xorist | 87dcfd522eef81f58e0b18db800cdd28562ba537f1d00bb48658c21e68521a63

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Size

94KB
MD5

bdf4b45b79f51b912c6d4bc0bddb1d05
SHA1

543b673e22bcb465fc6e0a957c359bd573244d71
SHA256

87dcfd522eef81f58e0b18db800cdd28562ba537f1d00bb48658c21e68521a63
SHA512

fdfda6bb4de2b81cd3dc9870d74adf5bab67a756dbefc5b132bf189e10db4c827cbbb3c7dd4cfaf7870aeb71fae6729ffe85cb3b8eeed1d4a82bf454b7f5d728
SSDEEP

1536:aPOUQrHbMsZM/ugmK82XqcTc5BkUXO6X/1qV/ZjxgHpByhbBiduD8RRYzZI05:tUQ/MsZ4B99XqcgDVvWgnZkD+yzZH5

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4732-5019-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-5022-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-9867-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-10866-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-10991-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-11270-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-11275-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist
behavioral2/memory/4732-11277-0x0000000000400000-0x00000000004AD000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmjf56e.inf_amd64_07bca0bfd5173050\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\et-EE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hknnpceehkmmpceh.bmp"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4732-0-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-5019-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-5022-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-9867-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-10866-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-10991-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-11270-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-11275-0x0000000000400000-0x00000000004AD000-memory.dmp	upx
behavioral2/memory/4732-11277-0x0000000000400000-0x00000000004AD000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-32.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-20_contrast-black.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-80.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-48.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-48.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-125.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-48.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\WideTile.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-unplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-150.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-lightunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\az-Latn-AZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-400.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_should.help.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-64_altform-lightunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOn.wav	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-lightunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-300.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-200.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-100_contrast-black.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-lightunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\pdferrorneedcredentials.html	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_10.0.19041.423_none_b8c6924036b7b8eb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-getmac.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_117efa1a2f1bcdc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.web_31bf3856ad364e35_4.0.15805.0_none_7f2c9ed6201227d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.UI.Xaml.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ctui-resourceswin81_31bf3856ad364e35_10.0.19041.1_none_d1d99fdd2c96dd2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.scale-125.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_be63e2bef26b3615\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sysprep-spbcd_31bf3856ad364e35_10.0.19041.1237_none_918aca913a4eeec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_73792d943d17e030\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.84_none_04b8b1491897f94f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-homegroup-listsvc_31bf3856ad364e35_10.0.19041.610_none_4cbb0d74d942a05c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-125.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_396ebdea411b7aa6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_37c7228cf0c127fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-computelib-legacy_31bf3856ad364e35_10.0.19041.1266_none_2764be90dfc8b6df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.546_none_1e9fba3daf5ad632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..xtensions.resources_31bf3856ad364e35_10.0.19041.1_de-de_cf5d267b8d5026f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.1_none_4581ce8f1c77898f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation-mfsvr_31bf3856ad364e35_10.0.19041.1266_none_3382f3f0703560b5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..y-webauth.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8a497bda6f9780a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..infrastructurewinrt_31bf3856ad364e35_10.0.19041.1_none_5603222270d30223\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_10.0.19041.1_en-us_770d0a8c34750d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-composabl..aexchange-component_31bf3856ad364e35_10.0.19041.746_none_07b59b67e21ec38b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.1_none_28b372b13f3b8178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.19041.746_none_6e820e10be700e9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_es-es_e2d407b3504fb761\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-portabledevices-winrt_31bf3856ad364e35_10.0.19041.746_none_a2de9eddb7b517d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1023_en-us_e7d5a7ef6b22aa09\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_88a49e5c212e0750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-dsound.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b46e4cb2efa5ae9d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmiso8601utils_31bf3856ad364e35_10.0.19041.546_none_4ac1b0d8ac60bd3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dpapisrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3d4f0e8a9e6c731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-simpletcp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_521ac1e26443d289\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ngstation.resources_31bf3856ad364e35_10.0.19041.1_it-it_3e052388ddb7d547\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_10.0.19041.1266_none_24de6724f74d3ab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.ReaderWriter\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a030df5a5ba3a4d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.153_none_692d4d323b980451\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.264_none_f136bcd869745605\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_usb.inf_31bf3856ad364e35_10.0.19041.488_none_22ab75752a645476\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_it-it_76b1bc9518abed32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msvp9dec_31bf3856ad364e35_10.0.19041.746_none_391d801f7c759df7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_apo.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_4b7a013e648bd3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0003041e_31bf3856ad364e35_10.0.19041.1_none_a7f206cc00d65eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_60746ebda8922d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_chartselection_clear.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..tion_service_iassam_31bf3856ad364e35_10.0.19041.1_none_31a07115f317ca01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_10.0.19041.264_none_b08e3e3d06047dc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_f1bb526772bd59f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-system-user..diagnosticssettings_31bf3856ad364e35_10.0.19041.1_none_75831dc844e25968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-48_altform-lightunplated.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.1288_none_476515abb49ecbcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-peertopeerbase_31bf3856ad364e35_10.0.19041.1_none_21c94890c5647051\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wow64-windows_31bf3856ad364e35_10.0.19041.207_none_d60b7878e55efcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.channels.resources_31bf3856ad364e35_4.0.15805.0_de-de_0df4cdc07553372e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-64.png	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_10.0.19041.1_it-it_dbe59fe5ae70cf5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6225b0f1880678bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GYYYMXEBVVANMWG"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\ = "CRYPTED!"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\381LRUa33AV89T2.exe,0"	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GYYYMXEBVVANMWG\shell	bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bdf4b45b79f51b912c6d4bc0bddb1d05_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
6379fbbb950a23c67cd9a67e9614ec81

SHA1
8fa8cbe7aaa439a1afe885ebe664d520fcce40a1

SHA256
6318c48a985b1793086ccfc94b73355e1a58fbdb05f3e9f288d44473df2abad1

SHA512
7fdeca9fdf13e91833b6d04ee90cb0bd18cc5bee12c0af3b5f539c2fff86a166d8592d1ba25768a8a61ec79cdb4540e08f11b22cd523c3ee5104ceee5254c0c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
631b9372bd89b0bcc32df64f5084fb1b

SHA1
a2bd87d6771f775f4702486fc3ad1743f1ac98b5

SHA256
79004f77f38bd7b4c8d376fbb90b36d09eb66f9ea20a62edafab0e17677defb6

SHA512
2724788eb59e6d6ab5998382846a1b2f4f49dbf01e76411b7087916d9edab2daef67e296bd44bacbe63441ebd75c1b7045a3a0967dc023a06c6827bc56981810

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
debc4966b3aaf3d06cbfde55c7424529

SHA1
b43bf86d580f3565956ad01cdb19dd1cc25c2232

SHA256
56b547092bf40705f433d7a5e19bb59212cc96fcb2a934449b600806abbff8ce

SHA512
02b163442fd889579704cef8950be78b0778dac63fd7bfecfd882d7c6b42d36db09e77302b10badc1fd7422f6d6f52b35b360ad0b080feb29706ff1b0950589e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
69869e3a716a740ad92e60ce3458499d

SHA1
3eb9028822f57e5cf82d6db30bae8eee822ee8a0

SHA256
4dd0965558ef34b236434bd6601dbc0a54e22c6b077f77f3eb350498c67eb6e9

SHA512
2e1f2b3964f548b76f89d4275091ca0e8090a60ba98634b00bd0a9e8d9de0c10de69e37e653ef6b6d07875c2bd0a9fffd8ac3d7bbabf9b063e09e73a6a497aad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
8e04ce00e5600e26b3aaeffdf31809d9

SHA1
5a1f6ff2ba1dd9aed66a76df58d13f3b81ae4512

SHA256
4ef20da61b332cb660fcee2089a4b2f559ab9c65b85d5a5fdbfbd2c15db3dc75

SHA512
8866bc0eb2d0a86d3b296385d1a8157e6889f37636b2066d17a2e88d7b9ecd0c0c4032697bf57fa6c26994017c4fd22ce3f65ccf3a475c22f3075dd25053e7ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
cd606c194beaa263f4ab25ffa232adc9

SHA1
c8b145766857de8fef9e0f09feb34492fd8cf129

SHA256
f61f33c612f2ee582b0d4c19f2e582ed1de62b179b75dc6d56d80903fa5e59d4

SHA512
d9e3cd3b48540ee16877219df1f7576465aa76c9e81feaf81e846c2ddc2cfe8a2c97097de498df2a45748ecbfa80961ef717f6ba4defd318232e86028d783c9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
3d9f36d0880331947bedcae0de5ab931

SHA1
5e4b6ff1b57c97b8d6e9f95eaecc7ee1967d266f

SHA256
b8e45bb6e693447eb2303f345de454847afa8117e01e8b53525481e33f2f36e6

SHA512
ccb91aeb41fe290d8643ff032b4fe6f7ac363380f02ecde6b8d244b4f3287e678526c9565e00d6ec6d7f3d3e8ab1fafb0395c9ca04df5437941e1c31710ceb33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
511c8f8a6645839b1f2b4609c161eb31

SHA1
250e16ddf16dfec57892f5f2ba54686d8c2ad7c8

SHA256
ccf97c6517b18b8e954b21caaf9e98144a95b289b50efca3fbb472f79a0f47f6

SHA512
aacb4f9b6da7183a9e3f31970d19f114c04e11f0032e904a78cfa428c9c062297e486879cee59d28bac490b3243fc99731d602cad1be1edad0a81fa93a1475d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
11a6f65eab673966a879477b4593dc14

SHA1
bdfb5b4a36a6b40e2ac3fa195157d64118eaf108

SHA256
9d0588e9306dc2f1713fed968ac7f98c5f52561e671eeab9ac2c9ad93f280a97

SHA512
eb9a1c8a692256c2e9da92edfb207c0f2b7ba9faeec69fd38f960ea927b0761d0c161bc710752ed9609e5bfa83399672c5fe4a490bff4482972f9cf9fc7d3e14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
645515775d800d5892f6a660256536fe

SHA1
9ef8128f0ef326a59c5d7e69beba854b7255acbf

SHA256
d37693528c49f87038158151342f40b071a8fc376935af89add0c8ed46aa10ea

SHA512
25ec1515524670f78df03c437079c78cacd63e1f378463cd10fddfb4592a00e2bf9656d6682baccf9e5d86de85aa4ee4d2433abdbff3e44057220ee500be4dfa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
bfbe0cb41e407187a18ca5bb1b535c8c

SHA1
8045c3ffdae6cf02b7c7a97f7264e5f8897dbff6

SHA256
fa3a587fbab9504a5be771cf34c58c57b76e289df2e8dfee1d9feb2309441992

SHA512
b029a6564bdd97fdb9eb411f64fca637508c87d355b6de9d68faea295cea201ae7d155fda2ab26b4153550333dabf50f2a6514ced28c5918b0dc4cb0b2753dcf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
d2affcbe1119e816df910ae14b23b7d6

SHA1
ebc88c0e58bd5990c23af0c5d18f9deb4bc6943a

SHA256
ef4f1b900faf6ecdae1b8c66b62d891fb680b83a15054db83a6c6e63d004cd33

SHA512
0119bc309a73858aa8d9fa18f7e1cf2f85f86c82b96a5d3a3ea8073b5b42a7d1ba9aec9ec0cc810e6de91beb8b970d2ccd357d2c002139fd25107f9866477ae7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
d1ec121675ff34df79355cd0792b61e7

SHA1
df11ba438baa15b7a010ecbec3e71c583f379d70

SHA256
751b9b294514d0d31643c780dca32b0ac0326c3a7b31e5e3087679c41899d3f4

SHA512
5c33b3c175d2662933f86ec125a310f1b68c8c5f3b688217d9973d7502a0499cabde07ff078ea4b605d47d107a1c31e603d1ff5ca8161700c3b9cc1a69a30f33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
0c197cd9de313c739fafd4dc3ab5e8ed

SHA1
0dda38b47b653681ff7fc6a111ed4c03fc07fed0

SHA256
2a16d1f29ace3932222b943af16bdf28f481e38f2eb90dd67fd2fc99fe8d3eb0

SHA512
407d9cf7ccec16e9c19b1b74ac184da6ae2c5c5aed2d5e88ba80d19a4ec8850a5cf072cc8341a26021a9e024c4b4553308ae8de3709a473acb1d772e9afbcc0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
976396f4d80e0463a4fd420fbfd96f27

SHA1
81f6213dadb9960a9cb78513df2fdf86b6e9667c

SHA256
259c3d15283dea69e9335d2255e254a063cf2a451b41c213c9097c55950fd823

SHA512
875aec9517e4f778ff671696faa6783b23f892deb5f2717a924aca2643998d1d8a5e8b3d6bdb24b41817b0e849ec58d55b73a6dfb97608bfaf92a7ea47cff50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
78b68bcf791d81fd801dfdb8be607a3c

SHA1
4817450eadcdc17406048e3175d3733ce6259e48

SHA256
28d838171b1533158f181397bd705a3a556fc65f3dea14f64aba46653c16476b

SHA512
35dd117276082b13ef4714bf8ec724a21d62ead4b515d739a46d3218f729ea35b12ddb42e0963a723e54c14810c3177b0bf794af948328b584767f00acd6e33c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1a4e269c92e3a9d06950a42fc6e8790d

SHA1
a2d2a8e61be3076acd68c35b619dd8d6057bff9e

SHA256
260be4274371e8aa670f0a72075ca6d507219b55db76b1b93bad283e490542f0

SHA512
c638039afe59a1df0efc0c1a157c5c9043ff991243ed79a134111980514b46e5abfc80d918afa58d3d512d2acc81a3feaa9166f656e3e55d41d7fa3765c7d543

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
6321fc8e5301a7549ec781072629e3a6

SHA1
828991a497912e510f85760196b1c9ddef2aea9f

SHA256
d9907de953772f5173a7e82344b206f4c9509ae039e9c54901a98dbc7f18704a

SHA512
a42ef0f3496d5c2bb06db759bae135d647382ec976c1ba1521a7ff323d1e4a02ffb992ca6ce7e0cd740a7f718f693bf824f6580a1baf6bc730f419253855656f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
359bde881a32bf3665108c5b8e245d25

SHA1
efa2a906583bda13ae0530315d30c18ff142740d

SHA256
1cd81f0c3ab5faf5b0f4e9d024b409411651a76d4f15f93521137bf3d2b6519b

SHA512
de2a00213126a5805d3c8d5e90064323e3a0cedb4ceb3170a936cf6f36886e855f07d79bd4d8c36544a37ee8c4cb291f07654339f254c508432d8eb2a3661a63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
989fb86c9ef4ec9fd783d228cfca9739

SHA1
013f13bea0d53709766086565d6a9bd2aff9023f

SHA256
1633f74f580ef68758c851fa89670ddef193703cf5551077f6a441a787b35db0

SHA512
82e0fd4e86c10777ba480ac6912b69327c5fc35d34fb414f97edc2cdedabd2076cb652713442a5e000463fc41520925edfd42b23df53915153e4238ca8ff4b30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
891ec5520592b20d02d6de5e38077905

SHA1
eddfe22205a80f3e34c09faa12efd17492addd5e

SHA256
e4072d1d67d798e0e3350e0c1cca9f9ec1944768340502f2b54fb8f0eb7c456e

SHA512
f6e3a08770089ce243a953ba45c4d7d56471ee682746157907e61dc527fdfcf91909689a9f6a7dd053d4aae482267d829700d0969965d47121d01c8348c3dffd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
b765f03dfa5f1a9c78910e8b9269780d

SHA1
3bbc1b18564d95292ad698429f1e5be69cf5bf0d

SHA256
a5453387674be03a5953506c0cd1213fd2bca0620dde8606b0242b11c9770d42

SHA512
e403eb87c7de8ad34b3d0bec83fd612a62272140f72609045acccf2531a2ecff65ebfd363ae3169bcae47fa407344b410c1c78db35daf279dd738bc7ef31ccd5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
c882f8f71ef0ece301dafb0e84fbe0e0

SHA1
c144e5adfed3e54863a748f09724776a77911620

SHA256
a8a602e30984aea7f7fc56510e07a839c09918c681f942f8a15b7bbaab8b5ace

SHA512
6280ac5e70edd4efba46e6b256ad6685d7ac22bbfe9f19d8653cc83e964940a6a20453ce1f15365ebd80fcfbb248a491ebcaebe0375768fd6cf2949e6e4249f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
3e965beb2675f90e064d993c8607c612

SHA1
577e93b1134064b9084e5c0eded7ea2a9b81acff

SHA256
d418184cd9cadb1a1e1f4f16a9d5ca51bbe4d1e9334f339fd846ca9ea6e7900c

SHA512
f4b8b2132b93d7c8d74696a02671198348ea835e9486885ba5a886af90146e4eb92b47348c6fa58379c4d162beed9a35cfe2fc4d05607b987fcaf750984c4a8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2057e17ad5140374a6b8fc8f321a2899

SHA1
817bbb5ee765e46baa7103e8d566326a0930d362

SHA256
23114a12b6cf8faca14dc1b37befc19202b73874e6f0db68598f25aa259a3fa8

SHA512
c4122bee922cfdcb61651a691cbab3a065859f52d141f7cce076547cc69a02ffa60b21712dd034bbd42f2d11b04b13340c88bb64e3095490a3ac1954d6258113

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
de6da343aacb0d84ba1af78e8c5e3120

SHA1
4058338aa598bff01d2fe2687cb54c0fcf6aa7cd

SHA256
257c03dd235accedbf630bfc7798fa9885b5f90305fb5202bbcbefddf81782bf

SHA512
6b0f1654944e4ff6ada041fef1339cf97d69b925098b774ccd8f5522fb2be716ad2821286a0e00461bfaaa46bd567c9233f60de38db7eeb9ae997468ed2bca93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
31d5598aaf2634fe870457e4a4b3af9a

SHA1
e4bde2de231735f8638fa5be38ce2f85621330e4

SHA256
90a0e71a73af98c50c2ae75b6ffb39dc0e96cdb56b68a7907b75cf1815e54de8

SHA512
0db443145f1247167ef6d94e3d9f898339452b53fa9e072c8bedad5a472508b5d1181aea1f5ffdcbed0d4916826c306d8921df4978d4c9102d0315f0c8a1685a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
c486a2ae7059e883dd1f77377e7feb4d

SHA1
e3c05d405b922ae82dd755c26c40bf3068fc0171

SHA256
1f53719e517c15d85d2803c7f0bb45278321b557664cfb979fd0da5f125bd681

SHA512
6b9733cb237e22db94b9557d2287498951ebf7f9755ec800c1d193719789c1a433356e3bffc3efc8cc44cd052d8e8079dcbe83f06f7d2ad1654a34243b687363

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
2cb19f0d40d35d4a9c4cf70afd0366e5

SHA1
58a34bc9aa7a43935a88c355b61ca8ddda9009d1

SHA256
5e2ec231c9ce79d86b25c8156f9d83c890fdfef4a5e0f4d4cb001991799a019b

SHA512
14b7683c81060b8e91e730dcdceebe61c3a9fb40dab92bf7b6685610372e5fd67c9d24c21042b8ef72e5bd4cf99d0c2a831c72bd5340429c72c802956e2af50f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1c2b846ba07bb530f91b40d4f73e1322

SHA1
50becbe85d718b3e8597714085aebb23e4e6fdf7

SHA256
f3352b4386a931959cf60a99a417c36c28e4e61930ab2f7c2552bd2a31fe9ca9

SHA512
18167eadf1e1c83a111c48f5b853b9835e4b955569b367a3fcc9da727e371b6dac3d03192f98eb62444123187f264e668b829c83df4bf8e14331b4fbc2329396

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
59f3ecde7b25f3f2b001b30834355a6f

SHA1
2509421b20ffd1bdcb07dd103819f67dc9f2017e

SHA256
0a23f5760fb8408112fc5b04838d374513902f436a08e7ea0081a3744f2deff9

SHA512
d8f7800f3c7cd65fc515a358bc7d9cbaa872322ad7cc71e0762c456bad787d689b909d2e222083ef5a4646a7f3aae55f4e0a25fa771beb6882528b4a44237dff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
ad1eb20336146c816c91f4ae8cafcc00

SHA1
320d96121c9f45034205ec63dd313826b2024f00

SHA256
91d314f78495b9d97d9766adf17ec050c96e33875c5903d3b2a46db310c641a4

SHA512
69a6dc75f321d9236ccecb078c8ed34c4c1f0452b6291737b93cf15fd094b8f19e72218bbca6c1b9b0bbc6f8f22fe7f9942b9635befcca49d39805984c64f872

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d4abc5d6c3c616f46e57721dfda71fbd

SHA1
3d6a6dd7abf7f11b16d2abe9d751930ce708bdde

SHA256
2d6b47e80291a5948a562db79e5080ad01a4a2f09fc8917393e602a8f45bd0d9

SHA512
e74b432253a5a5137cdd750a797a7f2f12006810bd22fc32c72206abb481690d5dc4e643588cf8865159b2947782f5ba42226d2c504d1d628da4d1cab414e1ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
f5ebaff9a210cbdac1d2efe198eac648

SHA1
107ac41477dc71390fedbd2e5821b717ff4c918a

SHA256
9b6f9f1b8877a79d60f075856e22d3ee0cc6ede774ac7babdb352adabcfc037a

SHA512
dc1ff70b1fb0fa2f2633cb33ddfd540eb97350ec5f3efcc38d06ad0538fc940b7b48fe519d0543a35859fcad035ffa2f1bef938c5110e1edf3953f7660d37bd2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
b0d474c9ac0cc788103a00546872435b

SHA1
6aa2d7eb70b77aea8eabed47ce1f3661527dd3cc

SHA256
c0c80c9da2ab9e6b5ba623f2c9ab4086572a58e8c015d49be5e8701efed30325

SHA512
1ede182fe367edd11bbb1b44227d0eecf7d2d39e11d53a81f4557c393f3065a78a63aba0c2e8c7ed12eda3f1a7012ff50a70f77474a280b22bbc08df487528c6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
6c24f67c50e6ebd634170115aaf01a96

SHA1
34d53edc72635a9fc1c148dcfceff6503ead1330

SHA256
67a79fa829ffa54f57ff5a64cd5b227c85eadc3271e5e90a82b5ced829c6314b

SHA512
839885c121533143f9f981b524a7838701a8f7c90fd2b7ed6046c0691a8e2bb0dfb4015ba7a966d8651eb09ef701e63cc0a153c1a5d72dff12940cf8d7a5f2dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
af0196d1758d69eade0c6efaea2b62e5

SHA1
c893330f2c932d62bb44ad23b67d2972ebed73a8

SHA256
c55c54a5f63bf9e0cff8706f5828084bf90e085dbccb6d22fbe000179051b5b9

SHA512
4e8841b642ef668cc9737970919cce76ffc9fef54755e50c8e826b97bf55c4c1cc1168de94cade5f4756bf6147026002befbd11c329b5c47a7db3e263d15b5d5

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
ca6a0b23736e76cec09c89a898d3a3ac

SHA1
d5fcdaac98744a69b3b0f2fbf53c5724d4ff5b9d

SHA256
18b43d7b5fa6b571aceb285db60efdc7b01de65619869c83f0df6012160a2f28

SHA512
550e0cc0ec416bd5c1345dfc51f2a02379679de97f1be970dadff7d958861920a63080f3fb21d6562c9cc1ec23b861ec037651f7a306068be10b3c79a405b95b

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
31B

MD5
bbf8ed91be0e18f222cf55d9cd9127aa

SHA1
6bda96c64ac95bb693d81ea75b2ee16501bfdfcd

SHA256
27ef715b6bb915cf94ae427115bfe67b2ba4f160ea2c1f84fec69b7063425f4f

SHA512
98d8a2b2cb86e442631d5e05b4e3d94d8f3909f2e290d609f1a7dafc0d4ad55c49283965dcdd0c04616484cf982359092f5f3f23baeb2d8c84f5240f69efef5d

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6cf8f9dba972ad6ee2299dea2774ae90

SHA1
32418a820051e0f124f66146e007084437fdf0ca

SHA256
fc89c83d3f32dd83704ae04a46699dd541c804bc235242fa6339236c87a8f660

SHA512
240679f81c3914eebe26330bb7c6e055adaf42a4827f6a9f1ae19653a52b5c24b23d9c1f49ffdf026f6639c81dfa385a367c12e3e7580aade2a8451c86daac46

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
99675ab299be9ee33a8af0757ab5a25a

SHA1
f85d2778707b8d2252bbc1a60b5f90a17a024e26

SHA256
c245db96aa9fe8a093455f5b9ac4ee670623af3c7013e0b7d35a6e2afb12f105

SHA512
6beb24fe0c40232a5d4c66848ba81bc00ebac49945adb304d19894c7d9382b6336bc629e2ef86a0a5ffdb6c333c5ee236028941ff230ba850d136dd46bfad0f7

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
e24d85312568c2cef6899416e9b0206f

SHA1
6d0428c6c741f490ae59cf02d842500d1c80ce05

SHA256
7af92df7ecb7622037e9fae051cc3e00c49c2ba37009b054340a8f23e06806fc

SHA512
427389f8134d44b4935892169d00ce3733e0149ccffa4cc1ee3565bb0f1089fada34a1c005a4b8c20d79e010b453b47addc8123ca32bdcefa9d2eb59267595d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
4ab9ba1501897bf39456dc7bd672ebb6

SHA1
9af074c1f6ae05f167f98f5c284c09103193571c

SHA256
e04c88d89d22eb72e2dbf2965f1ceee76cf5acbd3c2d30feff6ccb40c7b2c770

SHA512
e9f3fabe4052971eb6a336b4105c049665debceab6e6b177e304da17f1cf39bb2f58ade2c148cd8fd3369cfd706aa95aeda743eac79ba158d046137250acd1a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
925a6f5ce90b06f0066867e3c94548e4

SHA1
d2a72197f48814fef3b6045e1f25524207649af3

SHA256
bd4eb14cacf386df94a68408c7352d23bed9f4d5931d16d4b114a2a804162285

SHA512
5fc343a19407ec95179ace7063f02785034144fb3b208011d873d364215a44c89b886e87542ffa05fcf4a22718ec133f4021e82f0721e69bd7b902ab5fd3ea23

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
6dfbadd6136d3ee835cf3686af40abfa

SHA1
c36b06441fa71b0289fa3adeaab79ef7c9254399

SHA256
8d650a07d5ac2697c99e22d4e4f2339ff981c66b1a73717d20a0db53a5a0d661

SHA512
7d26f661085abee41aed603d3425d068c835a04a2247b39def69966c01c5683abbba094417459cb329cd3695aabb7b18023a034cd9d438c8c472a54c18f0f0a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
d495353d728f97fdee532de86620bc3d

SHA1
fce4a57e7e6a8b2196729d49059c0969d363d59f

SHA256
563f1e7b1541fe60c0adb428e94435f5ed0ea779457967f62b90252056b785ab

SHA512
0c28bec547d00225bde1ecbc477b41e5060d5daa1bf7c82045956de0e56d3e2c175545c376e00c4ecf4e035d3f849cbf7557247cab5c56cfec4a8a25ae4123a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
6a990ea0a0397523f0022a6a8ab22e35

SHA1
b3af54ae918eee6b6487c55cf2220857bc823a6a

SHA256
f9a61280488bb6262eb3418ac07ed39c14b167b56c1f6ef69eb561fa02e1e7f7

SHA512
2b28b1094b590bdb04979013012b5002559f30bd93429f8b14640176e88a2037e73046c718b130f1932af83c5dae558a081d0448e6cdcdd7cbbd03a05483196d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
6dbfa4cb68ae20f526ab9148b5904d27

SHA1
c0b8ccca2c74953401eb003ca60e3018a99c3bc3

SHA256
d53e49d7c32bd353427832c5269e575523bcefed7f281e5b84f4766e04ca59d2

SHA512
d9a5bb01734e728d60e5e0745661bbd78ecbea6868587032c3bcd24257c01bf4311dcb38a4d752a43af81531d2f4c4fcc7fcd9c42736a9ade15e5db37bc265be

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
dc6ccd9bb5e57105b83aca535cb273b8

SHA1
d43eebca637259cf1305bacfc8779294ad290998

SHA256
1da03b7efa4ff058dab2377a10ea3cd2c1f7a914e5d9ebde05c27efbab31236d

SHA512
c163ae3be2af712a937d5df8b6d8680a92a519202ca35d6f04dcdaf35a2d6bef8d43ea021f93e3142b31284cd03ad2cfc8ebc921a183255a7a0a953aad5dd06a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
c856f736b017d688ff118c089de78f84

SHA1
8186bfc007078aba47000332dafc234db976bd36

SHA256
00b0094291bad63be348918c2e38ad80e03d919a186f1191f50d66a4831ddf0e

SHA512
fa62e8a87454fcc40b6439e78f468b6dba15ef8283e90d36f37f243e02de4e31050d51fbcaf886c0258b87479c642528083e32eb9b98b0d6e34bcb90b94a4f6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
3061988008e4c67c083b33692a425159

SHA1
88ffea466c19e1f5f6fb852589a0bfe137ead84f

SHA256
3c936ea4a095f0776801df77ec091cf154aad7b2132d602ebc85b64c2f662847

SHA512
5a4739df7514d2b050f81d40e201134707467dfc6e7590b28c79ddbff0cc1c0dd92142b751643ccfcf504242256a6cce2a2982ce7b7c3ad8e341e1255777b60b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
fdcd91d51c5f64d212fab906b45b00fd

SHA1
d1eb486e0c5b2579556be9cde92ad0aa24f4df95

SHA256
f5cd6c165b017cf7fbea8a312052a355d1ed5c7018f86c35730f4afcd937cdb2

SHA512
f612af66d61e3009d781a4a98c89ce45841e2c6ed0a4db23c974021cfbd1684345f14138609e4a7d55cf1fc563de178d1f694120631eefebd526d7289848cf50

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
e3a2d4f44810e46de53152fedba880fa

SHA1
457ef5125cf7e58e00f0a4f321f0221729e5b88c

SHA256
03c2a6f276a2983fd25b3580b513590d35e8413be8b27389213053df4af70005

SHA512
48db286e07167dd5ab570ccd61ff441ca14b55f8c88594896c573c8f07e369d49ce94decb47ffeccf3b7c754fab0bce67bf998d26b8b49e75b93a1bd1b55c573

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
d5db365dc3c94dad8d17ee393df37bc9

SHA1
cbe6153b1c718b381eeb5c53854c1d437b7e066e

SHA256
f831186540f15e8b3f7b3f213ba10c104603f5790d545d9ea4fabc2ea9bda982

SHA512
cfda488bdaafb0fd5d210646ff83e61998bf1cdc2161d1f3c6267f73de483b0ea17a8fde72fc13590698bb4c1383b0aafb98d201f2b69d3ac646c4e57ab021dc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
bb7e7dcf1ca88bb355c78a9231ce8871

SHA1
f0d07240b063c2b759fe46220bc1e7849c877883

SHA256
11b2aa57a7518266782f9cdeea2b38a6e6cbff5cfc7a248a278c874a99b1f9be

SHA512
52d830d2caa928f5b78178e3503fb502d26b9e3cbc43ed0f02a6e296a5fa74384746a547b51cb9883efd8685926e7f51615a052d8e7371120ffc50fd4d49b77f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f89f80995185aeab8e61eaba621b8ed6

SHA1
8b7b40b8a3e8f2f03a7cdf16ad7b7015858c0c1c

SHA256
ac805eb55a20a7da05f333ac30cad961cd5ced3198128338f1900fddcb7d79c0

SHA512
86ecbc84d2191626799391a5765760b45b7034e1dab1c663ffa84eb49f1517cf2e3dbef499f75092ecee829cff4fb65fe9ed188c0c7adc65852d08d2f61b2651

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
c62dedc3fc7640850a80c04ebce461a7

SHA1
77f62d225a1197a44421f9b9b9a471595aac4456

SHA256
9b10666ca61409ba983a2920155f81abfce5808c4d7a2b1789bfdf5652d304a7

SHA512
409260b16a62e96a892cd2faf6ba00783e6a3df6030f0373ddd7381d9380da3fa02b92c9d4e5d11bca872a2eee8f970ad52465bb6f20f332037062816aa258c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
0b164c641ef3ebc78167df1c1287c058

SHA1
5a306cb442732b3e45ca12465620eb7c76ee617a

SHA256
3c17a9844508214a2cfdb5e69fd69423b2146675339988569b8945879d6bdd46

SHA512
606b4df76273234e7ad429eadad634a864cf1a8a04377c3055c68810b20a80cef7a808a681f29dae9e5a702fa44fb74a9b2466ee98db3f1530ba9ff8556a0b97

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b861014645771db61c8e2a00619aaedc

SHA1
342f292239d3fa7cfb05c071cf1a78cf166eb6a4

SHA256
43411e5b503ce5a0cdfe8b10e2d4c3c500f547a8c9577924a8b4f54b1bb72f22

SHA512
6ea61bcd5151684bc2789eb162ea39380bf5cb47bc161b952e4fee87b4aee72bc3e5a7915f8f0057408850563ae0722151f238eb1382ba25f0956bafc63fb4e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
ddd4a0d36d9357fbdd41e5117979a2b7

SHA1
e7d28641ef01adf905c9fa14be7cdaabef2ec1be

SHA256
7fb99e9966efc81f077d85746d525823eb2479cc26f9e90608942bc16decd4c8

SHA512
3f2b8c4bad2a4903ceb44c98e6b7378d4e9945b61eac7b705ec1b2b9f4734eddb6b6e12d27f6499694c4f6e88bee31cdcade3aa9dc723bb5bd3cbd89f618dd22

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
29513fa04c287f378c8cb225e3fd6528

SHA1
10c85102378e26dccb09db002c91e9aa297c0dbb

SHA256
951d2fe26181871c95610c4b122b08d8f54f268e8882648bd9f24abe9d498453

SHA512
cfb5af156b6c40989890821d086b2a6b804c813a83fb5b36cabc2d36c818a9531b54c3b3de0f765cdeada796409559777e877ce9f166b7194922aab0dc397ce3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
fbed4bbfaead2b9e04f8e42b0383cd7e

SHA1
9a9b93a9c176caa13800e8828afbf9716de403e4

SHA256
6fe2c2cc7e96456f5042907e05c4d5b636a6790905d3bc94e2151f940ef3308c

SHA512
56f5c1e067fef806d6198dc27550cd0d17d905a4a84313deb7f24d2cec44f8d3c887f7fc98dac899528fed77c3ddf72743f7ce9570674455dab49070bda3eb8b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
57c14bedeea82a58a2495f2c7458539d

SHA1
d5b5b5439d73d93ce411dd904a84d0bd829e5cf0

SHA256
3ecec3e66b222c80f4573c04528940cb10c63c0f672b9481a75f2fd451373ad3

SHA512
8d370f911d59603883111e990856d3843aad6d3b123e44edfd651dff11467de4793ffe7652a27fd532bf5312b45e791137d91fcd1e0bc8b5b189190f3d24d69a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
cd6cd4bde006b64b708cd3cc32fcee23

SHA1
bb0aec07fe3498316eb226131c1b9cff7bf189e7

SHA256
cf597fe0b795bba038af508d17131d058a2c58277f86c306bd8342c85e53c298

SHA512
249a211832c57579872cbbd572744f95f95996b8c1428a850882542a6b4b24925d76b47c600b3d72de909c193a20c776a9cfe3c75959fb3d44aad42807c15d98

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
d5e2fda1a793295d417c60d8ceda224c

SHA1
13f5bd5762b8905398f796f7ed0142fa22531620

SHA256
695ec67d93f1f4e4192d2f30fb56930a1713c3bd5394b8d4d00a4563d771b94e

SHA512
4c3ce6d0e5135f30d31f30181e61362a3f97b563d68de8733797c85fd6c7e26a93279f3fdbb535fa7fc6795eb8527bfce0c2becf154d2dd6bbded50972009910

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
e13ab7bc04198a1e4659038c6fb91f39

SHA1
6b5fc72a7e8f4783f4d82decc0a7e4b0038087fc

SHA256
8f4d78e40d8d9794fbec80d7b4ab179422b19d0ff6c2a9836db0c1d340304344

SHA512
0cc0803381815106cee8b182cef307df1b9c1dc1c9c7cb8584b3ec1e6aef94ccf22ca9bc2cf05422ba43033b992a70a5b3186143e1677fb91b61caa7851d48fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
19f11426fd1c1252869fdd54f949f0db

SHA1
d112f0d23c55839b97e0b239fabffb3d0e8c1488

SHA256
10e8ca8cfae9d1b5753959976e40362bc2985235289e634e1dcde191d68932e8

SHA512
b4c897ad53551fb5f8029e4a670e3dbb3f353b679b76f3595f91aae137a2cd732eaf46634b05e98aefc425ce8d0a5b40543ed24922a0b1995873e548203fe39d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
4f905425ca598d97f4bff1ca0e7921f7

SHA1
94d06551b5a1a996b42b5f21c4b59402d0332409

SHA256
6629856ee9f546ec90148f0bc2b1d3f4b2974c6782d7240a817738a1d4135072

SHA512
97a3d04261c5dc670148adb38d4b24bf33ea58999b8c6dd624bce808b5ab79f002ae0591295334832990c335f35339bcd3f6bbda2b5ede70f00bd0d0953a5cbe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
d20bac3a39ba115a521fe382d196d67f

SHA1
d265bd00745fd2b46062d5e699505a5d846f34ac

SHA256
c0086997e287259d5680470fd5da81e2d08a0ed3f81a6906538caac84fb47972

SHA512
3eaf993c22c6bbbd40118e47048b90609f47168dabb8224add0053007f0fd5b84c11e0c3e60a532d85f6f91b2797ac9573f68194e7dd301b93581b25a91b8771

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
162681cb19cd216b542f1444c3b546f5

SHA1
0ff4a0c1a11d675f89f61346a80810fd39c440ba

SHA256
6512b9737245627ad1812b24dea8a04bd71ce6c690a73d7892bcf045f601b894

SHA512
b187b836cd7ecb93b1115d295d21e527d92c42e5fba117b31a4e2ac04c51c24022c5733c551ac218b9ed86c2db249ea79b2f7040e37d358e7226e652e222492b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
cc89cd572f4d40dde4a47d8515aa733f

SHA1
0bcda07e2b595ae8509bcd61bad3554b12d526ba

SHA256
9a34400ae69e395add867e66db715e8063f89fdb892f995635fc56562645a209

SHA512
74ec3050fe0159924702eb4493945c36cec2e021229e83cf4d19b762e58ff5414a14bcaf8dce2e929f03be411c44323027813247c8b9625b400d1ade6e50e3af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
9964c8a8970fb301eba3c8a94de7a1a7

SHA1
ac3145c9d2ed873ec22db3546f480ec90dee0736

SHA256
e7bf1cae55bb3da42e7bce125edb633b1d5c82937c42baf159b6aa0ff0a4c726

SHA512
d7282c60169619de5ae3ca482b34e4cfc824ba6929dd69a5b5903f0781554401ba4ef87e8363fc25f1857e365febfe43987c07d122f164de6a1fa09414ae29cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
4352fb51f7a99d5348830205a98821b4

SHA1
c416bc91f51a789695d7d34871eb00148a5a3a2c

SHA256
d9c541a0a44fe3b8ae1b9d015079d1c217ccbff660be1489d5fbe42b9b37046b

SHA512
7eca85c9acf4388747d8a3476a602b4ab2161ab817f27d50adca3ddd5d536083a7b870f748e1ad579fbfa42c6599813fa37c77477a2f161f4e3374a18f48afdd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
bfb7b4a34586bb38b78941630fedc91d

SHA1
b8569abf6c4c8079fb884a2882742f8f4155c1fd

SHA256
74dd6be73dd19a0ff1b4c3103c14670e671d75d7678e5d5efca8b3410fb06a63

SHA512
a14efc5a642ebfdb3a57b65073fedffb695261780388216033ca73f2daf8c5c86a1a4e7259f4fafe2c30400b516fe807a7f34730b40f4688226491f065dbb209

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
98f192b6384a01965766e6bfb8218456

SHA1
4248214e30a777adb28948c8da7b99649b2e7252

SHA256
8e4690568e0c4ee4c908c9ef1e78a6ff45eebacf9636e7c660ef58cb74c04419

SHA512
7d323da75034e629fa41985a9706ce7debc58251730a4166b124691872af0a452a586000669ad7e848745619fafcedfc51d9189be1a4c7eb72364086c00c6f8a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
ef2c5be329ac6b1610bd21ce4287799b

SHA1
81fdd2d6de98835d613f050c3a51e38fb8dc69ab

SHA256
e8dd5909b7ce859b30dafd61e6dfd5a0e3fca4a1f54a3cdab9c813e8d37e650b

SHA512
f31c1d48e1025dee0997cc5e4a71878719bfbf67a20de2f68c804da0896a362785d50aebe85ce4564c533fc246bea2812a502f200e4c9b1646bebd2eaff5bfc7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
56cbe95568240b3ea71ddf4a37db57d8

SHA1
03d4d06d293f7aa5e12105c023c7daab986c3b9c

SHA256
62993084714d3fc774f84bc641fe10bb408b871f1b409bd726bc1704286ffa80

SHA512
d96fb38ee16be3f28960756847da4b78c6a5ae4f06c6c6d0b466166698d483982a4e9777123b2171bebc5114c094c1e74f61c6fd624df55508d77959f032d8e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
bbfd84067d96aa1f4881f84f09ce757c

SHA1
cd99422cf698dabb1ca59cd74bd7da374639075a

SHA256
7487fa3e6a600ef2baf7fb7a575276518f76c9fca438962c878af1b68ec18598

SHA512
e4dc9ae13bd4d46502b4a6c01d96c9b00b67e1b74b18aae8947e48fdaf138cbc74fe81d4db50a5e78bde60de1ca74d83357550d6f5a5bfa8faccedfc99509233

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
732eb554669adf0332856002ed934651

SHA1
bb91d5234851a432053d52cdf8a6307dc1b933ff

SHA256
012df16d8bdbecb01e3cf4646374c0bd09c0c9cf785106d1ac538d40275a258f

SHA512
b1796e19222658ad84ca22dabbbf3a301db5ad8620769f61adcc5eac6ed19c39ba4971255e5d2f1d820101a7b5ce25ac21d14792841f96919f12d4a1cdc9e029

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
62a52023ef9f3eedfff643102dd7b9a5

SHA1
06e0b566a95f9cd82b37c0a498751911450bcbab

SHA256
9249de14a71bd2a02d700d94120fc037d13dbfbb5812207642a79dc8a6d7b8ec

SHA512
6b9c645a6dfd47b780db9891335170a295fb3fb901f85940629407c1dcaa15b402036ce84e16c72ca90f902b61618a65e414eb54e21c7d2fe907c744f398c63d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
206fdcdaef3c5f2546235c40ece7ff0e

SHA1
b9e3cfc041f81de3fc78dc351e6958ec3ef095cb

SHA256
1f534b0c96d9b191984554e69bb370be31b9c9c57f095a09ee3ee719064cc96d

SHA512
b4fea51750e41788ec861f80a22ec9a824343f90f7f107c43ffdd532bbeaea033b0e2bcad9d25b289cf3ef6ac1ec53bf8812d1e849c0ae0fd150db586e3d64f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cf67d24475f76fb5ec3149399d9a8f5d

SHA1
3c7ec4b84d2801ff653b96c6ba2adca086f235a6

SHA256
cf67dbd18a0de8f92cc7612c8080fe3946f1bf0a9028839310a3784d163bea2c

SHA512
f1db9d1b8f194e2498a864e8c4fdd9e17ae650d60064ea027c2665906c11f7d48949ce0652ce479d5a26fffcf7de1457bd4e982e1e627ec7a737ea3bee4e840b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
17a8892ceac337df194c6f50fc6737ea

SHA1
124452f21eefa8c2203b9f7b4ceb4f1836e7b1e9

SHA256
d1a3e0c1e298c963e6e65e42c3a3243fc9bf36ae2cb8b03c4129af63c9260a15

SHA512
bf5c232cb4388bc11485609bf05ab8a8f4b744739a77b3ec1fa3056da62accd5ac50d62c6fd4b58db0a4690721aa5950ebeb42d7d34e1ab5b869c798f5eab6f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt

Filesize
77KB

MD5
ce4effd6e420fe83478949e303889276

SHA1
f63e307ea9e8b137519130c7674ff0cf2e08ce43

SHA256
a92d0c71179e069b74e50cf9d8c170dd0a1ad94f44de08683fdcfc706c8b213e

SHA512
f08c5122b9e790e69c3c31f7ab86743f640cbbe81561f2b8b98868d40a14cc3c661541d982b7def3e6794692e79879eda8620305f4451f33ead3ccf74ff8c1d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

Filesize
47KB

MD5
076a1aed086452ff2db2756079ef24af

SHA1
2cbe2327d5ae66dae71958332b64fca653339a77

SHA256
08bb86d07b2ed53135eaa061204abbbe943461f574d94aeadcba6928a2d443d4

SHA512
4f05668b7192802366f9fd583774382b8983a463ac0144faa15a0e35e255daf8d4ffc53c58a095739bb4c8f5b44bdff2bb5e5c9a986bb7ee36d203ba0c97c206

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

Filesize
63KB

MD5
fb80253ffb984120e178f7a85ce85527

SHA1
19ebba02d70225b49655d907d02e5a49af8ffbdd

SHA256
38260b7c66a3a4ba11f901a8fd0734ea8098a19a61c783ef0a60c6c37bf438f5

SHA512
3c2b0af70abaa18d4251a46e49c2ecd0fa9094013fa3a22db6e8798d5153e33b33dadd9343de333ec13651efe87220710a4e468317db29290ee0ca4d5b4beace

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

Filesize
74KB

MD5
054c473aabe82bd48d93cf779390ffcd

SHA1
177a3fc667d10ba527c69766bbe4d8f3fea88f83

SHA256
8e440ac1cbc9883cebabe1f6afabdc35b03d5d42625f3ac16146240e303bf6bb

SHA512
da902643101934d554e3305708cea912f993e7c9dea7985d1ffbca3b8f309db2faad0536233f5ac5a09fa697f47864a17d761f160e50a620ea8c8bc4e48e31cf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
65da18ca08c16a49bf7f7442173589fb

SHA1
7d0958f62405aa16f98217097b01248ae0b7b451

SHA256
7bfc3af64b630944312c96fb347fbfd1e6ef367d453768ec0ce73afd47bb0869

SHA512
307cdb61b71d9b9d5fbf1dc9be40cf47d3027995afc8384f4b73b27043bf395a44059bfc0a6983a1c2f05cd4e983d9e3f816b145de7b379b846ae80a1a4b2f30

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3f475827a5383da87f5712bd5524216f

SHA1
616636e4eeb36a1f952c83ccf1da09aad2637abf

SHA256
11a12f0f426aa3b023fdfd03c998f169561e590152877ddaf231d0979beaeb8c

SHA512
c9575a6ffe3c52d15c4e810b6bdc41025998375bab68b461a232158f276bc74f07ddb04db619663ead010d754d3d6a3ae30a338095b1ae98d7346af04aabc3a0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3d8b27fb4e12e7878e7bb9ab2ed4f7e6

SHA1
75a940c6da18642bcb8c7b73b07fcf3ded97b9ae

SHA256
2f35ba9320074c19d98fa9f7666f944d01873a2f5f73d92f653a51a49b62bc1e

SHA512
59710a7ad8c2688623b8318a30d8941f159269b1fa4e54a3ef50a7124613e9008cfe9b7782c95dfbad4ca6fd5502749d72f06cb339cd093135fd22b57c9f9cb8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5d5c30f7059e67030f6b1e248e751859

SHA1
93e578dd67dc3934551abfbd18677798f13c4032

SHA256
0883f02c70f4e8ee502c030c54b14a89c1595291bbd092747f29028e3fe8fe14

SHA512
92e7503693f6385ee345cbc443930e932ce495fdc4f6f75d94d3c5d9cd823956329d1ac99ebde7f7c84aa22c8fce509c56e9df006543c89d04e5212d5d556377

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
4f8ada6f7f5e3fa6baed6fd1579aa2fe

SHA1
d4752834d3a5d2f972c180b4f1822d6d4a0c9892

SHA256
6277bdc05626dda5be6695886c3cdca57da94224c3025efe37543c3b516a0b3e

SHA512
8e062fde0079b416a0f7c17b18c1e6f89d80b386852ed5ef933a272c3faa3473123c2bf62129f1c9264dc892e6f9cee9b3d35dab9e973e5e625b7e60cbebd698

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
852bd8639c968ccc7f0524db8cbf7619

SHA1
1d3aec234921bb220159e7f0e3a572506352d6fa

SHA256
513bcd138da52db6a6be1520789dbb7e024919650d5ae86abeaa0acb53eb9bad

SHA512
cb779ce81674397feb169a263da9348ee3e93466e2a6cd0667c70bfcfae3302c45abcd012eb90e0838308df8c09b92bf2a30b408f75b1b8b949707d4e07ad8c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7ecc6b66544ed8d85fbfa77e870f9904

SHA1
38e1a4b55b41f59c4dcc009e4a0e2876fa39c4d7

SHA256
be83eb4822f1fb3a2a2d34e7fdfe91c9fa157eb3c172d3c9cca7139a376c0525

SHA512
f5d6921fa72477555761b0af58a26af17a0cb5221ed4d111a79ab0ac5a50904bedd9426d4496163a3ff8a61c794c090aaeafad655b7ef272e614186c19803fb7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
ab199c81944646ae730543cbab69a12f

SHA1
67af2e806277b2483063f33498e72a034597050d

SHA256
14a58b044147bec4cfb2cae4660313e7f27fdeb249f8efe29bd390bfc30e862b

SHA512
75f71c3ffbe422dc18a5519db4f0d7221be514630425154ea798212cd99830ae97fc2bc3e4e6c5e2257bfe52fae17b7e3dfc07e0848b9d69c30cebccd5812654

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
f91c09c724586d4008a981bda81040b3

SHA1
1a0fc8efbd77580bada232a58d3a7e8aca7fe923

SHA256
9cf0e67ac81adb4fe0e5a9c07e0c37862e926c485204697db968b73f9dc3cd59

SHA512
01cedee6a81bb7686eb81d2ceb784e2eaaded8c29c43d896484da19c395c720c90e5a58d003dd6cb8e288be16c5a96d11101feb5577c5862dab568d14b43647e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
657842ab0aa82bc83740feaa7c881fac

SHA1
5add54f5973de366ee3b458b46a56f9ae4a7c567

SHA256
a9582bae86b74842b0c0605fec16ceafe4d522d3548ea97a996f96d3dfba3342

SHA512
9479d36e1dc93d6b28215e305dbaf9e5d28c1992ac1e2426d79e00459c336a94553024562e448570deb88a29b9802b9ce6bb50ff9e64b34c51b597d23c3bbe8d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e7004c934099b53682fb0a47c54fa675

SHA1
7a81249e477f0f7ae6cae12fe86e15dbc69a5152

SHA256
d6c02301fa697f2e9f089999afbb993096c33a3482457055dbdeeeb825fb49d8

SHA512
ea61a6c9fe816122a94c15662c2afc2b75f04846abd4597791ce41c8ffc012b74f26011812b8cc5770f6b3fe7ce7579200abbfd191ed46b2508faa768e86950a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
2ec8bbe9e42d18a03c35d06a34d82472

SHA1
84264225c975a32995afefda9fc2de9c9bea14de

SHA256
f0e107b9ecc88328c92eada498f2cb05c07958d37db94789523c167d425c4047

SHA512
6dd14b6d34f346c07c1e6b5450aff3cdf48ca1e1f79d29a47e2d2c9f1b8bd34183e5a322707559bf07574d68b5216be50553763495274c9c13aefb585f7e85e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
44fd6868a8abda6ed237e949b76a272c

SHA1
3f22c4a7ae76b8260851d2d87473f69ecc158ac7

SHA256
159cf66b90e43addbabe07248b14a8263328bdc39df6aa52d09f3dc6e2ceff34

SHA512
7f9afc6af1650ea972092210d7a9b0f7e9e083d57b036ab24335f48b39c5621e6e4660d1eb964e3454ea402f97969ed631341ecf100840daf1f0ef43d5b8a6a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
26a0d0a9a6e3bde95f00677ea00807b4

SHA1
9e7123ac216049fb3f1f2f6daacdd4254d5cd72a

SHA256
bde15b532a4e4912c00ef266451124e3945ea082630df884edf8b57c79c5aae5

SHA512
3f31d7b05afadcd32ea3114cbbabc869b132e852adde29a05d2e0377a8706269acb1bb79fb2370a5cffa663a31d49d07f085968490abf69e15eb9cb8b0a45f82

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bf192e2ba96f207ee77a101b4ac23532

SHA1
83938557ca28ddeb8b22fab5d8913f25df1ce08c

SHA256
e56ef30f183cc6fea016af8d29f53e302aa1ff61c62666689b647f1a2fce215a

SHA512
87d412c1d3f7823816f5cf30883651e421db310cb8957f129601c86afce274102ca4e67c70ff0a38bcefe855fd7557594e87e7508cb915b46ffe5f8f43fcdaed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
c7a95a6915cd1ca2978296aac9ac2e9d

SHA1
03bd27fe2add13a4c343f7b62e12708f4ff71b3e

SHA256
7a093e21b2574cd31674ceecf9a2e3c9681dba2b79f0df59e340fea9c71448ba

SHA512
f4e450d16bb493e279d12eff794b2a6ad28bb29d6224ce9816204fdd9235ce33c8773ffdde0d0782f563c4aa5ef47e4ddccfd0c667631e600534beaa968df7af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
83c64691888a7111304f05205b1a73d7

SHA1
eb4aceccbc0833ccb92fe69530b20b2b12c0b0be

SHA256
66bb35f67aac3844bf01ea5126f3c2e45e95f808614a13e67f58cf796e6714ec

SHA512
fef0344f765e625430ab0a4d67cef2d971d514ef6a3b970a80c7460920fa71eb8ec41b2343ef3a197125ce94d060766445a550631298f01534788694f0e7621e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
32c59d972597b07defde0884c25b7724

SHA1
c5e56accaf5c719031b58f6b47aebb77f206f324

SHA256
0afe3d5b48d5dc7638755b29808ff3eec1827cfdb83a9e97e3390a4ce1115cd2

SHA512
e529d6ad9d7a11b9f6d8e89d82817be69bbec36e0e1214236460f7f7804cbff50c27d68de24f6d6be0d41709540fe3daa1d3381ad5d715cf2dcf634c5a58d6dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
9553b91a6f1892b296ecd62db993bf44

SHA1
180cacfe7d39e19174efedcb8348dc0815d4cda5

SHA256
d7d1254694d3519061420033714edae30d43ae6c41c9037584587300d60db034

SHA512
5cfcda1fc41a83f6ee586fc23636c610635829b9bf1739da627a60830d9c4d80fe280eadf5115e97dd002690baa7cba8345d1c0df7d0e22221b25b8a367e2b55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
c06770b00e694c1e952b2ff0d6419595

SHA1
1b0f6aa962c07e1f21154b1a6de8b1cac12d446a

SHA256
32f43776756608aaa16117c8af45e6f4bf7ddf22bcc9d44ddd5282f36845e6de

SHA512
3be0c59e6aaebad20752eca28150b2de8f56dca7f434ffefbac7f5c5cc659542b0b0e1781fe0b0654f60af61a4bdd15e534dbe022725fac83744692dbe879c62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
f8d17d909f0d291e57eb54ebaa796790

SHA1
47c8dfcdca8b7d9fefa0fda2d349070d84d348a6

SHA256
285d660fb8828c09024afe9af81b076ae74b49c14c6bb4b257a7bff4b8818428

SHA512
277f4cab899b090f81104b40572874c89f25f8c7250f9fc4b24bba800bb1fab709132cab4998efd61d47995349e6794305adcdb1d0a8381beecaca00c4471050

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e3d397ebe3ea420f271422faf16d14c5

SHA1
c5193834874306b9be26809efe531fa27dcdb31d

SHA256
cdaad4a6fa9a5749b8a87414caf65e7d6284365b5965eb2360c43848749d26dd

SHA512
36523938d0ad2d5c0822567772d9c24642ed353164f527cccca2fb04aa22b29a62d56c500d0b3db87194a128c161fe6330f141c070890aa715850cc972ba738b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b9b512fd7498cc07e90033acfe16cedc

SHA1
8f59e0a8ff0d277e7d1c69c7a0b3acd5d840faa8

SHA256
dd733962ffddcb562c57debc1a71195b6ffb7bcb7185f910c0cd4a500ece2574

SHA512
01d2e12b6054d9e95a0790339abad02445b5893d2b557156f117ea657e38706e62beca130a133416544344e31643e04678eaa4775057a819a8d4f2209e81ec70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
de638e7a152fd9ba434f8df0b6b705b8

SHA1
93d4efcf8898acf032886e5762424afa7bed7386

SHA256
298dd7f478d22751e439d8222e977c60f4dd408ce05ebc7b43f82b0b3aa9b745

SHA512
fb53ff0a68c578e9bb5dbb0e364d8b81039db81f015267c1941346854dfa417e648cb897961dc70fff5228042b40f845cc735f5218dbc502e8e2ff30512f8e1a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
da62109cc20a01f7106a017af5d6d893

SHA1
26a29887164ac1df578e40c42067f4a5610a9dc8

SHA256
e8e6f7e491c0ac3bda0a7105334b93f26f44eb2de04a712777029995901d75b8

SHA512
80f5724eb08d535b80d6b026c2be41fb1354dbc144ba2e1d9d7f18516e45e86a5ccb0389ffa64a52109f350b82cc0c36d1149c993bbc924312dab43566766ace

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
ebf0794fc809a1933c50de280a99bfa7

SHA1
f14a131ad0a0db9f1f295b95d3e0b1fc773185c0

SHA256
207484a3a373e2bf5116b7302ff3313b034a69d25d0bbea08898b8b5951d99e0

SHA512
72f6e0f7fca3b0ef3ff8c4103b64d5f40defd07c0e6907efb61bff6adb08371f75a54bc159302fa09dae91b3281032fb5fe355ca07826979892f002507645c69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
018bf60e82880025c7ccd02f76040d5e

SHA1
a7dd3872e98d5045f644b37aa35cbe5bbff902fd

SHA256
6ef6506e53e4d11eed08bea440e60abf8a1e047860edf19a57aeac52995a2c64

SHA512
b6a5fe33a05092ef85250cb1c1cf0169b2d7352eb6cc50af245d571519336b89d24c5408db8d1a299a09a7d6f8fe8ec50d7c47995249b8fcf25da4d79a2d75a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
0b01876c50e3d67b708bd191b01d5522

SHA1
97a9b8eb5d8af132e62d69b1ed0004536279c648

SHA256
4234a997f3f737b87f2804185328488e2b76f46e46e70139234774eecf9cbaf5

SHA512
fcbfecf3f4441bd9f9bc891c5e3ab55a76186468de182632794999bcd004eeb2591874dee61b35a318bcefa56b941267279c0ea973238e1550c5fbee167c3a67

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
bd1921c4232f93496f8090bcb7b65d38

SHA1
6258272749a7b46e914db9be90eec6ffccc09e0b

SHA256
fe7b40277588628ce03d78f173ee33be3a2e323e97d3760e87291424eafa6e5f

SHA512
1610aac880b26b673260e216962fe840e79f6817f0e2f3ae170bb04978a419d3090804371bfe783564d30f6fc29eb008475d95396983723e574e0750d0267db3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
61ee57bdf9c6028872da450c4e963653

SHA1
8e1b74512f9cee1f594f47fc3491332890ddd4a6

SHA256
9e56fb2245ae4d63c98e55868833f1ae7a6d2c891cbb2fdc22bdd6b878587312

SHA512
291763fb765b702f8b8d7f6d741d9a88212a3047fe66ebfce808caa1d13e919159a1ac470b718cbf1a2e9f5d8b3a796b4fef89d182e6cd312e19643e18643bdb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
bab003a39533d117d387ea6a867412c7

SHA1
4803a4c49160b3977b17067c71468b5b6271db97

SHA256
3a35adcd8a11dcfec6122536a1ea372b159ccadeb41cccc1c838dc0d1f149f50

SHA512
a43a7bc0a5129ab84b42bd59da7215b8e7f70ab0d9d88994183488c775ca6f89bc405b3e8de81a8c44f35b6cc7bfba6dc5413be5c03fd9bd82e5dc66996c1309

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
c90bc460ac55c779da6e4eb3b1958331

SHA1
5c1c502b2ce5ebc100a14a8c3245adaa6f37a6e7

SHA256
7736dfa0225410a2549e749c2fd4a800625f5cdd3bfdd1c67b3827e910f5f0a0

SHA512
ba7b9d9a3da2d7d6b09ce84e72dc11e81b6951e93a5d2d3b6302ff65423e9d3099a616e4782f70c9e3f4f41d8d63b7b46a3dc52a4bad25f20bdb2a36a93ad7df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
b966dc4c2ede312f1b945a87ffd015dc

SHA1
ff2ba8eb106ebd3f49d8f81742942e50bda03d7a

SHA256
6c88a94be6745a98732d293432c7a037e5c9b80276262e58a97df0c0c2e85f2b

SHA512
4283fb3717d1a63f07520b4ff20f85722baf164b03d00b26204d6f2e02ffdeaea7097558b11d1c50f9a0efb1066fa73dc7ada2f61ca6911a64af54b879507084

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
373e45da91c82a064e6a8a2d36f47b35

SHA1
0f1e48525ec9006e6bba7d2a3f3599684edfce12

SHA256
a5619621b7e745caccbad65d9e3f534650c9ba031a01aaa9462293f7f81c9cfd

SHA512
d32ac44610bb8f35ea17967daf2c6c5c6130cb56ea1caa918f78eccf4a62ecfa4c6d6c86bab331e3846ae3332c33ad205a45c488722b4d7928ca2821a85e70d6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
bc03111bc5373b7f2292da4b0c6ba534

SHA1
524694eee9de4aa002c050d5c1545ad12715fd9b

SHA256
a202379e686d00604905ff90db6bc032f210f913dc551b20140af005bc3c9d63

SHA512
4e15796f107c1139d81f90e6539eb0b69fe31c46807ffe5b7eebac6a5477fd5881bceea464634c3b07730911ea4dc487b2dad2c979ac729e3807abf5538be6ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
1c0ff534ff109739ef80ce86d44253d8

SHA1
f21db9139e41e06c8f6036d80ff03cdd9e7cee1f

SHA256
3312bdd31a1b1a972fdf1118b8b6ba5a06babec1dad25be91d8ccd822ecd3743

SHA512
8575bbbf5fa82ecc80756b65487cdf304424082776d4349c226c50b2108113f0de740fe78218c0fe2c2e2e3323a69647049cefd501d9796a510705817f5a5993

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
af6d4f44098ee38973e16978fcb6246e

SHA1
3f435934fdedd68075ff01e2277b3e1477efee6c

SHA256
b0de8177091ab7bddad74a4a6b6ae4c5a72ca765dbf6dcc1e278f18b3b49c714

SHA512
f5f130b576ef28cb68af392fd3128490b31b4335b14e1ea634041dac5adadaab62fc65c3a168ac490296859f5ff0a075ef191b9f91e8e48bca9a1cdb464a5add

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
331112c69831d44f27019eee9cf187be

SHA1
a7072cfda93a3ea25c79814a704d4e4931950501

SHA256
dc5d205a6c6c72b6b602d3f3adf1ec09b679159db71602bccda65579b9a0b081

SHA512
5b8f968336132628b143da33085f6d1adb7edfb26171dbdc8ae7504b6e0081d3202d0cf6e101714b2776205142a447897c3389b177a7d20430418410486df6d7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
729a50cbd86245829e04eec62f1c9825

SHA1
db533fb28c5652ec833950184c483ebb8fb6bb9a

SHA256
295446026375c00a91ede8ea3b540b15a0de9c434ee746cad65c8a4b4ace3181

SHA512
50c5b97c3fe67eb5683bb359d1b65e658f9599507eb0c1bf610eeeaa5559fa6bc26e1d3143329b36299b25f3d6c07f90167d6c955cc94c4c94c576718c532402

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
24acdc7309f63b44506955182df1e330

SHA1
24220548bb5ef7c3134d0548b85040bd08cccef0

SHA256
3efede31c17979b6cf21ac2ce3cf4e7e2b59f9b2c35b9dc1935b8cb6d7c5e633

SHA512
4e3f8cd1da4a24e75141aba94d665a4422a5ab3a0a31fdf22867d393d6eb2185c27a1eacb94dbee0893be2172aa30db404797fd2cf1a3abf98401c56c382fba5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
c431fd663a18d39e08c28db6d34475eb

SHA1
97c3d14839b256a45d625f247a1ee67a79e81de1

SHA256
02bbc379e2d1c6ffe181ae0233b7b2f05675e8c5ed0fb2b9af0bebc3e9f01d18

SHA512
401d18c6a8d111de5f6da5a1c906ffe226f3fe5fd206c06b4f100f96351b695732569928e791cdc65898b07493c2fae1e1babe80a4e8a5ee8232cc9cd1ad4392

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
b7e76ed51bcea6fac04e3a0b68f6d65c

SHA1
0328aa1e6345e615cbd2816c4ded1bb281193107

SHA256
bf9dd813cbeb1127adaa1159d04d7c7b29b468bf05aff935220b7bb0076ee443

SHA512
89f37b08283d45d3aa6bf31ac9ec2a59ca9a496a833d47a7c0bf55468f11277bb1acef6b504d684f5f4182fe346777818aa6713121ef80edb5b1907c631024ac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
a9494e8ab117996d8aa8d5c777dc5483

SHA1
d83a48771ad3fc056eea357ff3c253f9fddb9b50

SHA256
6c6961e81d18fbf25ea653473c8bfc4e9cba2752cd427349982d50b843769888

SHA512
ca37b4c0e100a6d896165a1ea6c0a339ca74f78307214178edb48ac842892d6350dbf53dd09b0cb4d401e14cc1168ac43a995d979fea5ea6ecb1de9b53276bd7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
abee30f85e16b3cac8c3e31b1f1841f1

SHA1
d22d37f6acfb0026bbc77c86fc026eec48ba09c9

SHA256
8197442351e75623a86f5bf7f030adebb3e3c04ff2218b33887835e2b5ad2a01

SHA512
20a2b2408a272c8315bfbbef694352588c9380f8ea766a6bd69128c7aa981edb5ba1447cd29e8adc51d8f6080391bfbb27c21055a68dc48379ec7ae176917d85

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
6152cfec82a623a09b0498f726b04446

SHA1
ab936ca29ab85a940fef78a23ed34286f5bdbe16

SHA256
1e9bfa1d2d74c822a335fe2248855d5e5fac3f5d83b98e4b994f5bd92421a828

SHA512
3eea7027df230d234eafd75d8b369494e0ddc6ea1de7230a826c3e42ab5bb80a4e390bd449cbe1aa8b8a4a88cc02eccc857f11ebe18ce876259f8547d667569a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
8ecd2d212ddb25508627a7cd90289537

SHA1
b2d8651d468c9dd7a9a9b5f02edc23d6e8ba06cc

SHA256
466e77b8be18450220d38994cac969a571c95edf6ddb8088883e8ab5d4ab7348

SHA512
2d28e819c8f3bce196e7d2278941790f1dbea61335f7f70a59374f813512f0db10e8b5897835121ba3f31fbd740c862f96158078a920cde4a0df3e9abb504a63

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
eef6b1ba79fc4c477ca840212ff2fbfb

SHA1
f799ae27c0e6ea303de9657f790199f523917e2c

SHA256
df3c00ac2afaeb6233e889107d8ce5e12821d40b29ec0a9d96db0357cec15d4e

SHA512
f5c84913eaa401c54939738370ed688e7b94eaf2996aa691b60df6d0199fbccc8f231b3d3dccb4401f14338d2a8c3745a89bc62469d100957d5a9057022ab68f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
93d40c7ae41bc30dc382983dce660634

SHA1
34bf6a4f7a6552a982dd49a3b47733bf5f6852f1

SHA256
a027c5974c9dabb4143bb394c064f17c9f92f3a1afbea85379ea9f4409d2fc64

SHA512
62016de90d3b58cbf000c3d77cf1ba9f09479fc87b68f0291c30e874f8c2d07c4e55644a38ef6b810ed5ff4f0c7be1fde1d91903f780806a92adcacb3b759d67

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
e954152b5d1300d8ab55a4862900a986

SHA1
a95687d6e901836d562a3b4641de5d7a7a5a3628

SHA256
d37d120fdc5b26e9760b66016b289b6fe8f3544e4b52559a1ab7d76b501f73c9

SHA512
59a49c7dfcf92c719e59eb3c279be5cdea68f95b3754e6ae7626cf73d366cd07e3e564dd586184f2005f07678823e942c9d9cdfc326270e8bfa32f4747ab9c38

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
afeb708b728c7b1447f120d528d429e8

SHA1
2ab763dbde74098d305afd79f43b9a32a4f3550b

SHA256
34cef4a722ab7ed889c27d4425b9b4bce7ecd806e289070e2518aedc86f8cbff

SHA512
c052d9f8f743a5970f8923d9cedc9a4e3b2cd4a7aa1d04ba454894d5eb9e4ab5f9213371afb71dcedfb59d30c9c510a4b96103a593bb6523c65a562b89a9677d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ec060decc581ebd708235a5de7ceb0f0

SHA1
257faa9de539f6eaca1320f6e07b088886201b16

SHA256
41095b4a8f88021fece3287dcce60ef8dafef8e6257deb8ad508a19bcd02d75c

SHA512
37d579097dc841c0bbed0d8c165531260be7776fddfbcfa35552ab62416a53168b658d5b0615a52b154584c381fa67a60d0846234f193b7a8debbdde8c4924da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
05682205e0966dc7a2395053f789930d

SHA1
29735d53b4603652140144744a01d94c9ec5bff5

SHA256
6942f4dd6ef26265f63cbcd19bc7f2f3d1eb057cde44b55a5d645b3117bc27b4

SHA512
dc97316ee5f96d46db5c621f4b6292356ece903a8853b946b77131171f9d3f80c3a6e63e0f13ce7db135d8722009c3a53909cb1363bd61db624de8fd781d448b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
06ba639498eb2bac83f4d7d66d76c8aa

SHA1
cf5abf2beccaa98771ed15202014259b67b5ed4e

SHA256
597b12699cc4ca0cc9654ec68da830b0d6fe4c88e4c7aacf455c21329bd73149

SHA512
8cc8019753a813e47ee34c4519e7b2af32986a454cc742f22236ff873dccdf6760a8110731b59aa58d26e5124cb67a714c182c3ac695af3783e9fdac9cc7291e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
20282c900e1ec499360ffd730e9e260e

SHA1
e444dfdbd52db17a8f411efbdf9dc105e0449709

SHA256
ced705702a00cb1d33e68546a67ca943a48ec89bde77f7a7f1636ef5f2e2f84c

SHA512
9e955aa80f6627fa73bf463309d188c14c89ebc3eb5fbf0e2e44cca4f782af43c0dcb123cc84dc04de88515a277b41c3a71763a61d6224c3a2f32f4b0f31ee75

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f4f9a4872591c5845a54e0b2d7d3c273

SHA1
10df6bb94d46970d9955605956dce38cdddab92f

SHA256
502f5fcd4575714a7d4daae595429df2fa27b6fdbd6bc92c3148b1b086c26d0f

SHA512
e61e820031a024a01d5051bf1be23aa32c7b14eaa9208fe1ee82d7f54f14952bc147294372edbe14dc66ae4f0793799f5f50f3d0fad8b4dbf6b45aa5d764096b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
9828737a45d11710b718cf2ba42bb154

SHA1
a16dfa7624b6f500b5d0b92a52c0cfb2da2a37bd

SHA256
e92a50e245dbbc12a6548df655e89b17e5b9023d44b2c85a1c5d634683af57cd

SHA512
b45e7770641dfaeef48ca253371b603e441b959ad3b7fda5ccd00b5c4ae72c1a5678afd16545f032a49ce08255f689351689dff1aa5bc02ef60a22f559c33713

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
2967fd9ac30d950718251f767d20cc17

SHA1
71ff50be415387b0cb46fe83449e89f066826683

SHA256
d69f2703894722bc8bbb0ea81e8c74b91d621b6acf927afc009393aba267c757

SHA512
542368b6131ac4cdd67c4b72b73bfff13d873f3cc47575a7d1916563e562005358b9a700f69cbddbf4716bd40fb50f6264373cbabdc299916d84eeca1464e74a

Download Submit
memory/4732-10866-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-5019-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-10991-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-5022-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-9867-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-11270-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-0-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-11275-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/4732-11277-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads