

SHA512
a7ed81f65884da94fa82b9634b72dd67b8ba738d61ea2a22e55007d21f30ec3dea6778a975cd0debef47de615d7d0d3f78cd201789eb0be4742484f95df2bcc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
bf6eaa5064a782a0d6f67c8936fed6df

SHA1
e5a8a1438b7d6c4ff1bb6ee9cad2b411feb097a1

SHA256
2a4b63aeda44c08e732733ec5653f18b128c5ee2bafb39770a872e057ecc8419

SHA512
39bbed0836cb9d956fa9af35eb3300a8adbc133292689068b70f7eef2d5030034ea22a17a29a407d7cbeb8953f73c380bc16bebeaf4fc95717e28e6165d656b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
24582afaf3f1ae0a3548e591b1ad10c3

SHA1
97b7082875badb598259baa3a071fb19e2cbff45

SHA256
a9b406440b823dd79d80541908055c53a4f9dce9ae2b96a1b6bd532095fc6ec0

SHA512
0e089dc113842dd26fda71be30a3d3fc00a722fece018b98234ddc3ba696f388bdd45316d44ffd4972fec4af66798bd6ae18a983e47727ed98766d6b39a3895d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
4cc424b8a5b0eeb9771a33bbd51334b4

SHA1
eacc1a6b535f1e2102896a79e91d78d7d3ac577b

SHA256
6a181282afee0d34ffddbe1013f37ae321a2fac1c81a7efaaefaa8cfe655b1f9

SHA512
3745ce0f6fd85269b485643bc8faceca35f654c6587854feaf33a8c2e173bf707253d8d659ae388505b206ca343bd03b98f83280c1c1db1a1638efb6393fff3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
6f43c1c4768dc287c3c05c70276d075f

SHA1
7e4308ad69bbef4acde308e177004ef0d78862dd

SHA256
c224d88f84ed1dd2c0fa2ebf186c15727e18c8cf29dd192f3621db5098b6aa2b

SHA512
6bc30862c1fadfe080b59a847a954da8f237593b196e0f08d7102cc621b9bb22c9e1b766f288746c028e05636241fee750cad26781e8f67166c71a940f531653

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
4f803049d7dcaebd7906f9e6c184b8e4

SHA1
1bd7fb9882f09ed47ee134ebf8a37790fa4b8e3b

SHA256
c841d067765d3cc4145b71745452b99f8a4f57fb9be8c1187e8903bea0a31c5c

SHA512
385eb913c0705d0142604bcb49fd0e97006f6fff4f7ff03b6cb4c9247466288d1eca27cb7bc72cc9ca27f8b54a2f99d0b73d1687bb3c6143eb993d2ebb09ff86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
e96ef41d4958ceeacd7a6eca95cdb8c7

SHA1
76c9ccaf4a86485eeb10a8e41a032a4199519a5c

SHA256
0bb157c350f9cfe3db8e35e60c4a2faf0c3d6b8aaf2cb3ccb82f0b9e0881d35a

SHA512
db1009885d814546d14a412f41e3e1fa9e4ec925272547e2609f1ae42c49ab539d8169b738125f641e9a607e73dcd5dfde70da5b59c64e4b5ce27bfaafec4604

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b1203907abfad2f5232154e3ad4ec47d

SHA1
152b0c1fc261d1a7a08d33466ebdfc1dbe6fcf12

SHA256
99a5aa224d5089f1aed21e8e0c5355258907ee967affe57c5c6330becebd7e2f

SHA512
312877ac5209ad83fe4ea533df4f0c229ba18e533fff5d68b6fea787171e2bf80cabb6401969d54c78cac17e6177becd378afd1d84cc36a20462a3908b917352

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
3d842d90cbb8d03abba989465312a171

SHA1
01d4f8d3c8a7be1e01dbdbdf78f5aaa6fe5820d7

SHA256
72e8102a7f1e8838f85fa654e73633467ea7c736c311fd947fb00e254391d389

SHA512
2bb5335fbd5c31b3765ec2ccccd7c47fcf5b4ddc6a70ab248667bdaf5ecc05842fdd2bc4bca72a327ce475384019177ae8e2b520f789cafd8556ca708d949cf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1177d013f7dcbb51f1bd00a781d63892

SHA1
291f67da3f200ef9e3c76831c0a45465d25cc046

SHA256
6c63627520141ef96f4dce8ef4d306b927c3dacf0db49d3dc3a247b9ba7e43ca

SHA512
9721ab2ba2154370a58d9f30000d57eaba8c86fef6206ad259330e322d8e9120ccbf1b4092983132a600e1c7c377f525833d328e11f55d82d4ec4ea4fbca64b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
1cbf016dd958f96c2d3d6fd9e1a358db

SHA1
30f13a9090db6ee2e8dca34f7f476df8f8317c35

SHA256
89660ce44a47a9754b812135608e69cbe1e6ceb0cdc117cf243a060fa8637960

SHA512
38ba3ac0d0b124ac4a1812bdbfc502580917af221a42dbf5999e7ca3e80bd48a3b8436bdbf2f2d509e3540f910cd5f58424e65faf482eab9fa802a4772fb50a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
fe9f6f8fbec94697ad69458e9fc8d074

SHA1
089554781512e3d7827a179388816eaaefab02b4

SHA256
413584a692e0ac8b40573e97144f002d40eb9ed279311dde2ec287cc1418584d

SHA512
b5a213ab30e674288fe63baae7c588f0d5b69d335ee271723aec0b80e3027dd684c76ceb25890d9763f830dd959861916249d49a4d15050761bba9e6cd18b0b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
20c6235de92d01dc647f9dcfac9b937a

SHA1
ab83795e692ff0f11280632c4a6eaafb5f748277

SHA256
e87481900c53e35841f9188588a38dcc296ea5f1bef1f93e3902a6f41d3d394c

SHA512
945acfc3c5f9dc750ea3b6eef7f3a3b0c7ac8250f5d40cc4fe0715cb64ca18191e3f49dd3235cfd9ea0b68d4cc26f85a8b18607aa8b1b50283b47ffe131b7a04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
da60a8e460d5774988c572f12d88f7a7

SHA1
b335e4be71e6eb1d833b83c6f0538a191803b357

SHA256
d7abfcc67ff9925e523627b7dff6e3d86b81073857a62fd54d2cb5613a1a23a1

SHA512
21291603a82dcbb261f305f0544d013a953af5ff9fa3dafa85d584f6349bf9db391ec7b8c789695103a05fea7c5ac9a5cf1ee6566fdd422a0f247c14e1fd497a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
6686ca441eff8a43c5bd8d4407985377

SHA1
1b5d012718c7f49523fdb062fb10fd9fb1a1e049

SHA256
94fe9f24dc8ce7a9805c294af84bcdb93c7ec40ee42910260076d53b239551eb

SHA512
3ede087ea2fc65a13fecb83b98f1306f274d414dba3bc47236298c264750fc84fc6965915ff6fd115bec0c0d19f5c7ffb5edb89cbc21379405f18c2d5ba285d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
e0b48a12a119f09411ecce1e93f8a514

SHA1
8fb1d518158494293839f9311087b39f552c88c1

SHA256
3038b294cf6fab968ec72c3d366506f3a6eb6e349ef8dfcea4a81df368bf8a8d

SHA512
5b43abc430384c3d6e28c6530db69f8abba405412445a9ce3fe69fefa40ce66431c42d820ed36cb75c732cf9c3e05d69633c5a37cd57b2981e0059976fc1273c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
e6782a264b3f9db8bf6fa7eda1f40005

SHA1
5dbc81d3f487d8c0d9e9e23a242a1a1eade31954

SHA256
86d51ba1206aab56317b5d40800129db8cd85122e30cebc5478231303563da09

SHA512
fe934ed88e9992d146230f2bfbb62694730403c737fbc8eb09365100f1398d2230b38816a6364df00a919a30c20e0e6722a8413e314d2e13ef9c819815971c48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
f5456ac5b449cb7df803908a66c3ffc7

SHA1
9b78d17a05f6a493680371f798e6610fea919042

SHA256
9027f0d07bd84612184c8589ca4ed205bd41f3a64d145e98835982c21cbbf311

SHA512
b89febddab017a8265bf0a60d56192b6ab9414febec65d4c40372cf5a30641c06a4584edac3998f942d6dec89f94844cd0f7a4265d7e94262df409759b3f4c76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
7a82adc35c8693aa349854d1604871dd

SHA1
8d810bed2860e5bf9141adfbc90c68270f6d150b

SHA256
4fa2840ddcf0c5c1964cedfeec526ff96f0e6456fc61401620c18bf884f74510

SHA512
71ed3dbcef2dd81d20e735d0d3c96b608d8661bacab622463a5395d12c40828f3ad688935748338e0137974c61f63bec902c69914a703599f2aff99b7992e72c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
8e3dc5934c3dfe085b9e0e46236729d4

SHA1
65ad2dfc7272a42ad5c567307078a0055db1ca0f

SHA256
88ea9bccb64c412475e489af77f8aadbd49f50b4de9ac911a519bdea52c1e2e5

SHA512
b785cfb1e00f74595a3f7794aec5b6895d88f8bcf1d88e2664c57b107c5f8b0ef300587a6d53ae901756e45dc6cf447947ec5adde5076f1717ffacf9cfae0236

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d418e432dacbc83b161ab856f973d989

SHA1
3f36b8db116a1491e182505302d86c3615c2354b

SHA256
011010c9da59905c3d30eb54402b1b21fff1236bb4a3f3d1039b77037aa46b69

SHA512
06d47c68731a3ef415a782a305770849395cba691d29c99e77087427dd758831ecdbddcbf1b84c5914b1b1bee41e413d11b65782a136d1d0e58611e405d23cdb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
75687ed41c50e46f2699a522bf429c84

SHA1
40f8acedce94cc79a977ac74a189d1193d9b6513

SHA256
6fc01945cab08bf7f66598e039090a8efb518b7680c208f6cbe8af394581d7b8

SHA512
50f0f877904e4b4e4d9f31c989e5ff818c0f2d8b65b636621063415394da9cbc008ee579dee8e615a8dc948506bca6025211f748bb0b04b3b6b315ab11ce2820

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8d4a5d02c88340615d5e4387c38fe46e

SHA1
6508a5b460e89bcf85d9c58c9bbf2ada38dd50b5

SHA256
5ed42c22077fa473df080b9732e9a333f39348ac21c1cd7ec306a17f9b657089

SHA512
cefb394c40df4899be8a0b86e9a73e0abcee081fb6582a8dc2a8b2d6cd4c2048751abf0441824236fceea07725d3b0b57a1040bc5bbfdea53c3ceedba078ba81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
0d567bed633411ec53230f9e84ec39bf

SHA1
b7d112dbf4294da08ced8b363dda31869bdb4f1a

SHA256
7f446f2479d02a9564973ef4cb997712c9449d6d05bb4a37ea1ed9de1863fce6

SHA512
de4c73c33bf77b1dcef42ad72fabb7929eade6d0fea366ec2e52474983a96b955893265e5545263ce8bdf5cec87fa81c8a7646bebe19760e1048e2a30b165283

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
e089e1422fe4b401e7803e55eb0c51e2

SHA1
e9e030563c0aeb876edcfeedb49d08ad1974cb2a

SHA256
9e5940b8a707a1a95dc77dac6e568a211e240643b5316c2e36918b8d49382d66

SHA512
324ac2a8959488fafac997c59a7ef6b07b279e0a338409907ff2e4c48f2f3d2878f082e5b363c95da35298c88ae7e26321045423f49258236d9444a906737986

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
1f21d4a64c9ff5674464fc764dead4d9

SHA1
f1f5e029aa8c9ad3f85d13e3fcd0aafc5dbe81d0

SHA256
deff85d73f2a4e17a8e531d4e78e946868200275a80f1438944c99a193539861

SHA512
ddc2915ea17ac9931be5c47442ae59d780709cfbbdc0819014a0a282adb0e182ee382932d0fa1045a08e5fed2c80e2d04dda1c0285a3868a1c3197af2af37f4e

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
e82a9f576d6f164c86d975194bf98c53

SHA1
eccfa932789541dd41482753fcd5d3d51dcd44b3

SHA256
4f29ba8c8d0bfc1fad50f6381c50506850ff6cefbe53144edbe56815eeefd34c

SHA512
607064621abad7cbb6f9c9d609f9f5d831264df1acd7b3f6c8598a50f0f1bd788469c42f393c335c7347c0defddfb80594b859641569f3a04fa56b1af950cf8e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
fcb9e2a88fc56cb3dc795305ddb6b091

SHA1
e65fa2057367154d3ceb77a138c0c91318ed51e5

SHA256
e2b74d164a9ae95ff7d6a6729cd92b82b5d0d360ed607099f83c09322e46da43

SHA512
dfc5ae2fe19a4c47c5b2729c9b7c5e86bd20ead43fe43bcd3e97f6b7bd1ef1d1f7710d878a9eb89159823e0abb1d832305c61d51b235e1c08ccddbecfa9533f9

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
09221ebd76269bad426d0887b2396666

SHA1
8d7ebcfc6b925ac381cc45aad016049f5eec9f46

SHA256
adeb5b4aaa092c9acb6c24f16c62493c0a00a9e37af8210b97d61522d3492833

SHA512
60974c09cbcc1dd7a800c6f3a318baf4d3c852005c559813fa94169f209f313d2a02d9a22ab7a360545808d81311a044ad3280acccda0aacf4c0589219407e9b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
16a2d2533786f729452f004cca30c7ee

SHA1
e81cfe71aff682880ee0e3b8aa86ca589235db6f

SHA256
ab0d9b1f068de4b2bf1d56610da9cd0c9303d129527f6fb2f28d04a726396ebf

SHA512
d88e0a25843815d47a600a96884d3192446553ec46373956c9f0fe11fe1678cb5d6cf21ad0e81a0677537c98d87add2d5f9cfe1acb0fd3259ddeebf38861e58b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
8b41751b4f3fed8e71f5260076b69809

SHA1
e96ca1c45c527a8d42db262632c4cfc85bf5deec

SHA256
d13baacfa5857e0e5b8be5f8faa9ff6fe24c49e77ae798f3a2296f5f011fa769

SHA512
5c4c618da4cb18c67b44c5a8e52370950f67bc76deb0d3d27475b5c7324bfac41686d55b883deaea3b8a8e1e40ca25938cfc1a38db6a5a50996010ffc2b9f80e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
bbf4f736522776af3230fafd28f98cbf

SHA1
6af71b672d7f230fc1a62ec264b13aa1c74e52b0

SHA256
364d97380208a7bc23c67bcd55985436f7c62637e9a0998504226bae8161aa37

SHA512
de86a1c7beab4b2fc76ed57c27a1d0c3ec68091d14ff9934115a02e8f7ac1d5bbad023efd55ab30e88c18be00b3d7bc0c569b83c14095552554f69dd15b0fe27

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
fefaf2890a04afe7b671394ec1de06ee

SHA1
a2256e1de51a674f7e0f6f38b5519ff526627063

SHA256
1cf21cb7990ec731b9087982806edc25460bdda04f6f924144cf98be870e3505

SHA512
bff917a4d620a3accefdaf0a6b45f50e933055d123815aa24f0933d806831d55ec4e0e5fe3c532da26533b5a2ad07bf70be4496ae08307c1b1f0dea45900752d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
62414a11e4161e568338c21246b2c5c5

SHA1
108319f6d6b2e9fa7de6589381a0423502f4eb6d

SHA256
5a8683396b2f0061debf4601dce7092a5b1f60d3044426fcfa77a903c5c033c0

SHA512
609dd84f6b536aa6e539bab7842cae3b0fd33e76abf406ef8962c6aa4b1a682bcc2c6cb309becb0c2a5e3f3894a8861798508b722e0f806f1f732b19731cce29

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
4e166104d829b33836c6fd210d93c550

SHA1
7e8e9529f0466d6b040d0d6b2e996b8975b7aa9f

SHA256
7b2e83551536ff06e884922e3410cf085ed5b1f86ff8789e745812a6f4418958

SHA512
6d06eb90c68d2589fd51ade0b8b29b0e8124904561310534cea106b17ff452a57c3db509fe62d71710f5e2554d0fbb375bb345dd0de43b536e21ef651265ffd5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
8ada02bfce88137c008deb244579607a

SHA1
0fb12157843914f09b05ae1a1ccb2381e3d5424a

SHA256
8a23835b6b6127d58712a4e490a46a856e8063786f3bf505942fab1447568376

SHA512
20a009fa15ffd87a94fb3e2ad4cba15c5397cf94852a118c5bd13cd67a406c7cbb45cace27f7641ac46b0fc50156e1e693d86d1c1a9625b3856a710dd1b2d3c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
d4a17d434d8095e4127895db8e869bb6

SHA1
7adfb5cda85df135669d0a6fe1b089c5478a4743

SHA256
4a6ba9568b3f92c1fd27e66163b486cc6f2a41bbf72e2ed0dec83e6c3f84097b

SHA512
49301cac345d16e873ea285ebc32a6244eaa1f50dd63568fa644128ac1d70350b679d1fcfd8a125156e3fe1671f778bf748ba080a189778557160bf5a494fa1e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
db9188f8a558a47211285fdbd20d147f

SHA1
b16c60ba1197bd98b419777e5a794a02f9808372

SHA256
421bd306d050abbe8ec2d851c538775fbc666b0197768efd65b7645b683b8c96

SHA512
c370f2c3afec1491859dd099bb3fb7f263c28da67ae008b43ce31acfc4a5362a92af970659047dac5a3cb9a0aa863adca48a8506e7900f4f4cbc98dd6fe95feb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
fc3c7c843a41351b62c84a581d823d9c

SHA1
e453456a3bf212d287d31d01fd42ad0bedc2aa31

SHA256
2d14ab88db737cb3422511c00445e1e555cd96428f8e167efca244934fe6047d

SHA512
228d9f3d5c2e55e670ce3d1abfa0aa07a8d7922bc9fc91ba3eaae2acfd8ff9523bddb710dc274b5a3518772c350b86977b18a0027a69f2430211303cd34b1d25

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
b59d486751cc9352bea509e4f6bb9af9

SHA1
cf7c87c3f98810d78b6f4eab4d30b1fd3d2f9cbf

SHA256
b163efdc4dddc2b81cf1f65956db53c2e54c33909cd1f04407c9859f271b3882

SHA512
b0252708596797c4bfe5ba24fb0e5d9b2aa2473578b74603ac31d5e7f904a5a2478d031da462030177ae5d52e9349884aebcf421dda02cc52c3e8cb4615f8d31

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
63bd2e08f108a1e44089584965a4712a

SHA1
77d4bc806a8bae4e57472b07eb51248501c81df0

SHA256
7d59c1d4c84aced0cf85840099254d3d7a05255fc9c32c254c28fd5138ad03ca

SHA512
112715f10abb0b2b968b2ac36d95a228e4c390fb7beac0b9fd0eb37a04aea0a29d8dd43e55fe9ef6cd1439f1c99ac1690cf2cd13e0b004e5c292b3d99ed38d63

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
a4b45d6b01b4401af33c44083d2d91b1

SHA1
60f96b8438c1337da569e816c7fa38c5258fe391

SHA256
81e000ccba490f9debd80fb7b2009c5a9d10f470f6ba4d80eb9b323632c94ba0

SHA512
8088e2e8baeeb5a5f6654038505888649fdd8fa52e9a74e40817e86faf868d834db576e260a85174c4d96cb8a821534a414c0db271c0240a45c1f7d6ff3db824

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
8bf2fae33736ac6f2b0346153ae5d365

SHA1
a3981915788919ef468536330a7e785610dc5d6e

SHA256
77a9139d0262a42934a4edc7a6752814df41a309087a5efd8c91e27ea5c6d376

SHA512
b9ec08dd96c44eef0587a145ef45da09c0ee3db74574b2acfb99b110405341da7c42ed4a5eaad632a7f367f243cb209e5ee2bc238eb4a3b81fee574048efd705

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
87400af99ee6b91980042f50418f155e

SHA1
4036bcedab1a12cf8e343abd45f27872e748cab8

SHA256
11691c5cdfd910326aab0b7b2b3334cfe45c53f5bd4bc2662d070a42ae46fc2c

SHA512
aa353ad5d9d81c627ac089f74b2c15aa2d80ff5794080f0c64070a50deef3b508400b64320ea07c6b68243d9093a9ea372c02d471e1a387fe230df975e3b6ff6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8e31b56a060b6ef0ed336686fac0c5f4

SHA1
250d80532ce604bc515b9ed54406182a17f3a4a7

SHA256
280093b3e46ee430361dbaa68b6b8928a379d072841ab9ab14fba7df199401fc

SHA512
109a5ab6b963a312f90986c33a33049d8913a1c97e67a2c77ccf166f02f9b7705f62c53fbc5998472c85688b25fd29649d164e48f8a89174f60ccd2b1393005e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
85eef2f84aa03b7d5eddcad1e0474234

SHA1
282d6ac8a99a6e0736d967a1ff83fdca1e0dd432

SHA256
b82e8a950f5856212a8c818792a5f497015d6290bf08881e41ecfb3c4fd946ca

SHA512
4cd46eea563cbf050112a030c7c755d29a1404e0de0254b29e16f941e3c79c5fc9c26be03e67b2b9bba3111650bc65f6f7f13c6d7e87fbc22ed5602a12119c0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
76232c7b452997c4c431c2decaef2409

SHA1
7aed452b6696d0d060862519dc3ae0dcd322b0ed

SHA256
9d1f2b085ca127b746d251bc432ce06b1ae41825b9572d0cec396c9a66090b80

SHA512
18f1ffad1a2487c640797b7db8668fc5b97841d41cf76aee16902e43b531d47099c0568247f61d79e0219f197a14806c6531fe415167e39781b143ab58221402

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
26bf342b2fbc271ec3194d5ee7a52479

SHA1
457802e46df3c368e43daf41143a6046c1ace0e6

SHA256
0d36af1ba5fe7b0c90aa1880717bea6ba4e0d340d8cb14a32d1d5c4e117f403a

SHA512
0e80bb8c3d0c5d6b973b322b522d5f3a3ea21a128b230253ba724cdebe8a85bd0a5fad1ce7116fe9540ecfe3727e94dca2e9243804797ba8c572971ce592549e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
10f2b7057cd2df536c864ea583d36f6f

SHA1
b81d9928ab10023986df1f23a3f3a1cf38783dc8

SHA256
f4ac3a1709939f523c303075017f60514d90c84b0706bc18b933456954a0bc19

SHA512
1e8c7056ef0cd0712128a374505accab66037328c512ae1630ec8438c20fc75d374dd3757e2c7d6245359697ec6afe763aecab2c1c06dfacd822350f245c2c87

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
80191b601a19eda23e654b6e8c2f7cc0

SHA1
cd5b4209308aa3cc8d8e381ff2fa50105fd897f5

SHA256
a70804575f220a83d4adf85aa8b40340a0555f1f4894c72bdfa592aec93413ca

SHA512
5c84627b49607446f4d43206d9c09f99c36d02d97acaaf28c9a1f29d470aae80a579bf65be7ee0c658fd0ff48398cae229350a8abb0136946f90e84bdba9ca69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
89ef4dc116163b06f3c4189bf75fba8b

SHA1
674a9f0e755e0b2a60388aba620d1c9d96c768d2

SHA256
4d86ded8ca4c06b134b20919e1aa5518643a1b57c331c9d694834a23e9eddb81

SHA512
df8c82b5d643ecc584043b6f37197d09752128b895acd973fe42fab78175734a05234d660f79f9cda0a86e859fb0b53d2b9a52f1b347a25b31db7e72ad6d7500

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
302455af719d90aba1e723501c50ac38

SHA1
35f101a16d99b4c11ba8d7fee7631a8451ee6615

SHA256
6edec20bff0868ba94ca2fd5077a411b46247c701dec45212c5529603697028a

SHA512
7e44196f764d04bf9bd3211c5a7e26c8e42b55f889bacc57a5069520353740a3896aae224a541d432cddc3b3659f92fa5b6d69877db6d0faf2198f55fe6ef864

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
427280415ca9cdeae6750c16e0c27ca0

SHA1
14ac9a0215281ed0d9cabacc224edf8e9dd47ca3

SHA256
988f2b0535cd9d3634e005c892939664d618a32ec5ddef935a10156ef4fc07fe

SHA512
b5c62885294d0aca7701fad86267d1a6dbf7a2d5deb1690b6da3561704398c2058ae47ea02be67eee55cdf74bef74a16d0628a4d8fa22ed10eb277a35687e62a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
bb8fd8cf1555fd6c7186b68afc2abf21

SHA1
d8bfb963f5b4180b00dc3045776d7ca9c4e3f58e

SHA256
b2d9543c876f8920b0ed346f16c0c985a4784dad44168ddc345dcd07df6b319b

SHA512
4c4c7ca8aaa0af7840d99ef5fe438da99e34abb56bd0b92bc437f60d45aa8965427d9c3e2970f946a37322dd1f310e3189b04c8b75e76d820a30f9e394f6bc93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
200a2d49b64d143a388432a11fe5194e

SHA1
69522af151fb0006bddc03f25f24f289fefbd552

SHA256
06117550d93a0b81d79170de2b6572af8300e5c45618f1387d7c8384f77dfcaa

SHA512
78ac1911cd8589f80f9a1979061b9224afd62c3ad026560716c7238ee7a75fd31c3ec789eb5222d33b438b6a93851f0ded8e31c007da6137befcfac7e4cd47a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
36dbc40434092ac33ca8433b7904268f

SHA1
f4c9a16352d77afacb3116397a7a754ebf233780

SHA256
1f5acc2bc4025e273b53550422b8f9dab2da9528438670ce29b1e0376dc86390

SHA512
b9f80a4ec526d182e3d19a2092ee236d1041d545d5be342acf854be463203c0e1cb0956877c2826a2331f383e97890a483002f7b72c220cc97e83067ea32a4b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
748e54215c5539d9ab3c2fc9fd49f893

SHA1
158638eb27859728437cf013abf11879aff5d77a

SHA256
be4fe396ce6545d75f39b7e265776cf2c513b66052f2bacd65941f56e18a5181

SHA512
8963a09959918f50c6e0e62908e242117f64300f2c1232fdbfa009a682cf90127a9a51f0b7bfd6b8b5389ccfde921ac3b5c0bd89516815a40cdd8256dda2a6a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
f0f45ff7944e13aaa4729bbe9791985d

SHA1
5dcaca93563f983d2c9fe270b5351d5e1fb9d6cf

SHA256
8f142b1154d34ed6c85d4a6d64733e06165045de3ec56bddff898fbb647b8d0c

SHA512
9e3a76ae8815947dba782460ab4b2b6e29a697d350287d9112f5dd3c1de831b44bf89a1c14be47d72747179cf7d1fc752f6cef649d7bf649b235340d84f55f0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
08955110cebebdb47c067316f7070bd8

SHA1
dde54817b9cc4565b0e5fcc8ff401bd058651f10

SHA256
9ed16c752eba50b1f36d6e77a06c87730a0ff3d2a89a2fea948b0a4f868a8755

SHA512
edc55a3a79e31aa5bf70b0b814d09eae7b63a772b11402cade11f0b2b65aaa40c0d42edda6b4eabef7ef4dfdbd18ab9d46acaca49b347c9bca91807e903384ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
0a7dc260a36908ca30e639f815377de8

SHA1
9cf983273639255dd8b324d4672e192e9bd8e49f

SHA256
458d5a2f08370e9221ccea32d255b703428ded5e4e0e5a0378adbb98f70d4e1a

SHA512
614f79b8158d0e9b41bde6d9667f021a21880c2497e2611fff4a4943efb4ff6fbe36d7e5cd4c33745e98d0d97c1b27a0302816429c59516294c91f7ed199fca4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
3caf8dd8ab4fa2e9f507b3df68f8f9b1

SHA1
8871d42bb7fb820a43f5c40a323bde94ef728b13

SHA256
ebb94f04c833032fc66ee9f6098440e503b5b39d35fe68dade2c9e0c773ffce4

SHA512
caeef75eeb4612773aa6dcdd31291afee82ea36ad2da0fc35f1ec2d496026818b38962f8465eedee215b86d59783b73d63c110da6eae525b2f34e9f9855e11c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1f125ad28fd417325bd9060fcb3e40d8

SHA1
8b4ed256687176106e98312a969e9d4f4ce89051

SHA256
a2e9c7fb1755e3716b007cfb4c88ce99814bdc5a5144a076afae165a4af62df6

SHA512
91da425ff5963003e558ed9191180864dd881d940a4532578cb4b152d4ad552933513284e096167a4e34749a7581721835a9cff6b7558630c5ee39359868f0d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
dafb3ef9a3a35a06eedf4ca62035b2d3

SHA1
22b77fb6ab3263acca0b4dd3e71a17910ced3071

SHA256
3ac8e340b1ef0bdd76501321d4a8a85265e1498d5fafa2166503f5c63f5e599e

SHA512
e2a6877f387dca72493bb5debd9334bee4d17db26452d56d35145d9d058065f8ddc80478ebd6e114effc049237f441b45b7d47d094af2844d486fd9b4bf1c073

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ce15b0b9e1496cec881f656e6f88b00e

SHA1
665bd7304da3c1261435d64e5f381324b6370603

SHA256
abd511ebb6648c0af983b478bf7f415234bc3616839d71decc1b687e5b5c4652

SHA512
8e3ae94518fd645c65fdb66be196d4def414c88b175f4c94164d3aa6fa232ff230fd07712e1d349a321e52902593ebc39001a948487ca7474ef695c100bd6682

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
4dfdc11dfd838aace3518e2e003732d4

SHA1
4c32b2ad4fbe7d4f8ae9d6226ea0aca58150a64e

SHA256
69165f2301aa021130d8d03d2b22ad42b8901d32b86bdf658d7f92dd068fa808

SHA512
a29a67c125ed1b7ef19add87eed6911b23eb0bbaa393e20c2f277acef73bfd10134504f47e74c56f7e35418425d1e34dd00c8952479e23514f15a68532c6c6e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
8aed0c2f9aa4a04b419472d659d2829a

SHA1
6cdd3a684173970f5ba2f3652226c4d6f2644e15

SHA256
8accdfbf4a4bc6bc7345133a4712c8072c655281af068d0eb94f2c4ab9eed978

SHA512
a7825ace043305e39bb28671cef2d14f3469d3eaeb32949dbcbab9267cbac11f8a2eff40705023932828b8ffb516b17677ac7b92e7fa9bb80dd6efed470931fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
9f2cee77c87fe356a6f6404f3488e8e5

SHA1
3907608de8cd732bfa127f9d514773db30507df0

SHA256
b0df50b1f2cd83f2e69f03a29601701baf10db10675859c082759f46a4f308b7

SHA512
b10a58b3edec5ff3449c9bd0c8548ea3e43c371f6ce290371d9cc5044f7906ec6dca44219fb2b00666cd8ab6e84bb4a0f4ee324672aa2c7183fc9d14ca02b4cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
d71da9319bc2febeb9d7dbe79e80f77e

SHA1
3853049ee02a817cc3a992eed9630a5f3d68c42c

SHA256
00c15fe42948782c270b8f9dc57512ad124b9dfe9943799fb340183e4e58c539

SHA512
e10971a0a7b81241edc16d04f8ada71b5f8aa3dcfe59a8e2143e668d28a9a6afcf8b30b2a777ca5cd0f712d0b52cf6ee5ab074f992e52853ea2d2addf534a077

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cc93f52b20c69673f9cc37b3ff9159d3

SHA1
d4f8e6a545a3826bfa8b41087da3bba38530a75e

SHA256
ebc6fed676af7b5c7875e983c333f2df409628ac6b276ef117b4c888d7b9fa52

SHA512
5e5c2aa112fcc28b94beb05f83cf6d9218bed3916e3b58b0752e1455be62d84a0b280e8170e77b333902558f763e2fee866f13b046899de614a541a5a56ae597

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
29e34240f7d1e8517203e647a1836f90

SHA1
6954ff59148131f9a475c62d7a8fb00c98fd75f3

SHA256
7ea6774ae3045eae97e10b71dd252844f5394ece2abd3ce8e53b7507a5745673

SHA512
804fab43af4aeb39617689c4818e5ed88d715dc3c7acce3c70fd7a0d9faf0a7cd6d2d920c3d452653a64b8d05dc2913e4dacb2d1622d8446d7189ec0869bc9e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt.EnCiPhErEd

Filesize
77KB

MD5
2e98568f53b88e59f6ff1ed21e52aff5

SHA1
91b6f8ea23e4d3fe205b156f36b91c55838f567b

SHA256
a0d1111972ecb5682f0d6c16319778e5a88b05869dbc504bd07937dfdde435a1

SHA512
a4d5d13dd27ef9d1322cfeb83cb71b060f9c66bcc240dbc205fb1ca7828aab123dd85c9c80ec654da11b0a264bfb6325e98eaafc458cfc1461a69f4cdc110c76

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt

Filesize
47KB

MD5
fd3eb9bafb2c508f191429957285ae49

SHA1
f27e840ff1b4319b1c43b6f7f36917cb4546c0af

SHA256
8556a446e6568c2de552d15cee3a21df09d9a3c405a93816ff5e2952efe42892

SHA512
1245c88878bc96ddb40047a191fa9a1100317f23ddd398ae426868d2ec2de7960bc6bc4c6e800a4953f4dd0d53fa6a802a174743b430c22a31457e8f2218e6a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt

Filesize
63KB

MD5
ae61c513d21bc844cd540150095bb1ea

SHA1
943d32d25dccfc138fb6adc27066835eab09eb18

SHA256
5d47e2c1eb6054e34890202d86ce6fac04c6d335889fb6f477238de0033a294f

SHA512
fec166a944060b0e265ab79e94a9397ffd3e86558288c821f7c02ff7f59f128e2242cdf451e051f3f1ad85a7b33ee816449d8fc0a9e1d3771cf56cde38e6cb12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt

Filesize
74KB

MD5
2f87ca9344201e15b0db2ee1ec8517c3

SHA1
5ccc80e7765d847f18ab32fbe38b11dbc67f6727

SHA256
d461f95f670a7c3683820f740bf467528b6b91eea8cb3d1a4f8796d230f6f652

SHA512
99f4b563af257fa5b74e6d282c5bc32e40a07c3904fa2851bbbb0ee65f73a3b6c8ad40a3f427063d4a1af5aa6365c94e5ca489be7767a94bf00e26523e189da5

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
c4409ce7cc02a7c36350d4982cdf172e

SHA1
f2c4487cc4a9b0fdb33e77e38eb782dfe87b13cd

SHA256
57d90c2feb6ae0608e5d39104789fc467f057a048aa01d1c3e7987406a8ba5ab

SHA512
45b22ff12fd9b9498cf2e743cb33228efbe87b47da31e529d020d0fb9aa0258ec09626ecd9f2ebe5db3811e18f0ecc98ef06479a34144a07decf8ec290039a90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
42402693115b751131be13ccd773ad03

SHA1
65becc33596bbbcbb2ec404f50406abc2b793afe

SHA256
597a54c0c8a23870092fb0688c07184db5187fb96a2efa44c2d809f9065f172e

SHA512
974f6fe683cb52782dd269d7be3e2c3f71ffd3a95658bdc901294a1e23dcf6c3334fa272ef4f95a7cf9641533685800e613058dd5cd8da7ca745fd8e2c96e712

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
23880d9afb42cb65c5f963066cb854a9

SHA1
6a4c82e6ee3b123ce410fa2d4f2078149c9f2247

SHA256
38ac15ad68f79f9c141391dd6c18f63f0c0878752cafbf32497c64f266db3bb0

SHA512
d0e05711a364738367304cfbd4bec14260a902ff3b9a928275bc819ea19cf99920176ca701c166c1f444d43d2f4ecfc4039ff87b5dfd9f498a095a67519ecb1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
929bc86cc6e8178678e6a56fd530297e

SHA1
7a1f71f12a84e471c12143dd697c3c9af4ec83c2

SHA256
a2c174d695b50bc58888e9dbd999229faa935b186380b598ac0d0eace26d5345

SHA512
002a5580794e0063843283c8096f29b5ead50b7268e541dfaafe3e8fce4c0bde65aa5b14480b92f6dd98919bfbcdbe5ed126cf2c30f892a08bcb96dda13c24fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
93a1b8d4d17763eb1ff1b796b3f82383

SHA1
1a04994d4b4ee6fd72b7add91cccbba02e8e6997

SHA256
4d87ed016e2f7c0750c1168d1f2e683c41f4b378fde87e31a5594aea64818ccd

SHA512
8a60e03bc1e22dc8f6b2eb7756b10275820dba55b8462c2e6d6e565a69e637813a357608844f397aff96bd78eaf2669935c91b7932559cc43a25143a84fff7c5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ef3e4c44a818f92790e4fe6391e29d4e

SHA1
f4167795ad8eb3989dc7561fdac4f78e7b676192

SHA256
373cf40ead5c04ebe7c217f64b7c3c68f378f770541115c3ce653ace9c398714

SHA512
b20e8607b0a5ea1d4d1a06ddbe2cadbbb0f0ae7ccec2f323b47c4285e662cdc88f60524d01be5012d71047facc9f89b673f841bb9d10fa10a6c8611ad2eb025f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
48d0367d4af5e7b60d60af682f711348

SHA1
b88528859c1a838bf290f4620e404fb175fcfdaa

SHA256
7ee317dfb3ac09b0fcae91e6057089e92117a53104a0991460de2e2dc939ce96

SHA512
7100c7432f64d0b876448a2d123aeba12fd622bd803e98b58ce3bcd88b5a3303d2e713ba23d8538fed71c8372910cb6aa20c70266da1e5ffb317c5b6284f6953

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
407b8bc62a269d23107a46e96657ecd0

SHA1
7bea199d056bff812e8f401f5af9fe25a18880a3

SHA256
290adcbc1ad51df18af9fb26956df4daa1a8eb003d2638bd804057c638115fb3

SHA512
125c021d6043e47d85fa345a7dd6ba2c45a9fe858ef7887a6ddb9c2d15199bb0da91047c0e6260e381bb60cb3012795a4bbb7af1ce211dd574575ea011384e68

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5f644b26521f58149e92eb9448b4726b

SHA1
895b350af56865ee56e0ae5d52da6aa39b7c8372

SHA256
ccfa8c4ae0748a0339e5e3c9fc45d80d5fe1a9e2000128f9a732019f432c68e8

SHA512
0bcc1bdf9dfee943cbaf446fbd1844b163d9a0610eae4cee42ff352e88bcbd6edb830a430fd172cc21815b1bda77bed13d4f9d2ea68e8a98a19dc9c16cf65a2a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
4284921a686976667d1985d042382352

SHA1
45d218f06c6ed1400676555cf07010f9f81e81c8

SHA256
c06f5439c72862de812057eac62e42f140c481240cf817bab61d5b1d513c9fe7

SHA512
1eba7db82ab9ff66325f2cba50dd1365c047d94c424ce45b8a767d050962980faeadc7a0fea3111477a12f5fc057f3c9c7505b834eecfb66450ae6e43c610d20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
1228ab7012b5e55c7a966c5eb47a4d5c

SHA1
c2de48931ce524a03fa8017d38fbf8b9954a73ab

SHA256
9501e97370b467b0598694c791f85dd37d5fc53067c56526caaff4e56b2cc8cc

SHA512
3aad787531db87dcba6aec481029ec33a49d661ea62e774faa6445218e3c7c7b80b764486301d32e8a9d99974bef64971abd354184b5f2c55085a60d5c1d4b99

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
6d12d9d39d1f99797e9eb96b8be022c9

SHA1
0011af6d258be6fed653858d13696d08a473a22e

SHA256
ea0cfca8da98b0517fae562365e400a0ad1ede1fdcb94d0e11fdcd2c1ba72a52

SHA512
9635e681f66e6c0f8bd7b766336cf51a8816cc292c455997a09420416b2773756c138d20f0490414c26bbd4c74a7a9bdaa1d24ba4861c5e920dec8ed369ee46a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
a9e5b24bd2b36ce57bb7d91b87557dd0

SHA1
b5b612653e8fc616f8834f7a6d6ce8a91076e770

SHA256
2157e5f24c5b82a78941df31bf4aaca2103102ccf1a6346b5bd0456387570113

SHA512
e9b5e0903ca5451106919c7ed5b76613f2ecdbd9e95085d1b0a09f0ec06cf7f5f878f9eef2519067fcd2fbb22ac3925522ac84cdd469e8a79a4e226e44a5a434

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e2b67546f18331e10ad620a80f863a13

SHA1
ece50fd35a8b4f72d259c6c9168accb69fa2c7ae

SHA256
4b8b96e62ff75896e167adbfa49c84631895432f7192f835bdca8c67f7176e29

SHA512
74cada39a8f1da7611743fdb1ad4414a0d87bbf6616e6c8651cb0675c97a9e0baa0f8d417505261ac1e1c1f87cc885adfae6b37e3f948c225fc1baba94ef5877

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
4c73c01a7eab660a0a136dbca4eae885

SHA1
590c9b4a36b36064a6af56d97651a55be05c89d7

SHA256
ec45abeb5dfb7650bdb42af86bedc3fb0f31ef1908091b584d9fc781153ef252

SHA512
9f9bf18b7699827a6ef852aedefc2b6fa16783c9db4d37ad2b4d6c2030e040492de350e1267d8357ed2bec41b56dc5c4772082b728de947a0ad4f329de5cd922

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
b9b8e76721a4c68ef9e173dbf68807c8

SHA1
a820f698b43f8129501ab22b8321c5bfb7073df7

SHA256
6a2e8018a5f866aa47e07a55b9600f410a33387ec004e64b3142186718547fc8

SHA512
e3696cadba031b086be98c1123fde56cf2a40c85b8a8cf72a7795d80b6b01a2fb885d54c1d382f9346c72c44691b5e9bef35784ef7b581b8bc3dbb40f0da06af

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
ce027c27f956aa1ca2336e8bf01af0d2

SHA1
f848dd7c9cc863bec862ab420305136f9ed051db

SHA256
9d36c50924f8fafa21714ee889483bc8dd961d54fe8d342112ee14007b99196f

SHA512
cf3dab03c9a628768224c97cb58b2846fbc9b576535af2895b60ef71ea680ec3f66dcf8efbda3b250c19f66cce1e5a91851348ed3e8ff56b6903507b4eb2b1f9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
8903cbcca9b4c79c544d3eed8358fefc

SHA1
4a765dc6910dbcbf230ec6097b148c5993a8d733

SHA256
b59c4d33f7f8824f078fcce100d6076bee5300b7a4dd419b62cc3a150dccf697

SHA512
05f0a8df13faacfcec81df8e4809b32721c7f3e37c9351069d7b8483a18afdb855a9ef9140acefdd7e42ff1a1ec6a177d2dd5c5b7ab17dacd10550a0bc90515a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
19a1df1836dfa8bb951569424c173102

SHA1
71144a333901d6927ca0e021008a7948edb7b006

SHA256
b050026cb502a309987efbbe5bb9910da47eca911f9160a53ad7080ea4682d69

SHA512
cf6c6b95727702abb73e327cc1ebfded9f51ff3c9f5bedfd53e9237da598393288f5f377c1b3d7f5e45fdce9b2f780b83c2561bb03c77b16f4b786e598b0a6c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
3c89f180a2074ff562d75702614a4599

SHA1
d747a49ef2b9fe9afe6a0ebafaf4910f2fd4058c

SHA256
a2fcf0a5e707f2797726c1c2deb047dd10a961bea0f4332ebe30381b86f36bab

SHA512
1a05e380c48234ba92335f39515710e94feb764f61d1306d15d8d9b5b8e634b30b22287bcf17b6e1e13fe6de723ad2133cb31d8e89c97791a33d3011d401b2f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
7f60e05fd7aac9bca213207f32290c0e

SHA1
631839615dc89c3e699ca669fcd328740786a7c8

SHA256
0e872525c3436cb7b5e577d27fef2b3e4701afa4b6f56f0e164526c1cb1c7865

SHA512
a1f474161b795874d78e6564467da96088ae3af81a872de6178f46b3c75f83c6a6f96532626fc0b1de269af23ca563d3203d5aadba91ab8258f742670e298f56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
b2c8a73b841d809e22880a083341f816

SHA1
f7e7cd9e964d67731a7ec69bbbe3110a80139db9

SHA256
3d0079b3b239ccb9d6122d45b24a2131eb9062c8aef0418e4d155be4016fe836

SHA512
f426d2f6075002e03ae76996e0fa95cbadeedebc7ac505c348547a280ff4f3573d5937d5bc5d399dfecbe35bced6971913edaa695e4e6dfffd615710a98f8f78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
314a1557303b281b3eb094916c0b5913

SHA1
3a119a3969cc1010d197d612188bd5e0ea93f41a

SHA256
bd9d14803c829f256250944f60f22d643de0ca773ac45bcfecc191e6461c71d2

SHA512
5281351d439a21d022a54330f755fca70468a2c5e73f5f30214c71bd7200749303c99ed6b4bf3421fb2bda4590fbfd40060cc9d9a826cc0208dc951659ff310b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
4fde38ff1befbd62b8daf20bbbf54a61

SHA1
0f621f1fad835b57b9e04d3c87d670ef909f221d

SHA256
5c47468770025624eb20aba187d42f4cd498d5ee0f2fe489229eb067c7cdd65e

SHA512
a57099821c70d0838d69d8632b248f367146fa79c07821353245a8ad34b76112a76a1e033814d5ff781eac7fef53a9d7003e1c56bdff8b15781e965b32f951bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
c670494bedeac03ec4654b4d134e328b

SHA1
5ab4e1de3e17c3031b48abb8c73f21502b0b59ef

SHA256
3615285c338fe1a1ea0df04bf6e2435f21f7e4df6f11bec2f8924d9fc537d248

SHA512
7a0f5c268b2cfd5015742f2498bbaeb2024fb6ac961b2f335080e39da02859a01fd383e783711858166e1246ea9597e2e383d19769cfc9c66c9b8dce760cabef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
585da722f5507e6e8ab4b9c664d36f64

SHA1
b18c9144869c89a2dc514ecaddc028e993a15940

SHA256
fb5d0cc898cbf962d5cf3c2934107e660efe8ba3a2b809f6268a0a3e5f24cc02

SHA512
2ec7e9420be6ef4205cd0bb21524af21b200c5cc07dc76ae14ae488094089922bd64c7631afb5b20a409d6d332bae011049a06da2c1f8225f335421e8a1e3fa9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
1943709addf2f624ab2164a4999d46a3

SHA1
f9e19c501aa2687acb03fc62b23bbbbda48ea4ff

SHA256
796fab3b5d44664044ea146e0185ae908c4d2b37df9f89e7f32d40082d0257dd

SHA512
93c1cbb1fbbad0f174639da1885c6bd44174ee61a346b97765ae00206fd9578079068d5f347a77a2a32aeec26ae5fb77ca7542ff7141e7700b60efe44c79b0c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
f3857f3233a8d19a3647ac2cf05ccd24

SHA1
0a79f4c5c15d82731f389e271053d0ce56a7c23f

SHA256
ac63d118cfb0b8eb86edbece578cc4b88f5806792babc17adfa9615b6cef646f

SHA512
b23e0a61809eb213a8d99b9dba6fc38abf0a266e2de0178b9a7182413ccd513e9413eee7a631fd41d40f04d4908f7937ceacb81956ae7aeb412f47bf956117ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
95c88d8dd89344c16a52aa8068f02e11

SHA1
5e06036414195f06c37c22c09563e6e889a371a9

SHA256
70c679a9abdfe351d1fc427a5085dc7a3889d1def38ca6bd1ad3429a93896b94

SHA512
c0a60ec67fd63f57ae3ac6736036c8b33162fc2463ae5708b06f9ac44f186f69f579e42439a425392078b1e36690155988615f36616e5cae35a51b89acb0ddcb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
3b02db9a3e7a1807e3a51a9e58603201

SHA1
13d19ccc4b27a25218549e5db3b6f6a73045d4b9

SHA256
74d3d1bc45106becb609d208db0a34319606744d01b0bc01c7bb180287ae90af

SHA512
d6d22bda5273b9d2c4ae4017e6346afa780f43a89723fb80e2d21669d6ac0f551963210c53c0889760ef2df2d288882b398fa0b5f5a7214bbf4fe6c8aa9f593a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
fccdca160f0917b6b793c5c3733d47d9

SHA1
36fb23fab7b8addae783f5dea22117f49695f8a9

SHA256
c208570627d19c199de76819485e1b89eb3f5849b184b834c8ccc3ddf5a89db9

SHA512
9ae12d9d8f25e926218105f07919519b16b5d71f1301bfbde4830742e54cb1b041b3c407cc16a87865d584f937d40e170072acacc4377ce3167ae6a227c44bce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
022aa580214930e1b7f32f9b8680e757

SHA1
8bbef7686db7286f361ff506fd5b3740496b92b4

SHA256
354b335cff054c70e671107c56b4d9a2a0ad7ac0a1a6b9fc5a4a2e46101dcbfc

SHA512
0bc2862e4dfc0dd7777e9f6c9bb2fd44cadb3d60ede26c5448cd5344f9923ba80aff7b6807f012008c9667836e327ad8b3e6f72f278bdca886f09b31723022d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
775631358882d5ea9f7b70b10017c2dc

SHA1
8a9d36ef2e24af0bbb906ace3dff571c8b2d873e

SHA256
e54e27bd1e4cf0c61bb3109298e8d109ac839a8e359aef5ae9d77b6d56df6318

SHA512
ed15b5a42f040b044438d62a03b1ad9ada72913f7718419e2c97f3e459d99d957165dc4c11a89b0b7a06afef29fe03b2c0ba5a6e348fffeaefca95296d82dbc0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
66045da806a1b3a575d7ed6f9894c178

SHA1
07ec2b1df175f6617a0f73a3bd06f852cb3e210c

SHA256
bb92a65651ab3808609ebe228057b91458549e413f5dda836a8be7b59df15c5c

SHA512
da169fb82e915ac52a31c5d468fadb8a83cc99df8929c6c1cc4dec552138d502180b990ac832b5c601c83a24821c3a3281249024bec387e136ab33686187c0d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8dd6998879472035c901a28e1ef3d521

SHA1
5fe57c1f49f7039371636c4e2d461fa8447c3b39

SHA256
f807f22bcbd8a0d2c481611a53ab4f9abc2b96249b9dd431e55621d53e14dade

SHA512
caa6702b8d5e829f52218eb2d2631f3fad50a7360d294683c444fd34b11960b86f298c899f2e813d6731b05bbdc1f249af94152fefda81283e3d048a9ddc823d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
a640b2336ee4d0d5428862289a8ee008

SHA1
e65a75702afcfd11d940c968cfb27704259cbe08

SHA256
c1f151c23e6fe382393c7d60a9bd309a5e7867288a4dcb8aa6c6090dc3bed730

SHA512
f8a64edc7e0ea2be941bb5d11ce115d559c39c318f10afedf66e95853b50d5a2246ecadd67774f504987060f70835b6bd3b92979b5804376e4e20332191b6855

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b423bc3db52edb1e33b040082d4b6b23

SHA1
42903d1a2e4ba59ec6a11967eec29eef4a77b515

SHA256
41d016c9c77fb5298979d82b6c7df8e4cd42f12fbe6ba2c69e8976c573cf5bcb

SHA512
141f360dae1dce71f63e60ea46a8c6603ec1f0798ec60b533b1cc86f3c84426ceb45f4f5fae027589e53bba4270aa925832c906fcca8e5085f0e40f0a23c4253

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c459edb1b30fc6060a32fb39a3683ae4

SHA1
993c7b562c994e90011b4e5513331e9d8213fd45

SHA256
b3a876f4dbf67e6832a2b2cfd33afaf28254226d762d357a8a0e047c336f7aa1

SHA512
3a0e7ce115e28d271c718026cd85d2aa23e01fa47504b53009c313a2ede650d5c24df4fd49cb832bb78a1cc5707a288d213cf26428a266332d5db4c62edcc6da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
3af8dc22c0bbcbaecd343dc14a1d2c88

SHA1
a4d27153f29094b4d0470f367ac954026f036395

SHA256
3f9cfa91d82e17d3bcf6cfd5d7eb27fa15b0186b867af9c7eda977b538824164

SHA512
ead9a802e78e1a63f3d4c638419de3bdd0d9e3278ef055bfbbcb9e7aa5d512170ae0be87144eb34215eecdfa174a4a978ede7ad1758c0791b5adf634b1ef84f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c535408a9f97edb1f921542aae4f99be

SHA1
45ff0a023ffb45bcbc57b0f398987eb33530b863

SHA256
03b54d012d21421d3d2b04ed1b2751b74f834e89ce2c02e1a16e4d563c3cfdc6

SHA512
5840d094a8c8028d93e08959816f5c82f253289ca40eb9dbc8b44bd1e7b9f84f7772ed97c5a4818a4650c0cf367eb624546fcd8a1bc491c8c273134f4eae8a7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
909067c66e334cf29cce06df138f3291

SHA1
0677d15f38429423ae0728246eb265d0ac4762aa

SHA256
7ee70c828378321a21fe3a69247a4486b8b7389df88054bf5e310c01d4e18075

SHA512
60536e82b815f951dc9a7f9f9218d2c92f610f0fa6952de790b5be0993c8a66a06215d123127a0e2c7fcbf5e1d7b03fc2ac4f33d651304eb0829a7c1db5603cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
5c874ca7e00009c3fff6d2c0d9aa32bf

SHA1
742109f1deb2958421ee5e684f637ecc4331c5ab

SHA256
273a1c91ba11be1df7b6679dc1d639904d5e5a0e31ea18b788ba71cea627f798

SHA512
e937392eb1afa8b735b820100917fc193a938bb6d5cc193da72be14c5d7473eadfb51c5df569a8d463f7e5b1022dd95ad9833b91211aad772dd562990ddfc416

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
5e82ef34d28f3902dad5683d08d3807c

SHA1
78e6ac68daa1779a94f1ee546e74bce7a308313f

SHA256
2c09213c057e662e660f86a2c68d6b3f67eb79172d5adcbedd03e744321560aa

SHA512
d9fdcc1400f42246c4d3bfcbfff9c61f84cb0c410f99fe6a01d802d7ece2912d402e3d5a3644010e6b06fc34bbf13422744fd271757b47ffb6538db3de2d9b58

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
e5ab704572811184a64672f0d03a084e

SHA1
4cd5f0448c8a9782388f0f88d0eeb94b0b66ba47

SHA256
253f01dc284e59451e332a0ac3e198dd94755de27f61398c71409002397b86da

SHA512
154bbca7ca713f85c286c4c97e4daf6be7e45f3d7def89f2616d6994b7ee1741439507b9d66bec2682a89313199def58e1a1a2f4729feffc2aaec1f871e390f4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
98f0c3406af73d03f289f0309b3861ea

SHA1
9c80f4ce81990f8d52884f2012995dd1903a15b6

SHA256
4d1d0c46cf759c4f26852ded34ed6e1de30240f7f8fbb8b215b4f1973268b667

SHA512
01c075d681d199bc9cc477b98201a79ee93d03e28608de3fe9b87d096838b460783f7e4f0bdf2d404d8fec90f585400c91fbad73361d96e7273f7973c531808b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3aecb790846266e1199ea658f7dba943

SHA1
5192b4af636415c9fd15f20836ec25649a0b55e0

SHA256
c47ce27a7233fec14b63b63f85247bffb890f58dece5cb84d2df79e2c3378c67

SHA512
d48a9df6763c7371064b46abddef6e154d0b451051e64cd0f257e64ccde6ba8350f84ec0a42898714a5e92a630a95e0a5d26bf0d86dde5836d9494c6cdc7aa4b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c40a1c107aaca01dd5fbb49cc467a582

SHA1
ff06644e633a71bc1c58316d9cff6fcff35dfbfd

SHA256
09d732391cc9db68f98bc1f93e38d4cf34dc5bff31452b9a7eb45636f3922051

SHA512
06f6788db462e518fd3a6742d3a54d7dc7aa5a51f8d41d90883bc46c937ecd60b9744ce38fac558dd431b0d61a62607875598e5c9bcf9757ad0761c16ece4ebf

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d14281b27ad4120aac7e6ddde76f932a

SHA1
4bcaab0226ed72b6180e33c08da6fc864982e20b

SHA256
e1efb523f312a054fd72a7d273fa6a713b331ddaec4456d2dbfcb7ef9fc02078

SHA512
a40f6592298730387e810e53915a87f245bdca6182bceb7e74215166626fde5bc5eb42253081fac408659906119c33166f915931c786f88f9229155dfcc25deb

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
44fdee7c8d48122443bed7ac1c65973d

SHA1
c90abb36d2aa75ba64d225daa8791066e48e6237

SHA256
7e1373f5ac8d446d803c1d889f3f4a432a91f8574232b797dae9555c7da852d4

SHA512
7ea4aa279e02d5a7207b556d1d2067f6d99b70243e4c13c6e93f6ebc837a2067ae953ce903c749bc77a6e996e6e6eca7b376477115628184fd412cc8c661a244

Download Submit
memory/2304-5256-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-10884-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-10761-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-9758-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-5255-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-11161-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-11162-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2304-11167-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads