16ff948e12779fe3d09b502772605a037198291861ae2fca4fe0ba91b40d9d26

Analysis

max time kernel
106s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Size

65KB
MD5

cabf8f39ef3d24be4adf8a096bae27ff
SHA1

93d6b97bb15dc1b4a719137c2376dabbda264173
SHA256

16ff948e12779fe3d09b502772605a037198291861ae2fca4fe0ba91b40d9d26
SHA512

d93136d85072d4c0b5e3226b2ec41b7bf4affcfe89206a17ae867126079a3020ce480a1cbda7127a2b59278244eed09ad965f11b4debe2bf49fcf10fa7b6289e
SSDEEP

1536:7OhEzK2kcfYFaT630yoxAkWJ5fFE3PTHYi:QEzK2khaKtFJ43P

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (5458) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Manipulates Digital Signatures 2 IoCs

Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wintrust.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ru59MZ442beTeJU.exe"	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commonstartmenu_31bf3856ad364e35_10.0.19041.1_none_f6eee8789c1c6fdd\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondocuments_31bf3856ad364e35_10.0.19041.1_none_04c252e5678f305a\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_11.0.19041.1_none_2108f0881e5a7a03\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme1_31bf3856ad364e35_10.0.19041.1_none_8ccb1090444b78d3\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..2-kf-commonprograms_31bf3856ad364e35_10.0.19041.1_none_047fa97bc9873117\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\Web\Wallpaper\Theme2\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fontext_31bf3856ad364e35_10.0.19041.423_none_7c917c97525f1487\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-userprofiles_31bf3856ad364e35_10.0.19041.1_none_39d6d106c6f70bec\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..sktopini-sendtouser_31bf3856ad364e35_10.0.19041.1_none_be359f0533764571\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..l32-kf-commonvideos_31bf3856ad364e35_10.0.19041.1_none_923716ddadd939c8\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\Fonts\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ktopini-accessories_31bf3856ad364e35_10.0.19041.1_none_a208296858c76413\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..kf-commonadmintools_31bf3856ad364e35_10.0.19041.1_none_0b090bb5ae01dd1a\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-publiclibraries_31bf3856ad364e35_10.0.19041.1_none_cbd9ad4986c925d5\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-commonmusic_31bf3856ad364e35_10.0.19041.1_none_2f07a4cad3dec315\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell32-kf-public_31bf3856ad364e35_10.0.19041.1_none_0cf1a65e91dfb2be\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\netcfgx.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\asferror.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\BthTelemetry.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\mxdwdui.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WinSCard.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\TsUsbGDCoInstaller.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\iyuv_32.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\packager.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Startupscan.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\RemotePosDrv.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\TextInputFramework.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\inseng.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\provmigrate.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\acledit.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\FWPUCLNT.DLL	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\framedyn.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\PrintPlatformConfig.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\PickerHost.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SecurityCenterBrokerPS.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\srumapi.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\rdvvmtransport.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WerEnc.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\BTAGService.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\SHARED\IMEFILES.DLL	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\KBDLT1.DLL	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\pla.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\KBDFI.DLL	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSMPEG2ENC.DLL	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wiaaut.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Dism\OfflineSetupProvider.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Print.Workflow.Source.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\iscsicpl.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\PerceptionDevice.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\at.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\CertEnroll.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WofUtil.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\networkhelper.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SystemPropertiesPerformance.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\tapi32.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\iscsiwmi.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-36.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-150.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_24x24x32.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v11.1.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-unplated.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-16_altform-unplated.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlMiddleCircleHover.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-125.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-400.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-125.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_contrast-white.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\AttachmentPlaceholder-Dark.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-64.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-125.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-white.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-32.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_altform-unplated_contrast-black.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-400.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\6.jpg	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-64_altform-unplated.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-36_altform-unplated_contrast-black.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-125.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\GetHelpOffline2.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-unplated.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-environment-l1-1-0.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..uetooth-dafprovider_31bf3856ad364e35_10.0.19041.746_none_fdc3acdd83fbafd5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore_31bf3856ad364e35_10.0.19041.153_none_9a7584eea3d02b53\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1081_none_955497efbb030cb9\wer.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-powercpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_404e106154453a0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_663caceb164a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.1_none_8d6a27befe49207f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..olsclient.appxsetup_31bf3856ad364e35_10.0.19041.1_none_3fb2edd2476a33e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\UserOOBEBroker.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..wscollect.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_62286351359bf512\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_10.0.15805.0_fr-fr_23685c9c791653a6\Microsoft.VisualBasic.Activities.CompilerUI.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-aspnet_wp_exe_b03f5f7f11d50a3a_4.0.15805.0_none_0e9691ac6feedc0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\INF\TermService\0000\tslabels.ini	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\es\System.Messaging.Resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-vpcivdev_31bf3856ad364e35_10.0.19041.928_none_8a9d24318ecb0806\r\vpcievdev.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_10.0.19041.1_it-it_b92ae16af783030d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.19041.1_none_d69d2c25bd407a87\SystemSettingsThresholdAdminFlowUI.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\ScreenClipping\ScreenClipping\Assets\Square150x150Logo.scale-200.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_universalvolumecontrol-model_31bf3856ad364e35_10.0.19041.746_none_1f112a4fb5d16d58\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-container_31bf3856ad364e35_10.0.19041.1_none_dc8438e1679872b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_presentationframework.royale_31bf3856ad364e35_4.0.15805.0_none_1d1d7c19edb20fe1\PresentationFramework.Royale.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_system.directoryservices.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_6782eaa1a066ce09\System.DirectoryServices.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\msil_microsoft.windows.d...commands.resources_31bf3856ad364e35_10.0.19041.1_de-de_07dcbbc41cf88473\Microsoft.Windows.DeveloperLicense.Commands.Resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-rasmontr_31bf3856ad364e35_10.0.19041.1266_none_01aaeb834d2b9d4e\r\rasmontr.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-security-ntmarta_31bf3856ad364e35_10.0.19041.546_none_63d472fa22d1aac4\ntmarta.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appcontract-bmpolicy_31bf3856ad364e35_10.0.19041.1_none_bab0858e9282d2e4\ACPBackgroundManagerPolicy.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_10.0.19041.867_none_b4e9fc09cfcbdd7c\AxInstUI.exe	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..istory-ui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ecc8f01666b12299\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\badgeRunning.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..m-library.resources_31bf3856ad364e35_10.0.19041.1_it-it_35b543fa13574693\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devices-lowlevel-winrt_31bf3856ad364e35_10.0.19041.746_none_12bf0a27d0e73927\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Ignore.scale-200.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ointofservice-winrt_31bf3856ad364e35_10.0.19041.264_none_462202d4c044712d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\msil_microsoft.virtualiz..client.6.2.settings_31bf3856ad364e35_10.0.19041.1_none_ada5c8757a0d2f2a\Microsoft.Virtualization.Client.6.2.Settings.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ko-kr_7b2bff232d678514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbe394a112ff516f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-125_contrast-black.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msasn1_31bf3856ad364e35_10.0.19041.546_none_a5535ccb0430ada2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_360a4694041d294b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\Icon_MMXresume.contrast-black_scale-150.png	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_system.drawing.design_b03f5f7f11d50a3a_4.0.15805.0_none_770dae309b92adaa\System.Drawing.Design.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-s..on-onlineid-runtime_31bf3856ad364e35_10.0.19041.746_none_30d6e6284f82709b\f\Windows.Security.Authentication.OnlineId.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\assembly\GAC_MSIL\System.Speech.Resources\3.0.0.0_fr_31bf3856ad364e35\System.Speech.resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.0.19041.1_none_3a3176fb20a387fb\pdmproxy100.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-printing-platform_31bf3856ad364e35_10.0.19041.1_none_5ea144b16134be06\PrintPlatformConfig.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_27faaee495997877\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_windows-id-connecte..nt-provider-wlidfdp_31bf3856ad364e35_10.0.19041.746_none_8200bd0d163e4474\wlidfdp.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ai-machinelearning_31bf3856ad364e35_10.0.19041.1_none_ba5d622ef928b19d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore_31bf3856ad364e35_10.0.19041.153_none_9a7584eea3d02b53\f\Windows.CloudStore.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_51695309b91402dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..cemanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_61c9bb37fa88f7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.19041.1_none_c991318e4b11e4cf\secproc_ssp.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.Resources\2.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-protocolproviders_31bf3856ad364e35_10.0.19041.746_none_d14e7c9238ed667e\f\BarcodeScannerProtocolProvider.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..tenanceui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ad93bc9653ddea58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.19041.1266_none_d92abf553d8a282c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\msil_microsoft.powershel..sreadline.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_178c05b8f743a84b\Microsoft.PowerShell.PSReadline.Resources.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\ImeBrokerps.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_windows-id-connecte..t-provider-wlidprov_31bf3856ad364e35_10.0.19041.264_none_27b83f4616081fe3\f\wlidprov.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Microsoft.Build.Engine.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_es-es_6e3c2686dd2d1656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-msmq-runtime_31bf3856ad364e35_10.0.19041.746_none_7edb1f4894ffbbf6\f\mqoa.dll	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ru59MZ442beTeJU.exe"	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\ = "CRYPTED!"	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\DefaultIcon	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Ru59MZ442beTeJU.exe,0"	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\shell	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IHCSFKNFSOCVCMJ"	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\shell\open\command	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IHCSFKNFSOCVCMJ\shell\open	cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cabf8f39ef3d24be4adf8a096bae27ff_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini

Filesize
129B

MD5
ca9aa5bd7274d42da4a38eaff5805a91

SHA1
64be607cef5acf1e4607e3a386019e871591179c

SHA256
0d6191e3e025d1939b62c26fade11d1521201f9320868527a7497bf556b7e694

SHA512
a6fefffd11eac3a8114ffe4cabe16be988f239dbd252e10b38b375bf05a57bcda027ab45a945ef2ff9581d799d1f1636cd08bc4df13c710eee18c55394e07b29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
e2fab79e9fe5991d05d594f82f1c5912

SHA1
72886d8cdc115fe86ba2359ed9664d1b4de80887

SHA256
4fd6adffb5f0b789719ff7934dd95d2f49603b6d68bf4283de5fcef5d8c25bec

SHA512
78fb27c1b06c0360cece8a2fc9ce7806c660c3ea4d768e3cdc8237460d750e81bb558e0626f259f339188beede386d0e18a463dfc9d2e834c92f6a092863ecba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
bdbccdcde6e5104eb73a60b5d654e232

SHA1
d5a5fb9127a1ab79841e41ae05d6f806544d2f34

SHA256
44f4a3906e5774d11cf8251b47059ee888f56d897526cc87d1d293370281e111

SHA512
3965c0124015e8f7436f24149738b12be08a6e0434c74ac13559f85613dc0d3ddd033442639d6ee16b4223d53a9004b18c3753a0c2eb931789ece26873350a77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a6c22229b8e478506aca305893ac32c1

SHA1
0649054d7a2165d57bdbe8ee36503b986f1b8cd3

SHA256
f5ee32afe12510b2baf841a13891640161bc84c6bac7106e6e64cc8da7d477f6

SHA512
eec5bc1a254ff86c2b52641498ea0a1b5f16ceecc3b5e2e5ac249d8b6c7a488c3b652d029ed8f1f6aa457ae2c546192f245992c3819476626f046a5006a9253a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
dd66fd50eada29820231c65deae54ad6

SHA1
523236670d36dfccd5005de722255dc0593c1589

SHA256
57a64fe440e5519b397491336c81ec022f1ec7f8c029392ab9d6bd27756662d6

SHA512
c1e4a9672da1ed1c82f046f254b8e88e52539cf7ed3ea921e73b8a4d77248fb062c7054dfd2ff29fd1913c471b0cf276efed97b1c698c0ea7e48e525b3882e5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
6e59e1a98b0aa525526b2191557449d7

SHA1
0c79e94a577b4538c080f27532b535cc5c192cb5

SHA256
c52207172b7dbd6345701a061329b301dbece897e1a8bbfb280a3f6972404342

SHA512
fec10b3818bed2d7fce91e5e807e644f827c66d3c3f532bd556c5e93d98a51199078ebe5f0297a7aa1e91dcd710731e4562a6b532df3a475eb19940accf43da7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
d2a15f6bccdec0ece5bfac30ddc749c7

SHA1
6a4c8fa98244c6f3e235610fca479c29dd377cd7

SHA256
93ebd3139b5a70049dd5c02912741727ee572fe6ac7c3bcd19fe06178d866266

SHA512
656c3a623b157d39da50f7eec13afda3e4a7cef329de10dee7f32ebcc3a64e14a5d27dcb608a6ee199c5980fbc6753e11f8132239946ab58adb5934f4f30d65f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
e1da6112181cd5bdaf3409919b53e921

SHA1
3bbc3426b65435d3a5de7e5c6e5d665284a7dda4

SHA256
688be7cacc9404e55e32fffba3c1775d1578fe3b26d15b95d59d36af2166e092

SHA512
d0e9b7ec67c032b83b6d0d71bb2517ddd67c7761a7c07e66b5c72bebbc3ebd7bf3c206a28b28b66447692091a5cbfc2bb383d358ef8f556c9bd36af2a125e2c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
b04c8bd547737643f4a510dd45f17e2d

SHA1
8dbe113b48a338707094e778dc54a4eb646a2817

SHA256
73b615603c1560b5433fedbdd42674dd6d3b66cfe76ff2ecf8a81554eb8da765

SHA512
72fe5059c1089eb1beb9c11f093cbddd49ec5bacdc3cbf5af1a53468e677611d76b1239d87f346a4513ad68633105d8c0ba73f227eeab328e42b58518e4c27d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e6245922b65ff154299ea16d46cf81b8

SHA1
279764a61901e5c837cf05a2a05282d57bec68c4

SHA256
ebb1dbbb40013ac48200cbd3fcd81cc202a3db02abb9c72e9868dd75def4c6c2

SHA512
267db2c4573f3902d529d188d20f40b2a2fe1d1e897c70c7b37c072021c6ded52a3ceca3e09e58200f37ba6bd5739093a90cd321b8f3ab3f6f930a270d39a4d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ab59e6510e2873808e97af37931d547a

SHA1
bdb2c5861371b3ee75603b408a988760e335188e

SHA256
69fdde95d19e5fedb5201302d08d8578b1113acb5ba9ae6b3f3d7c02778bbcda

SHA512
c381661e20da4b45d6c0f5be76a7148301d55ed47dbc4b02b3a6e315ac84c6ffb337eac818f065796956de31f8f6d5a6231437a7fe6679572c857ec50fea456d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e3b0bd8de572c485dcc8d1f5c629a39c

SHA1
d5f1171a2f4bea612f1318b305d95b8192ed72df

SHA256
295aee56cd99d797648b5afba6a74aa9d6136f8e6c89058038c8887d08ef568f

SHA512
f236d9ea0a02d2aa86949d052ca62f002d662550006d5b6a629e3b345f5522ba005a0a361ee85e7e6d7b538273fd9a09e8a800cd191689f83c289204dfd71add

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
33988ffcd9c051d703d56c7d16af9ff2

SHA1
853c2059c39f63ab8b270bb5a80b4eb12ef6c69a

SHA256
ea9dc08686a789e0ddb61cca492f32e1905e52d57d7ba14495cac03f28094829

SHA512
43ce044bd5b13085bad56da78d3bdd0c0f1acacb09d5932c08df93b405d291a25ba5b39d176609e094e27f57ac0eaa780f931c3e7a95002885722473d695f460

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
69d092abbb6bbf9b89caa3ea010e25bf

SHA1
ca03f9e7125bd76bbc8390bf44516b5c1f0d5b58

SHA256
17f99440b0d84f438e22482ddb4c40fb985b2e079c1e1a906c3e4a520b4a14a7

SHA512
d74182da6de469b9ff893f2cd95df3883ccb762448122103a15f0381db36865ddc0e2486482455690241d20a2a72333dc0fd6686c1763f0645050c122102d9ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
d59e0f4abe046b07d630846135526d71

SHA1
c5476854b10da7752e89d02b53cb17495150ae87

SHA256
d5f40abb0cf0fcf7fa2d8c6586d0ccbff347a14fa46ebf4f19c943328dd38df4

SHA512
ab98dfda48840613abcc53a5bc9b9ea1dce9d0139bebd700c7a8c987e17e7279efa6c43161814ec7e3a29dd5ea6355d2b2d02b7e8a7eef5d636809d8a440fb14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
62a1201acc353eb6a97d7160f53b3be0

SHA1
23a87959b76a3095d133db962fb8e87226766757

SHA256
af4002aa1a90d31bad21dcb5801e84895ce3e4535dd82dbef7c5e7f1b78debf9

SHA512
19b5d1e8d5b196424560cbfcc547bb1d79f965b355043ba54536ac0c4713ec1fb40bc381288509c3b6dec0169e78ad15ac1ae5ba2f0330c197163fd70afe2a7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
b95eeae5601968266941f762b576e7f9

SHA1
71893e847b89f5b6a1ee06fb868ad2553d1807b9

SHA256
29e6fdda2d62bf356debe6a59689ef25c183b767fdf65d06663655cb953b784a

SHA512
f3cb3bd4b3e20ffe51cc38ffd0a5052f5db075ef7a62d5651eee655d8adce0722451a40dd1bb29698ac99c946b554b5d077855e7e1a86706a221414cc355a07a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
4d9d99ed2446083eb9198ade592ddff1

SHA1
f2eeba96a975a9f3c8f01f1960f1e6adfb899b5c

SHA256
862024240ac9a67f79dc42480b8b15177705f3dd8f1d4b5e0a4a4a9d99d54ba0

SHA512
5af638d145daa49aa5dde1f8eb5022d928475a384671fb5249b945d73405127c64662c0cea460e57bdde874ea58bbdcc5c0e3bb724472425c1ca30ab6351d7d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
c3b86a50c91369b252d76bf4aedb63d6

SHA1
771fcdfd84a91e8c13d78d177f5b9a1e7a2b7d2c

SHA256
6254d973cf53b4399ff4ae772f93538bf793f62829de02c0da012e321e32d1e9

SHA512
b98306e5e1f3a56df6abb8fc7e1ae8ca34a9c62efcb103f96f76340d4444a10aa6757116d2c30a9ef0b80ab491fb5d95165de1f4bc1863486ccabcae8281ba68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
9dbba1849d53fd91128ae42f4569559b

SHA1
617b79ba72a98582bb45b1aaeaf999cbf390d178

SHA256
240cbd8d705230b03c79d5e06196e6cbc8f5d1418e24c7003044b1aff65b3ab2

SHA512
b78e2cff70655cee41d29407d1c42b9ef87e28939315c8344fc1dabfea242f1e9f6dfef18be2b6ae519650fe4d37f0a2aa634f7475beb57695ffc0c97009f43a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
e262033a2c985b86b24e0b4d74ef26c8

SHA1
8c0d75472feb2cf41ae738dd517b054b97909472

SHA256
b07d00aa11aa9c676a78d226d6ccfdd06c309b3d2ad2327e95e067581fed7214

SHA512
e758e80a57671d60ca949955e6f1812ebec963d01eeddbae51de5d258672858905172ab18fda8e9cd1ed638df789782ef395f41cba287b1a3afc09255e94e995

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4a8d30d0cf75ccf44e4589b484306e42

SHA1
9032783e883c55949a96ccb2ce76f988740021bf

SHA256
ce57f11b4f8fa8dfba2c3ee6eac627324cb433ab9a54b3e7bc951613c4800e25

SHA512
c18ca7321b69459a6c5b1660a95fdc1104bb42891749e37375b12c25eb6e5883a1719c91a37dad4f16654fa3b02a83034bdcbcd1289e375dac7c30c067d69334

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
715e45556ac7e8af6befa257e6a78331

SHA1
9993a97734952086cc86df7b8e47ce8fd2c024f0

SHA256
b6142b7897560becaf8001d6fc66ff07feefb3b2f19fbdd9bad0c0ae92b88a9a

SHA512
ecb1d2a32a34cceb37e491de11facd404231884cf483839fa35b7cb00171808e9a3bf6ce367ea627c47b7e1f4f49d2036957823106db04f17a66e0952178153c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
67f55c073c5cdc81cd085fa20dc96cca

SHA1
0c3cd73ff2122ff626780dfa6f97406040b0e21d

SHA256
47b8ba48922c1b657894dfdd427692eab54c0d41979493920bcbf4f98efe7131

SHA512
e113c1fd71d4853a6b3f8a3884456f0e86c6430ffb799012ac40681dbbacf41ee5fccd78ed761e08609bb0ebe44a75414e24320e467fb7b791e41789ca1f81bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c7efadcf983fff58ab8e55e96f5eb3d1

SHA1
e58aa8571001c1ea0db5852406ac1fba46fec618

SHA256
4733e301dc93af7daf9cb557aa26b0b87a6570c3722cc132ce4404b921796931

SHA512
f425f501bdc0d73ef1c58448872244cd6d572e6ffa67ad95b66ec2e6afeeb71aa6ff1ad13d52dddd59439c207385595efa6ea477fab93ad4a1e6462b9525a8dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
b06b59ce5cf0fb06056924ae3edb8e7f

SHA1
76f1b7db958652855f605d3abd7338172f71dd8d

SHA256
04aba1d47c5a5977d59f988e7b7c16c6f2de90cfc47803ed9134e918ce57cc81

SHA512
75f3613dbf0fe5c1139114771b9a848efcf028a10e8682cb45c9b1f833e914a4a7936444195eb6fb7ee9d4a9ee4115a6c85a90798427892a399fcafd5b871001

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
3d5b30660a5097d2f6ed68b33b9c8c09

SHA1
91ae2d5da91cb1a726cafd9a05a867d552b1db2e

SHA256
0dd58c32584dc5f3ff71c5116b33ef30ba2d9d6c83ab4d888ae9313604c4745a

SHA512
e165acef48f17db15b04fae6ecc4935a90afb5aafe4d22bc974872a86558683064827d3450c37a4c37167738e83113a0cfe10cc6ea1c05a923e729d5e9e17982

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
eaa3aff181b742af290051e11ce49ec4

SHA1
4aab4b2e09c6226fc1b1cfa42dbee81f06d7b03a

SHA256
c1cf2303ed79a83b15418ccd023711960360135ee89aa4eed142c9126dfba34a

SHA512
0e0615a67847fc063e711f1b4ef97a08112f92226680a1c02d77f7f934a01af892df7467e442a9185b8c6f0c20990587c1417d41d4ccf1f439b0c2c9bc494ce2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
1bc74635fc973fc2317b559b097335ba

SHA1
746cb17d3e3a140aa786b15743eb8cbed207bd6e

SHA256
151a442e736a243a69c027f6f90745c921f69d7aabf6f9c017d658a44d785e92

SHA512
8743acee19c2f2d07a33149f55e58e442d7a30cbfff40c7ad5b6d4d055e13c057341007d81454bb6182dec68db19dab86d74efca90e3195ea5bf8745dcbf5d0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
74cccbdf828fa3383a7a75998bd4850f

SHA1
1c02cf22b60668412a9ce18293cf05ec73130ac1

SHA256
bc9dc1b5a432005ceba686df66c38ec8fc0697d413ea4e639f1f83d65c80e1d4

SHA512
8440a5498fbb743cdb5f564205f7b20ee96792bfa48a57703687c7762166e976b76d4a10626160a0e095da16d4a89cbac19c5109fdc33fdf0a3cc0f0d56bd320

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
f57118848db4e0b134f9a662ea78680d

SHA1
75957ff914869fc7318c1a769cfeeb8ec8e395dc

SHA256
91805f9a4282b14adea7b45fd18e477824e2f8a96a0734a86c238377d306a096

SHA512
ac00a0ff8fd7154aaccbfadbe03235ced2d903aa4c7db5d57df0191e71c1053a654c46796a01f5e6d8c449088d1042f9f9cb54eb4b955e2d9c0c499d52e190c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a1fe39f21a01de1b0e865677ecb3e2da

SHA1
fc76f26a64a738c6c2b8fea171267d58378a5834

SHA256
a6706464329a8ddac1a06604bd9b7227a8c6780d69a5cd2ce8295b6532e2da0e

SHA512
008fbdda719ec3debcb13270f6944684814c4b1a7e224b9fcdf31aafb33ebe3738a6511884e469150e4e29f7777f8d00663b347e1bf3372d07c11bdf0fde2a41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
8bc1db02e59c91541866c8a28d858031

SHA1
4da7d0c319645dcaef8bf7d1a5a369dd05ea722e

SHA256
a757226439415f68493692e11aa9d3cbc46452bb708a8a1a739283ab60e4ff91

SHA512
48e7beb7b1406cdc7fea7d692d8a1954a42ae96bfa333ea2941207f7eebfb90b51fbeae45b34f7e8b32727b6e53b3c46219d7567f2750adcc1109cf294e07e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
3e5b2d21fd6ace69b10b2870484cebe6

SHA1
a9601fc0a1561567e53ec4c9e2f5e801fe60c24a

SHA256
c83a02107f0be740dc1bd9328d7f43e0658bc542871c4d1d1c84f2d1278e101f

SHA512
8ec2968ade2479a178ed05620a5cc93974cec71ce69fb343353c305783c08651a65d8667be95e480a0ce7132a405e9be61ce700f8c5d379b5bbc786a3ba1b757

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
e598c26229f240252538941605984ef1

SHA1
f4043f402b0cbca01d9d4eea7134739d218aff44

SHA256
01d7276254a8bbd138df416dad79a723d7e815cfa33757bed1bce17030d9cea6

SHA512
65ed06b849d252ac77587ce8ebcbb1004cbe655d39a65835c45d33577bc6eef49461585173358ef34994469516b199478d84910fd95c6cffe0c9ed2595da9a72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
db0a78f7d044d90aa83e19b219ed9595

SHA1
40b0a5db1d26b72e83f8a53f41dfea761e6c7e72

SHA256
19e249ea24914d99fdcfca4f3e653ee9ba00fbb02e3126135e5739a77a461ad6

SHA512
8cbd78914932b0ef9820af3a31ea632aa7695287b1acbd63d322ffcb8ae1537756e8a018a49c0ae672d956e3149d8ccd964ff87343ca1eb49ca0f3ff01bb5fd1

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
19B

MD5
f460d5b87d924c0e31115f3eba153e5d

SHA1
97f7b67f96b8946da3b2d01bd19fbe502bfef4bf

SHA256
aa804d8fb0ee963c022b36b10dbea6a91f1b33466b05f3e2a3768452e90efa89

SHA512
6dd98d33e049a5f380c5caa36a22da3e070f258630819625a2b6f88e21a7695016a6a558acec5e55b370ebc3ccff9f72734a55d153e686baa1ba7ba9be13562e

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
4ccf980b0312492ee9c013d7c5c6b558

SHA1
b9488492c319f700ae8d88b64f9193fb752c38f0

SHA256
d2eb0d0a7e1ae825764e53f07d27a152f0667ebcae628485014fa26d49df2fcf

SHA512
9972713857da90e3635a0b2b3be572a9a91ccf0bf187078045c7d3d2d2c82d3288552fbf09b7d7bf902d5e59347ee82376df5e87b42bf2c762139d097b1c74a1

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll

Filesize
95KB

MD5
257e1d0894aadd68c684211e9206fe51

SHA1
0f83448ddcb6670991b71122ce50fe89dcf4576f

SHA256
a5996389099c80c4538daa3c6185782e7bb658d17ba6095a8bd99a909f6ab07e

SHA512
744d2073cc72046b7edb798da3e9acc4e6ea78dfe6295d6b241eb9ec326b1d352414e3de0bf3b7244eee6897c17d5b9cf2e7354bd7ca9b8027ea903b35ef84a9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll

Filesize
36KB

MD5
18239acb195b5ddcbdf9a4989d526b4b

SHA1
4fa203d7cfa6add9e9fe6edd37decfa8419c423b

SHA256
8a07f9e1e2a099e2df557e05c850efa5922c7e51bc0621756996d0a4d525184f

SHA512
74782dc1f48b77fb1349e5a297d98469278584b8b068707ba4733d5d9c441f7c81705989ee905b06cbe452afed7a9487602de70d716bc3bc61a1f0e18e403aa6

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
a94cf026bc02d70266ba82d2e2b79dff

SHA1
0871f993404bf286519f1737be58c5e3af95db9d

SHA256
c712b2e73b5371ca3ea759a6ac15b342525c8a9505fd2e4c2b9c7bf34ec30c04

SHA512
352ee310a06981d06c94753594caca876cae75f0b32487fa09bbb28f9ba8fd344ea986cc3da649328259d181cc87c9510d91d450b818f3088539a11a7839a8ea

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
056837a1435b1ef6ea1379e519070e82

SHA1
42076662b73cdbfa0e3940a9aaa32fdd874a797d

SHA256
ff7e94660c9a12f46c66692a62ac7b31710f5d4f111cc64436e082f2d658986c

SHA512
6304f76d3b4ce035eb87f808708396df7d842f664607008741c0e8029b5c4512d561774679e5ecb67ff3b792efbb72dc991c6f782971601b97cd8749ca332223

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
919e33c71497e4b2b51ff5b85ee95b27

SHA1
547eb598001c144cbbb14a45af205bc531d1b359

SHA256
946b5eaa1524365aeb3a6677eace33f3d5d82b69827056b5e43f90247d363f0e

SHA512
c751dd9acfeef47442f3fb3b789e2173ea7b1481eca0b84d0c1aadfb620a9fab2a330e1f52fc1159d4f648db22b88ca737ad497b26b628b688304458589d73f1

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
c4d7a631b5fefd64151e3ddb771ee290

SHA1
80effe86f1de59acd5f1f1283c1b67345a5fb02b

SHA256
6ebf2a9f8d7757b5a4f896076eb3a307e53aff636ed5766a84560302ff8067a9

SHA512
cc6d0524699a35b0e5211aad34dae95d916ebe09b50a6cbec775c8ab7b8faffd1d22d6b3eda8498a9be70dcc3d685db3b90378eddd14c2d1b34ca665ff2842f0

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
b45f2f9db1435c62bfa36ad79e7d8c30

SHA1
abdf5a9b9a5200cd9e6de24135cef4e4390d07d4

SHA256
51b74d37684e22d95f8c469f6d4a0facff341a607c642df40a29e198c244d3a8

SHA512
c64d90272b294848c51c7d7bf9fd78c6e75aaa59f78d1091bb78aa7920b9efe61f466f48ede9c78e4241ac9d780c2d06d6075e29d56c7450f6f5bb8a1135912c

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
3a20cdd485975c6d8bca1178269735d5

SHA1
f666b1b520bbe784ca4c30ad2a0126d79bbdbf19

SHA256
25a67ceccc7516a4dbbf1b6d9bafe2adad751c4ce7726a12232d04c93f4ba4b9

SHA512
910557ad38f80892646cbf6aa5a98b27ce118feac898d0578c59509b75195dd46c72d99e785fcd5a9fd8d932f4eafddcb8d8b2978b428855b4bf712918ca4dfe

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
e5f0a4072a937fb5979237f44c56b893

SHA1
a2a9f5afeec6b2c13b35fbe9e82c6952aa8bd8e6

SHA256
ff9709305f3dfbb8954bfb6bf664fa90b6c5b2fb4f77f00c46e3b5dcd9010857

SHA512
7a27ee00e46c37e9431d461bf16cb0426c14b7ca1fc25065e404983b6f4e3ad8f1fd757a997b310404cb6e30f376cc3d54e6f82190996c3370d9f18caeb4bef9

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
ccf066851814d41eff0b0b9c78aec085

SHA1
e576e8e30332f28f12ec78dd0dde45da74bc189b

SHA256
428f74a4927ef29ee89ce38b8798aaff84c5bd20d9d42bd86c42a5644867e687

SHA512
058ba302319e8eeb1cfdf2c7094fb6ba893ef634da39e297b9956a16f3dccf65e212f6ccc075abb1cef0d3f3b72f5e08093b7ffb9f011188b1070c3d51daeb9b

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
2034931de129a88f66c662985bda8cd6

SHA1
3d5c472f2ec8b195f8c6827513c50b370d615553

SHA256
64a838f1a6ec5780dd3328d0d1862405eacb52740aa57e578297b3b334a06df9

SHA512
c52a4a65bd1046c330962d344565b3e24224fe0c67f919901ec0e7fdc2eed20f94fdedd52f70586d50d6364ee768315ba7db4b42a4633a4c1961f61bb4ac1f3d

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
77118f1e1ad7845e7f76d5ae3222998a

SHA1
51796e031f32a6497cecb2e54b1f1ef911c239cd

SHA256
8d1a42603e5c13a6dc51d14b39bcc1925ca2a0db2548dec2b0c454f11b4f34eb

SHA512
1eb7da5894e3ff14ce4d1debd08f125b5a0f59db94a4ecb3fd7903e5dd46e8199cbc9fa39098aded00bc2cb5956c981ac6ed282458ac54d7bf793a957b1d66a5

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
e67694a2cb99024c1083e51b41168ddf

SHA1
2ca494d2ed185724a5e12b63a95418c0835dfe34

SHA256
93aba363e231d595d673138d56b32943f2304d104d0c04b0c9325b799fb3448d

SHA512
a4ccd2f3dcedaf63766bccd0c83697df9d84fd67a5d67fe69d9d31c4ada3b0bd91258ce781315f14b2a2350d142539fb86e5fa50c5e8125c42e20fa125b16f36

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
12KB

MD5
f19bf58b30f175260c51351f891000ea

SHA1
833ff1c6a4b8f90cfc03cb57b21b9f7d7554c7e5

SHA256
935e01a9c4e2ad94a8ef577c022773986e1c23342552f8e73c8a29f8913a8a49

SHA512
f8d8ac70f122152145d1f6ede3a4cac7f76723893a2a0ac72830cbab51881675fb7baa1ad5aab80ae092348158e77372f3ad31d8c2ea0776021bc0efa4695ed2

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
f80e4bea0558b5a878a6900022ae1f21

SHA1
2f9612e47adfc4d5d3caecff1cdfc92b4de8d028

SHA256
34e21a3620731cc2e31a0165562569f395936354a7f75dc366cb8997cccdebef

SHA512
76b8558b755870152eda9f0bb9c5065ce04172c224646738a4862b97be2a728ce50b914271563bf8c674b94495768d92ad1674981fb0dfcfbf03ccacbbe66823

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
b4e9162a0c54d0ecd9f9cafcd7a5cc19

SHA1
09ec9d9b31d53b1baabbba49dd2d8d89230e6ed6

SHA256
78af84de57171dc26f04a3cc4fcb5e6a6105b2b6a456beefff1383b41a5ccab3

SHA512
f8a98a10fae220ee900d0817acba5904307043424298e52e1f3ffb95759771528579466f9e0cecdf3ec3e84af89284d0efc7e0c07f23ec7bd6cf15c617ab49d9

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
fb39164ad1a0b578526c79a3fdecc27d

SHA1
3be8cefb97342bd4b56706283d2f4cafad54a43d

SHA256
265631b0f8269988f8dfa26d1d0d2aabaade3ea354e75a4bc2c641e1712a3d2d

SHA512
afc40b390bf410d4ec28977d14a08f66897549068fc73d93efeee497c6b703c5cf6eca303751db7196d388cfb47117367a95f41edbb2a372f1bd3ea75c021bf4

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
7068167a29109bd5633ca152a81c7991

SHA1
34a19cf2c3caeb174ab4d7fa69777e8bfd0bd46b

SHA256
fc71a7badbc2a570c567366406a5c34bb90083b69b8a4e02d722b39a9f2aba37

SHA512
338e59039aa2852760eba72500383a7a18fbaaa30aa3efc52d7dbe9d00a6e5b3333a8ebe369c22d88a82fbe11d565b8d2bc897baba564ea8ee77af28884833a7

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
a67b97e5bfda9139a3b3ea99ede85c03

SHA1
3a81cb305719eb292db3a1e4e6fa8483a6e5f8e3

SHA256
e869712ba9478a5122ada11b7dfdb1e30a8c1f82da34c753d60d991cfc7f4106

SHA512
7cd153f017605e5000932a7f2bd4208afca4ce81eabbfec0e033c78224416c1b2365155cd9b4c6defdfce20b2bca194ec009694455e4d395aef6137f7976cc3b

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
cf8254c3264c2b8ef6b85b1bda10b9c2

SHA1
bffd12f8d216d37ce93b18f3a4f1d6d45197f814

SHA256
acd464859b099088ace03ba8742ca7acd3d93f85f404d797bd366477b7b29b1d

SHA512
5bae7a2d980726456d64fc4b1498be8aff44297bf247460f5ae54d5a3a9e66ac5f4074fd0e405f8385cf082190dd1a87053d98d9621316dbfb61de362ac4f206

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll

Filesize
11KB

MD5
ce7d23654f53aa78c9e4a005cdc0805c

SHA1
b1118e038e5ab356385d36c91572165c5e15cf3a

SHA256
3e4dc2cdf9ae64749b1f1d8aedc635db6ce6a8053981287718cac46a6943c761

SHA512
33e8e484979b45a78401e67f0d27d5147963ae3692c16816154677ea89235bd32ef192e85132f867ab3326909d2f5e1d7f91273852effbcb490313d0c3bdafcd

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
11KB

MD5
897b551e5b6a503f3d8a5e0c4e15bbd4

SHA1
39407941cc1fbde9b16e7bed264f097bed319e57

SHA256
e141df55e731c388d19cc7e9cfc1e1af11843699d56c457cc0ebedf61ce34e3a

SHA512
6aa4ea00dacf98209d09cc0b47ece245950b94fb0002db31ea6c312ac62671be7bc13644a11c72d0ce75ac0b9a71749c07935e3f449ebc77d0a07dc63cc7a9d8

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
168cc20cc3358262b4aa912ce1a66b89

SHA1
9a3b0900256c4315a7a368b63420402c03e752cc

SHA256
eadc5f60686231c27f4c575883489d46f64af479552100369ed31f4d9afd42d4

SHA512
800b28b4bce3d535ba044fee4d42c483193b49dd9fba741fbd55e1b373dd3750d9d2833e61c3ae14881b3fb69e8181bd4618389410309bf48ba852a3562f1289

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
3de91b59b6fabc073bb6e13c263d52cc

SHA1
ee6b62ded49eb5e4bf4df71853124998bd24558f

SHA256
fadeea7d55daf4c174992b204febe815ceb6ab7004498800aa2f9fc3d70ff2e4

SHA512
f368860085e2191f5ff45dcc197cdb329701d07e493eb0616d67a049634d2324901cf8e6554f361cad447e6a9b6d9be726b03f6c82cc7c623bf39c7696280f05

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
e6fdb15cc6f3e886c99a3c6178bf3c82

SHA1
141ee1aa4d23ca94aa78f4802de7800b1f01cb6b

SHA256
bab4ee9c0ba25ec5403399da1507b8755490a3e9290670e76dd3882475066465

SHA512
ff59340cd160308ed60c270fa5efc8809cdbadfadb843908a9653716143b477e10575e2a71fea89183a1224cdd664e897a5d693674acf133d28ec67984563847

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
7b446e8d42f156bedfdd6118a49ede97

SHA1
70cc806885806d5ddf83b40ae93d0b065ee333b0

SHA256
0be630c5b2c8a6b85ad7bb94f0aea332b3e0de1165b71de029f1caac406a2d08

SHA512
1cf9ea115cf6189ffb4f67150c242227bcd78e5d38a8cc9c4474386954482ddc8ade17e66a66a44e9a7f629586d9a1d6f716cda80030afc22ddfe340886c2e97

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
f5f445515c73efbb3f67b6aa9b8bc8b1

SHA1
7b1db41257ee569cc77632eb03ad50060101cb02

SHA256
5276ea80ad81a115a8f68b83b348e33b1af1cddbe01e823e446a06c77b33dbaf

SHA512
b8f6b4e277885ff2ec54d1f79ec441fcdad8a35c70d1735c8813453b7e444679f260fa1767558e4344905b25abd1f85221d4ab9f3878de664aa023030a658210

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
766324a5b6fab1cbb7bfed082e78a781

SHA1
431edaa545303aa0ce5068566f1f1e5649bedb2e

SHA256
d2818f8578b3f6cabf9ccaee202dbf1745f31a1a1e3f8234cad517107704152c

SHA512
189e5c3e50402976533b99d1c348fd02bff6031ffa7175b2442f68ce57bc10b02ed2fcd9d21ddc5e0db220ecccdc3596cdcada8c759d3f51867746d869bf4339

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
c6b6ba7a9e17be8fb2b73ff6882db0e1

SHA1
2fc84943c243a6a11a2fb9e37371e97c6c9ceea0

SHA256
6a4a5d79d0df63dcdc3be19660a5c539b846f6e7bf31a354a451ebfcf00a1207

SHA512
adcab5a65c7a7c7acaa1572ab5df89903cab6ed99bdfe29aa45faad1f779007f185641dfb6ea4409f77f3b766ac47a116895aaa3da9d74b55295624e0b4ccb65

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
11b69dbbc6a0960b29f862c7fc96e840

SHA1
4c7552bd6d47618502967778d37ce36fd3a6197b

SHA256
6250b65379c05ef77c510b69be95651e978a1188c634768d5625b0a432829e15

SHA512
d8de6c5abd1facf01ec9d3abf8f3721b3128f070a0ddfa4e930dc25801c818427a9e5300725c5fba1a09934197cbfb489a635adee5c2b4b103fd91ff191dbf6f

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
73b504506a3ea22b4ac5430d590c979a

SHA1
da36688cb41e1c831b27ceccadbeab9610f3985e

SHA256
94c1f056dfd38be15083782bf80b2848de3daf0d6f71e2469462391ab2c1f9da

SHA512
12225277ba8a0ce0b7fe98fe8f360dd051e0bf4ac8db36c4b77c96706c776a37acfaf0d4f94649e60e6de6b9bf49683db863a8e9777f0a200f96dbfe24bddb06

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
1231c572aacac7855a79b491c94edaa1

SHA1
f5ee8442573c002f04473a2c8f22835b208ace3f

SHA256
c2672eb665e97d87a027b8de5d2a211539aa5b6f54c3d7b468c891071189b28e

SHA512
738ca7f6f542df85aaab04e24248bfc47ddd4fdd7429dc2f0d2f16f8d4a89925a9a7fe1efae09b872e6fc9350a2f4c3cf021221b3b94fae2a9d63fa7a6a596b4

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
e1e106ebece9a3bb87ef455ca7d791fb

SHA1
5410b7a7a2bff1d51592ed0372bf56e279b931be

SHA256
34d63396c179edc8cce2dc3669ca87f56a5ed418740d9a9803fa871aa90a7e84

SHA512
e3a1557348ac744ad7c750c819041ee40a6eeff6cccb126a5ea1783da96a286f9807a2377036a01f5805352dc3a771741b43f9e9efa03dd9ab196620bfa822f9

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
a0fab336358b2b7c971149b77517b202

SHA1
b23453d508a1ef425b7d62a70d2aabc592738b6f

SHA256
0614f49cc24866762a6432107c4a0e4adbba3eacdca42ab9d80a1ad2fd37641d

SHA512
365d241ae6f2fed16e4f28226807b39605b1dacb41a5b56e280f46022dc4d317d7213452293f7cac1f82ce9040a425d997b6986023d8d8a5b6d8273de6dc6428

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
f30e91dfa0fe76f8dbf71fac420c52e4

SHA1
f16f1db9eeee6e0b017e2d35c014625542c8bd5e

SHA256
6691256ea034c2363ebede4ce55e5d725b471e81f5bb86fb60195c8fdab7c9fc

SHA512
56d2d4a330eec3db90f32532a09ae59016545d4ea75918b2488c2d9751332dc37196fa82dbe07ab581a35c4b11e0b5ac0e0e3ccc6e02b1f85a44b4f4b2b33ac9

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
66a74cbc1c8355353e9f08be79964473

SHA1
6aba8224cba5b7256b3e513ffefcb92e150f9fc0

SHA256
05c2c1df1fe51fd0d67634e79ba0310ad2e4deb5476738230154f688d10e8231

SHA512
f9a7357f87cc41ff5f7272636004704f91186c7f318b43eab19b61bbdcde8fabcf888610bc3b0b16aabfaac4050f237e285c7fe9c0c6a80007285a1988890049

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll

Filesize
62KB

MD5
c11dde12917b2c516e431a17e2eb03bd

SHA1
73b915025b66ee3c790abcb81429e1ebe7568689

SHA256
40de414641120ca2a5a8d6cc2939fed766cd40c24eb72f6e8b39e85ea878631f

SHA512
f0b12d55e6610c35179407c05fb2813c77377ecbeba5ae35d7dca37c46a45db04ed4b24c8cda4d3d338c03eda9007e62f3544cac140c279f88338eadc9889ba4

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
055264b727c7476a9a9fd633474d537f

SHA1
6109e250651c6560cd64c04622f71a32b879d45c

SHA256
6eb48ec0ca64cca0c7cad7aafcd761f1bf93acd9a7635a01095daaf2e4684a6f

SHA512
26e670586535ca88d1a5f3d3d6ac1171ab80e525bc71d0ae052e5db0019866e2e6a5b98a57304f1f0b4d7739fb96dd0956b924872268197a9dca67a47d0f769a

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
25d949392f8fed0f81ae336d109131af

SHA1
d58f2fa1ffc08bf1534349b7997f9cb74f0cdc4a

SHA256
b4fb4b1d533fd2a73a62e2969142f00123b545a9ec8164c7855ed95e3ac176f0

SHA512
9b59e1cb910f63e05416cab7b18664eff474c4d0310f0637ea090ac8a994b73877d97e47dca4fcdb84614ac53052bd19abe90c9273da1b117321e1b03eb5b976

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f6480177f5a00b91999201ecc593fefa

SHA1
ff11b6dd951655c6a8918aa3c2931a50c7c0b560

SHA256
718275b2ed6474030556d0c0832dc4dca69cc649d504614a98af6787b4bea6cb

SHA512
7b37a7ddfea1f214956a959e18a1358859c53e2e514de9e94f2ab4d1c30a8bb0ac6c950b2f5b382e4633fc8e29c10f646ec80bb5e2e8283ba2925024f1e99316

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
7ab8db9aeb2b1af5fa81a767d1057a59

SHA1
3ba759deff383f941cc580a400187f33e15858f3

SHA256
9de22069641b368bffd96a1397400b58ea2d75813f93f6d516c867076a19f149

SHA512
cd3cf17f1096a26fba47d1040adb069b1844fba0817884b1267a9d4235841ad26a42e3ec77a02253a2380b7357cbe2139b8a566bd8f3cd884de182c2adf320c6

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
dab85581ecf47f9592ffc47485e54d51

SHA1
e19e02b51c6c039ec3ef789c35a778f10a4aa67c

SHA256
f5e33a2190df73c8bc209217757a88ff5d2f9291814ced1fab9b72b476d1b71e

SHA512
e54b65344ea4075966ddc3b89392d62c854b8a053bbe72a7a73aebe62523bd2b922e4790dfd70547c5cb0c0dbe187cd9bec9530b9bd63d44ff202aaf17b22ec0

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
c1e7e598637872138e5598261f589407

SHA1
1727b822cb8b47009b0f31465a784c4f7a7299b7

SHA256
3a220ab4f3c6b87c6ab81044fb278bc119314c9a8054da626f7eaedc28e3c6f9

SHA512
812b8e9b8fe08a14c8b41c64686b4e9000568af9cb9933e97d37516675cb1a195dbe85512b92b5d4307e62f539de1b10fd6d47c2c927c97b963da1d6ec5a1de9

Download Submit
C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll

Filesize
1011KB

MD5
ff9f78b068c7a6e4c9dfd4e3c553db28

SHA1
56dc34d82cd192cc2eb89e5c54746d0603a7d22d

SHA256
8f35c557d90d574e765d754c8f6dc025144c96e863b75cf00059fd99ca0e1660

SHA512
116768b9005c9cce739a218531c48d6b597be6b6b526a5e096fc53e8a1ed2b5630dfb4024b6a8ad1ff5dcf211f8efaa5864d590376b67ceecbedc4895cbe28b1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll

Filesize
274KB

MD5
4ca41044b3165d2bdc2d2e002408211c

SHA1
4300c9d513443f6f5f5d8836f193a0f811f5e719

SHA256
e0e5e022771280b30e958d91eb869d9fb4e58849bb4637286adb83bcdb296fd9

SHA512
6a00d783584b675aed60d8f2b88628231e06d9aa0f63edf9cb1faa6b9e66102221a14b9ffa29a07ca98ef79681ce73dc058d67aba1dd21d81049382481837bb4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
102f0ec98a68283e1533a866e21860ba

SHA1
79a25c8c45a2abc72fb7c816002d8f6c9789726e

SHA256
415a2e66d3fb77ebf025655f20dad40c71cb1747c39737948c7335b46086adab

SHA512
48a538560fa2eb1003c4112f8486663132a2bc5519021a1ccb0108adaee27f4f7853a05f6d199e945ca28b9208a386f499d1f3ff0c95606e9390d2c871a0e2f1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bc4022d764d63e8616b5382fa7411336

SHA1
fd8d6186224f30e01fedc4a1c4482638e49fa7c5

SHA256
f3cd535c6336d47dd8d89b95ad2f1a61b286ec4b0c4e05bc31df9d6b202ac453

SHA512
ac62642532a3c2f42d49502269e077b7baabd744726228ef1ebbea0592ba6970888eaa1ece8fe210053be375c4d3ec8b514316620df0f403211cf8180470a56a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
f22bd832226626c87c4e506776b7a9ad

SHA1
2b69dd0ece3131f2620e5cf5b921a6bb1619a47b

SHA256
c0ed1131538d3de2cef305b81adf3b4810d0edf1ffe6d56f84d6163c9fad405e

SHA512
b38c2f81add4748c2738b5b8e5e4f306f610f46e57c2d4552cca6ce7e2bddbd19a82a991d8069521b0b134e5150fe72adf60c041387a0b541b0048216c93f837

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
5ce05e212d07775f3cefa7e4442a9c87

SHA1
6f40a4bc3cd637e752a47b07240a5edba4c34d39

SHA256
149392f0019b63798957100a77ddb672a40d2877312e5c59320f294c2162f336

SHA512
f1d561071ca93d1782a3908214f7b2bf1462970b63069440ab4f7a78eb3c95c5b35a08d4f6228a1a8778dbaebd6218fdc2b4bbe5277149e06f9c40e16a5732b7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
ba391c6e18efe7489dd5dcaeb7d3b2be

SHA1
19bc33ad5cc312314cc14169cf05f85297d3afca

SHA256
e156a08ffef9b33b6f166291d8f6f4a41b9ed1cb1a79d12caac85f355ec58a0e

SHA512
f68d9e288d06745daf4e549fc78ed0dabbb8cc30e8c51d3ee27822a0311a9fad35414f25c0f8cc5d7e232263ab366eadd4282e3b4c3016c9cde5921d42a47176

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
269bbac5b2a55fc1c3475b05b00b1c36

SHA1
c4e15113258128e2003fb7a0fb2a147f585ebaae

SHA256
b179f5067d017a74ca7b76245883507baf417f50fb42f85c1f795bedd055158e

SHA512
02c7b9835d2445bd3157785c11f62f4d98051d188988f08992234974e16929cc7bf77e464974a2e841b2d1749264b62eb269e3a85674aa629d4e70cc085530c7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll

Filesize
11KB

MD5
b356fa48df30c1258ac5fae3ddbc90ef

SHA1
2a68e20908e5ae234d2643dc9220623c89dde341

SHA256
eed3b097e38b2ed02d5b8560bd9924bd914998a529325a82ff0a387ec918d576

SHA512
93ede0f5d74fce61ea2b1379bbec5400ed0dc261b29d009e6320ea340c66442700a84bea0ddf041c2a64a81b2dcbd74bc8571ff2bf7a623bd67cc8bc6dc4a287

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
11c8c08bfb2fee3154a7ef69b1668806

SHA1
822c7492b74cfef141f7baf150c4a9c8cc0b5af0

SHA256
361966773e3f5f96e45959c9eaf52a40c8e70de136c3580a574bc29b4109778b

SHA512
03eb5d097553abaaff4df1c9260b5dc2b4cf7e5424e3bccf438f5c719fa4b3e6855c3d2f86323df57c0facbddbcd5e0b056d8cec020bc8082f949c22d76bfeab

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
e084208819611b8c3755701c078000d8

SHA1
6a139d65d9cdc45395718094af503d872b06a283

SHA256
a832b7d0448512472001585343138e583ef1ea5f03832089846f0dfb820c0ab8

SHA512
0bfefec6f06b9d8f657ab900f77f4d3f000f2ea9f5c1bf6510acdc2aab905e6ce98c11defccdc332e6641773e3fb77b14ff701874117763179761c4a46f3ddfe

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
f4c7a6e0b998dc7efae2df2c1c6fe7ee

SHA1
4c8eedad0e7e22035a978a202b89b6bdb5a5b087

SHA256
8f9fca62bd9d440145cf10dc33d865beba5d2ab9fbd42300c0b0c7cf22c76180

SHA512
e3fcea61005af750963609933a9b9293434711ee240ec6164fcd8a4080e5d818076b44663ba71b9d8f76936b20a2d88709318aa9fa7aa691a63626c4332107d0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
0eb6d6fb5e35a9b5ad225702fa6cc86b

SHA1
aacfd786ef2e9717e2e388c7d603c336027aca9a

SHA256
ebba56c109dbe3cb24f3b000f7e631ef201eafd9d4b64fe4cefd3d193e476ceb

SHA512
faa465c68287f7e7690f31dac9b6ced306f001dcc2ac22b5bebc018fd2cffe96d4c357a61d093328e730a6fb0b2d26c032258717baa92f7b6ea59545b9e899f6

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
da4656104dcf880d6b25b85e544e0fc1

SHA1
c462fbc05eeffc77e2de15ba99bf75728ce3a762

SHA256
c304ca64a87b305d5b86e0579dad29b72babddd5ca8e1aa5853657158e22544f

SHA512
aeef44a1769db757d682a51edd27216942276ac05c76dc567a271712b40db4ebd61f7ae45663163230d991cb8a84a1ca3081a21567a98625576fdbf258aba20d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
f7dbb80259f0381c46a2ea87e2c42683

SHA1
64b3db9a8beeab67e43c7134baf9566229bcfeb5

SHA256
525cc065541d42b5c73f767ecf42b9211b55e24d47660c3395333b7bad267ed4

SHA512
435f2087475c4b75fa55a351ed7b146b0ebff0967227beed373e308a84d5aec83172e70004746238c73fdd5ffae034716886ff4297d7dca7865d2a7ac3305fce

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
bf88a4e07b792eea9a84584c90c85d75

SHA1
53a75d040e92616f6759e272a5b497e8be379a77

SHA256
398d1756729239b5e6203a9f82215000e82f7ea73ddb4400547b421af79ef50f

SHA512
7c895b4db5a1dfe2a33be818ba5ef0e95f0e69a4e65d0856f17216b6376a14d449d560843c8388de2a8cd979b9004790349b6d9484c587e489eba050b567d965

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
cc3d2fa991463395944e50541efffd61

SHA1
8f0fd8c0a3287c215a42f94a4a0a7a728c8d92f1

SHA256
b7834488780eee564c25c49f70f991aa2670bff754559a1edc02726f0d62047a

SHA512
15203411300d1f0119d4024de1a4a6f1915625cb2d6c33d04ec97c335389cbfc9079e0ec89027fe7db553ca891c1e6e9e7eeb420412ae62938b04f3fc6745b61

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll

Filesize
69KB

MD5
6c691aa591641668410b0b03ef4b1479

SHA1
d4080eb49acae165762fd218a97925af926a4aa1

SHA256
593b6c93e4c5d4602a1a5877719ea57b7e9d1ecbe8b56c41ca6c9ca7f5ef0e56

SHA512
583ee616045ebebf447953d6f85fda5bc894ab43169f8c06b55ce477fd705dab0005624533e9c6d145eda4bda52cda439f5fd9b4dddb8d44d19918cba34d096e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
6a8610741b85d325b62c50245f0ecd2d

SHA1
db8c8f5c4c01a1412246b7431fc7351c82e69e80

SHA256
00fd67f10e29211f0037ad1a95f16a7acc7302a071142c95bbbbfbce316f50ac

SHA512
abb5b7e8c6474579f048345919e6c10a7d0e96732c5abcd8bfea4afae1847951bb029f9f47dc862dfc58f3a25d5faea1b19c1e381461b4e6252c0472a4369637

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
5d1ad0a1e0a9400405b5da7b44b837fd

SHA1
3125a1522f06d74a567d80155d1825353116f2e3

SHA256
603be0537352171487737e06eef316e2b22f7287e20232caf7db05743bbc01f1

SHA512
6fa0056fc40e4a3061cf5c139766403e4adbcd015339e63e028aad2e620f51d1a336fb96e226ec2429aeff711778be40451b4beb23037a0cd570f770f6cff902

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
52526fd0eb0d94666c85dbf3296453cd

SHA1
6d23f0fb543adca598ed217a1395d3c7fb0f9070

SHA256
c42333b50cb455040eda82253fc94fbe5fee6ffedbb5bcd55c53ce67ab4077d1

SHA512
cb9ae944b74c54308852b51349a71a5f37ee17cac3b3838f1a1f69b525685dd273cdc590b9cbdf9fd7f554a182cd77010bc18ebd5b59589f044af1c2b7a4a948

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
4b873849c5b21fd6599e4c4b1d8cd547

SHA1
315d38bf568596f095fdd68529812c255c7cda51

SHA256
abee8cd89111fb67ddb7629d104bf1b3cf3eba7c70a6462aa9b968b669ec958d

SHA512
196c47e3ae74930c762e95199cd2eb1e5b638a65fa2ff5ff17813441d435125b2838e677534c3e0362df25d194f6b3b1064710d3fe6605c9489dc709050576be

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
e3fb3fd9e1600ededefe59792b24fba1

SHA1
de72cfee0621140d7c396807e65cf1c2ed805973

SHA256
86ff45a3bb1cb40837c4d3cfac2f68dc75712b71894cbdde60b8e8532d154b57

SHA512
0de769c2be9a91ded45e9e46ae785115b81ec54d98bb7828349f367e561df4bd54d557e256c61222bcd242eeae181636cd610a32808a565e830314831e9e5c69

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
656860deda66657ab9c82470ccf05cbc

SHA1
c284ab9e59637515f2a9b00d66e73890d09d0205

SHA256
7e97bab9dde0b25a8a4b079070e57d0f8076507dd9524a272018b600f371f565

SHA512
5fe314580dd7c7d73939aa715a6961f4dd26164e7fc5c85dc50dc8bd147931aa4da765b5adfb194dd1754172361a442414d9718fa9508434352388929e2d6ee7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\concrt140.dll

Filesize
324KB

MD5
457a9ad31611994f58fca57cacc40be0

SHA1
a95f6f7caaac7e0ad66a27527a74d02b9dd1763c

SHA256
1ac15d3edce01460d5dce2719385a7485b46b33aa9b24add339a35a982082c90

SHA512
f5c8fc6947f8143dbb659532f549cc9ffd84ae80ff2e3658d0f33c309b9a832c704db6aba2ad1d6e8e9f624f34a0dda6b92694057169fa35085c6f2e1fab56f2

Download Submit
C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll

Filesize
358KB

MD5
26be55e9ef6a0d8827cb77e0f66456c3

SHA1
a34e18dada977f0b7b2736d1edafcdc9a7195c37

SHA256
c93a90c69752fa897a5740598afeaf0899bd5fedc63afd60666068df1394f2ee

SHA512
522d33af43dfa38c0be37a4c1a098a97ba93ad81626f45dac000a0e5f05afb4c6089e9c9c2481f4f1ced15a92a3627ec98028e4c03917b25c2d7b11792119e41

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll

Filesize
5.6MB

MD5
15c1530f7ea9fa140d8ff2360640916c

SHA1
32e0b028ef68981d54c085d74857351527929a90

SHA256
507774b9ba401993be14336141983c2b0c62f454d9a4c56d7d194db593e02ad7

SHA512
3b97dfff910474ac15c99c0a95b356ac21de18bdb2199f3ed3461a57dae26a8bdae56f04f22feaa522ff378b5a529bbdfc4015e7d34959d608c2c9276b9e1d49

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll

Filesize
644KB

MD5
c7e6de889fe78a851ed7c1aaf21f844f

SHA1
282db0ca74d12c74c8d519e1899e902eba7f3f85

SHA256
99d8c06f0701cc6c104400dfb694b7bbc7b855ad1eb43cf2809cc5d83665d8c3

SHA512
e7e0adf567c98f881ddf0292a74bb5fa01404c45bb6304d441723a2edacc82146ecca6023b24c3b8d23d475696445b16cf11da12ab7717f4caccbc9d2aa49e33

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll

Filesize
613KB

MD5
a9a8fac8a8c39cde4584cc86346530ae

SHA1
b8836b89f92fa7c1b886eda0014bc1b76992d02d

SHA256
5b17c15afd86205019c725ec26d54e4df8507130c57ee72f0e4b8af44b5661d0

SHA512
51b203aca531572dbcf2b64816a30dcd872ba22b98091723c406765cee5450189927479ad7e7bce914cc06aa9e842416d07e34f2a6a15995930ab9ed8bf35577

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll

Filesize
940KB

MD5
3877e5f4075c7267e62f66bb1a3d5dbf

SHA1
9a340658f7a814bb3dc521f571ba8a9973bb69ea

SHA256
3afb8244d048ce5b955aa9c006ac63a260763f76e123d5427dba79053f160552

SHA512
c90bde1e972953d6ed27ad000af92e4182376c201c6be3ea6be4a35275e3fb0082455dba3da5be69a727373deb2c1e8c343a01fa2dcb7b4d45717f2e34afc931

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll

Filesize
83KB

MD5
4e3c56a200ad43f49b249002ded279dc

SHA1
5a9f44de62b8928c07b3e86712e70f8cd769ea46

SHA256
074dd70576b5769e3ab9aeb3f76ee416dcb2b14ef23a5bdccbe676c85e5e4b40

SHA512
bc54dc0e12867485e401746618a2147050e550aa922bab7036762db1cfd4ba830a3593c02f629a51396ca6e468053578059dfc725daec207ee4deaf5629507ba

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
9ab44d70d614b2aab590fd595528e762

SHA1
61efd440b2e7895f9ce565b0ea3b85e94f5cf5f8

SHA256
0d1cbd468278eeff024984c4a504765f8ad63dc853c5fe2f6f99fb1653d534c8

SHA512
0304e0763a78d3ca44c48db316bb61aba82c8b06d784f588aab0b8fe727840daf72985e69484dd9f2dee55d36005464bc77f7d11e1d12b95cbaf66ef0b280dec

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
23977e902ed17860454b2c5d0cbfdf09

SHA1
5637480418f1c3bf24a39d81948e024d0c16e763

SHA256
17b029e919f024efee93c9dfbe817f7801e60777ace958e83ab097eb4b229581

SHA512
068b52289d92fcfa0baf0a59be3a5f7336ac14b2531cb6608b8f40a227a62fa7da53d20a88ae73850709283e22d331c353d92d6b8d2d44a87006f3bf03465ea3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
c598b6b5028f71279d46b8fb3b6afc7e

SHA1
280740876d47b7f6c9e5b8197d8bd450b14803d1

SHA256
607e36ed0cbc422407abac427a64f7dae4f4a46f266d9ca01b9b15bc6f01aee0

SHA512
8e95b53ca56ec2780fbb80de75500356bbbe2d925bd7e9b6c48d4ac506d1ef1a9cb846c9d842b0bf2c070f7bc0673c3cefbf209a06cdcc35030bae67c8709393

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
8d316bce9334f6b98a94a202c3ef2e79

SHA1
d4764c7ca55246b57e5ee090b42cd96b7dd4486d

SHA256
9da5125a95584d1dab7494932f9130799976891216b45b0338938ff981449b6a

SHA512
2950a3777c484e3bcd72a0748a569c8f4c7d2e98c95a9f4f7fb01d7a6d506e9dd8d62a4f215838f07121048d659d505eeb9fe7d92d2adb07b986773e823a49e3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
b8e60a7a781326361375fb13387e7304

SHA1
8e026d51541bc90def9a59d79aab3b9c22ae7683

SHA256
76e9171fbdc481c2450a51715b1562439d10c603126b37f494ec7cbb70b646e6

SHA512
9dd70567c30b4070d26c8a0ba4b97d6602d7fc4194d173b82e32a4094a84ac5d73a3b3f6069d9f6027465d108ea1e2be24440d67b42e4d81e58cc4df00fb3490

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
5b24239d44a1a386efb67c3ee2c30f84

SHA1
ec4fc93bced889b72cba7733fa8076bbb2802cbd

SHA256
6c4edccde0d76fdc607019866bebd6240aab7eb45e84d413678acdb5a031a2ea

SHA512
a51e2202f4a2dc955ab974f2f775fe71a1af5968b180c7d89ec7a8804c05889519403a653244f546d57846f45421fb85324d4305bd544c881b3da790dace12c1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll

Filesize
11KB

MD5
e999bd60bd59552e22c0911e452df75d

SHA1
32d31668eefc53aa874475fc9b1a22e8b42bbc3e

SHA256
f5360e734c077dbd291b57ab7221b96100376fb9f86b7b9278ae1de8ba704444

SHA512
1f1d8ee5396efa1177c2526366f66a17f07b5693b294959792451fdb674ad883f57d9826ebb89509e0bd4783b9109905d5919069cb5f52434e363c4ebba74b7f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
36ad902b76e020bd91b6cd4cb40a4b52

SHA1
d918541e4c7d6ae7093af4d16c6162f49a95fb90

SHA256
8ec6d3490d2620eb2a97658e4defd08b4d641028f96c52fbde4839496129fbf7

SHA512
a1d1bba88910ddfabf2020546a26f4b3b52090826cafa6a16e37a86257d34d4fb06cd7732ebf040a64421b49c166a2f2512781ebf7d8855a02025f6f6d3fa857

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
d65314d4c8c40c155efd6a661cdb0f86

SHA1
d88c54fd057163e8d16ba913a7b6fb8062dd12e8

SHA256
27d550c50ec06dbaa9957b2065745066cacfd555616f8cc44b8a0d59b6cb0192

SHA512
b445afcd81322615c1930aa2e18fc4093e15e24dbd3e0c3d4cfeb76b22a9d0e4581259961b5614af654cd2c01732a1148cc4765c2f3756aa2d7acfadf96e595f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
847e2a7b39bede907041b6a12346605f

SHA1
d1f4152bdc889f35d154023dc079f9f22b90c8b2

SHA256
de2d9200ff6d6d6d5fb55491764f6806a3232f91735efa02efad639b382a495e

SHA512
daaa2b80ffe1c470aad9b94aad262d5cc493be63737f333cc42dbf6d93238a4527a32e9d4feef09d32a5152550ed927deb6d6c15c9f03767765ef9095c5d3a9b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
be6167c55926f8677bd3d534747daf59

SHA1
4d5badc373b2ae93454362c626a4cc603fced712

SHA256
4383510e07878111d043201d52098148359ceed1d77aad16e63e9fed058940bb

SHA512
540f82bab87e60e1fd40e7b0f10bca0f360733152923a0579ef327dc751ce12ab43c3d3b40d4c28b5942b8b1a4b006a9274faf351a2b59d589506fd5a7b8e5d1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
a73360f1ff11e75bb8b48717bf1e7a78

SHA1
470e9ad76d6f6d7c9070d7b297adf51764e9b8e2

SHA256
a75d1e1863fe9b8eacd934578e0c8955dc08acfa6ba6c6635b5797a1dbacf9e2

SHA512
b27158f125609fa3c72e492ceb88dabbbabd6fdfc62c160f19c4626a00640ab39f860930517c9e501d9a68a5c4ebf23212a0134a2592d039e9ad3248aacd55bc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
a057271935a93fd069a006745ebe5efa

SHA1
a782040315604ca780042d6647ceb9793df7e12d

SHA256
f4392482e0321711823fb7d5ea238cc442f26143471fcdce883acce929a1e714

SHA512
7b0e2c24edb5be7cc7bbd8ca543d995a2fa9ca417485619491a138aed484ccf82bf042f0c772192a6fbaa47bcbddbee9c23485fa9a592d43fc4409bd37973692

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
c024fd69f3fa7da289f8aff106d75317

SHA1
39a5aea3cb90965bf8de9a82891ddde811133add

SHA256
a0cef1cbfadbe9224ab55657ef554186167869176add7ac654b895808e014751

SHA512
3186820590e0d6e115bff5ba4528500d21a85e03c3ae29177d9a3d21d486b32e6bc06c13d90ead7976b381b5e2f68bc75fa1e24163d424f2d1e21ac2ef361f3b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
72e1f3455ffb0b6122206db015c5cccc

SHA1
0f986f1dcd7b3b86fcec561b6acbaf70dc8719bc

SHA256
e50c10794325a02939bc4e51c9064af31ec1fe2ec3f4582955bbbd002e08c6b4

SHA512
f29b96a241f71fb7a9851878cc960dc2184030d0cfb9de77a2f8055c68ef9d82f682bff2fd059bbe1d80042acb4ecfa0e827d634482f4d34854f5c1c3f779eb6

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll

Filesize
71KB

MD5
13cde24d0274daa5b3bfa2cc70c49924

SHA1
70afedf33e8f89fd6effd8bacd0c51868c99e34a

SHA256
e4ac8cd7955e6b9cb3357876772c0ad2d2d0ec377685c17f1c7aeb3c95ab8f44

SHA512
42fa682a227a445e1c41fb6ae72300d80b0ba4b095d8ae93751304c5614ec4f11aca4b943f222e99ab1149c058329cc1e1e49513bf59309ee2781881fc2a39be

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
f4126f24553d01113c391ec785efa2d1

SHA1
efb4e0f086f5aeb492093dee4a4a8ee99af7f823

SHA256
d3193ea6d06d9d19400729d8cd3c6676ac8f247c7f44a78b1e888f71e1195ab7

SHA512
c8c1ee87351b533b6e036bd8b70eb069854d1bad25e62845467ba2943ca83cc85cea6cb9c160a51c0e3f8b7c0fbfe0b3da6e35742537dcd6f7a6f989e804bf29

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
7d5d6cc97472514af66d4c85498927c5

SHA1
6619e1b0f3f4048f639b3cb882b87d595fec7125

SHA256
b7744d71d5628a1c04e96e288ac77844c3d60845c3ad4d3742b85953d2c7fe83

SHA512
63f592c3b8944665d8b7034007d3a01e174f87e4bf8e38e82aa6b5ea18b9ae6156c98c47275f15830ca7c4f7422bd2fb937e41146725be50a8c7cc99d7dd4d09

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
8cb2241ebce3eb0df4020d49bdb0686b

SHA1
ee91bc78053ff3920138f07589154d240ab6dc15

SHA256
1dfb021b8b9a5ed71f9e9499864aefd8ee7e933d74764e2fc8a07e3e4f34b341

SHA512
b7794560ef5cf1c5eca0fbe97a2991dca6a1c47d82f3a7407c23d81d8cfe4b09f7493f9a989e3a23d80990336e37182e7938cc151a1f322c1b7d6adde3d98b15

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
fee1c4a3111539541847a1321d0e1f32

SHA1
395d94f2841e0c58760431721d9dabc525dee2ae

SHA256
f018314d3558348c16e70f49ac539297364fa8dc9d9ff7867b8327f896694657

SHA512
6d334a57d92bf854bd78894aa6f2b51ea81ac5a6e62de2261aeb2ca9eab97c5389d5319055f29bb557ef806cf3fe629394c3d15f33411beebe3a5d32e27c709a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll.EnCiPhErEd

Filesize
20KB

MD5
bdeb05bed38dc48141c2330ca68c6f42

SHA1
7c6ff762d060c4b53ddd9789cec0915e3ec2ec50

SHA256
90b70b7ea7efd9861cfe0bc29483d35185c215961f3215dcc381d07599c7b1d6

SHA512
3208c1130639c979fc365d759695c8b9c7d3ef87a6be41df19103d906a0fc2595c8df574f49b4105437a6304e98115375d80104389edae89a6331ec444258fa3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
06e66c78ea3dc46a0bc4a2cbc4fa6b0e

SHA1
f018deab5e994ed1dea335060bce297553959f28

SHA256
ff5167613fe6d1664be1b3a88c09e285293fec805810bd5bc57fd9738a518ce7

SHA512
551a02e8e3f1aeff147c9861a5404656cd7cf2b47149d1098465010c0b66574aa8c72fb323dd9412a1ec9498dbd93ea1fea74af328d97b58a0aab57ed8c4b5c1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll

Filesize
244KB

MD5
4a0c0ed6f2cea7d57835d176f86c99c3

SHA1
f5adf5b2b568e47ac44067aa4b4591282de67423

SHA256
41ab4fa55350245dd95f8045dc343f43c6ccba266bfcac7f8057657991e8d53e

SHA512
e739d4768e57d1de1c7fc761d3dcc6dbaf0495d37105036ffb7f0493d177beadee31dd9b9b4dba9fa0d0ca50548525859ad21aba9fe9db19ebe482a6f3d6127b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll

Filesize
4.8MB

MD5
e2216cae49a9b36cbbf5cf17c369ad35

SHA1
5fd21653ba4e5cd8fece0de3ffe0f12312e0c5ec

SHA256
bd39a247cc7efb1ae6997f2096abe52bf9ce64c67599ac27b75ff93c99d780a0

SHA512
720e29dc7f62518874a34f4b50276ca2e858d3af4249eae54eca9993a352326cbd1501b3c2056777f0f870a637e71fe3b6f72fae21e50525df3434820659cbd4

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll

Filesize
444KB

MD5
ada04de42aab88cd6596f64a00ead455

SHA1
4952f003d5364bc864af800e6f56c3444c4a4e52

SHA256
1c5f5731367aa685020cfe33d25064d85356236fd5a1cb78d40aa829714d0250

SHA512
ef78a0e7e1378e852d51eaf9f3bc90eb1cd6e2fb0ca552447562bdef3c55a8e36502326912360ae862f39588fc14465cc00c8550e97749aeee91d779a9fa3231

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll

Filesize
439KB

MD5
b5f81a6b2f0f92e92258a77f227faf2a

SHA1
e28b76c50c7d21cbd7789c26a6bf012058cb77d2

SHA256
f29e18efe9a976af3bf7fa9940f0641392279fd9e268986b17e452bea2f06ca7

SHA512
6593308235f6d66f6691993125a215d150f5eaa05d817512fa78811ea83110733022439d6aa42763e7b8e31d123f7bdcaf795a691f72b827e3457a254457c2ff

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll

Filesize
946KB

MD5
61c039c13d547928d5791fa71b5e7317

SHA1
272aef9cfe52853871c326a937d44d649c027d33

SHA256
4c318f9bfaba2ea87717b384f30f5e10117ea1be8ddc9bff508d8c54d699759f

SHA512
6279ab2cf86caac074fc9b0b580a57fc667f34082997cdc24db1eee525ebbe526953f5bb8c7f970093ea456550119735bef18df5eaa291a8638606c19ea6e338

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll

Filesize
879KB

MD5
07c00c8c880ef55df0765af0048029c6

SHA1
8277b62f651fdee2a9620ee9cd0ebffe00ce029b

SHA256
09068be191d0237ac2a5f0cdb6a7aeecb86e0850b0f5135de32152bab319d2fc

SHA512
4751862caddc0837f1660d49074859c8baf57f2ecc6f5490f0b658d018c16cdb1657adad6f44b853ecce4cef40dea5739a985f3b5fe1718dfa5b4e7aaaf0216f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll

Filesize
263KB

MD5
38aed41352d6164d620941bac96507ea

SHA1
0b9bd332e6e9a4503a63353cf3e1816a2834b671

SHA256
e6a4643998883d0008b6b5efa3d42545aed9f36ec57604071e747b51dcd21a08

SHA512
e70cabcde3882ff0f2a944562dd92438d39ba39a64ee6f04c66b673740e5a7c1052c5ca2f2c619d5842e9f92f6d2b8189476fefa5ca68a0cf93b20d754d5f6b5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll

Filesize
78KB

MD5
a94f71c8490d3f33d323c9f75374022a

SHA1
e382cf79d2321fe064bbd1f864ed2705dae3a903

SHA256
ab748eb8f2ff7ccf7a2f658de00c6fec88ee154154a66dfcbcff7f5d3d6f5355

SHA512
eeaf2ad26002541ef0a09f84a3fb14555f6ad07390e34c159bfef32ff80b1b634c4e05d02b0034e9ada5131282223ea18ed76136711d63d8a1d41ce70ccd80c0

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
a2798bd8ab784d4fb77900ecca9324cb

SHA1
ba71774cc294afa71bdafa4a10b925d354b89865

SHA256
f3312f1288077dcfe2636911f7760f0f12de30561b8ab054958ecb37ae3ceb9e

SHA512
3623037413c2bbaf44819582be9db69da2e69103d801712083ea5bb07181f38a01858a94bc50f0b3bb03aa829b8742a4edf91cdce83236b138c95d4b66177f2a

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll

Filesize
1.8MB

MD5
d1c2582c5b670a9a92889c4ee11e9261

SHA1
f0571fe5d4b7ea171e9834b11cbd7f897fa0f5ed

SHA256
c50e2923a29cfaae3d2289d148adf2b02dfbc60a095c116026bec82149f4736e

SHA512
ffe623798fe12a087fd7697907824ad1ac4826e2cb333de99f157176d722581ddcfbdc7d0c712f5db8f9f9196a73377ef3092dcb067b589eae68141bb94a590e

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
fcf9fbe6a2e354f96989b2c9d9638103

SHA1
ad5ce46dde2baf8f7f8447948daaafcd0b0c6a81

SHA256
c16172733195f6fb05c4ed5dd6d92095f577603ee5151b1ef6d1b14c0d7008cb

SHA512
683240110f6e9156cd62fcabdf1c4d945ae25d7d1cb901b114b91063b1b616b73691d7c6590ddc348d1cfb84241c1cf863287633f518781270e50cc03628856d

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll

Filesize
116KB

MD5
9a2015825367a8993aec62a4d9001389

SHA1
d13743ce2c6aa63b80c6c064188dcdfd4cec2ad9

SHA256
0c6f8cff7992a38c3ec97360364a8881d8cf1e973489eadeafc53f2b7646ed62

SHA512
65bdcb718586cd6580093701ca9d0fb95bfb36e6b35fec38cd8b916ce4d7c8c9910305d6dd13818173fd2b8f36a6d3d9dc9b1e7c45fa0f943a76c83fcd38a121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini

Filesize
174B

MD5
308d9b6313f861c6c352e1e43599de16

SHA1
f5572312346b9b7355f42a86cde3615165a30fff

SHA256
1ede0d9cbcb771a2a14817652bf92c5c4ecc6a4829745c377640a741057fac24

SHA512
e8a86c337533b131f94b6a69daad8d11f1756542dd2ecbeb3ae4ac383b8ee031cfc589c6ba042193174154373e42641282d8b0a2423b37044695ab731faa871b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

Filesize
170B

MD5
5c2ce56c9a019c5fb19d1983d441b685

SHA1
e02ea08e3a1e33e4feb768b1d2b11e41f9029a5a

SHA256
6faf0d139612d218aa0c7f6bf373f5454d813601307ff0c63cf38c9d41053355

SHA512
22d79ea3277410537f4ef1e3a59fb0eccf0eead83199e6dcbe1845a225c61dc8f9bf8414f978d6e67a03edb9d227c0199178e72d0cd51a9b39cbe24e1f81e858

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
45e2abc360782ced48eea8b62a30be3a

SHA1
657fac630576be8e8f650e87ebd2236fc2486996

SHA256
5e6bda4bc7960ece9e8fd4919660157ff378e3737e0b870391f4fcbfe22cb945

SHA512
7beafe0aab6c3222d306a2b3a3ee60dc5999ebb22e1b5bd4a040a1bccb7a707ef24603cc2b03b3af97869883a0f0110275f6d7f56de092d839c3811e78135efb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c10b203185d3d877fcb9faa8f419802f

SHA1
f12b6bcdb4a8065ca5e79bd4d14291d226aed41e

SHA256
e963043e9eb7b1afeb2237c6b3bfdb4d5873e83b2347f70829a3d3315986d3ac

SHA512
5961dd250ad06e4f94478ac83fad70c18c0502414b67f0a67c8af7aef0e873a32ed2901d5251106a6ba4da629091a41ee8901947fda7db51df4d1a19298ef37d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f1a36b96bd8dc02ea5eba5f3a921dac7

SHA1
fbbd7b4dd1653a5945a085aea9d19b7d47e5d170

SHA256
af4eb0838f8733b358690731d6cf6f2bb66c340412f0fea56f10701730600e41

SHA512
90552cb4e4641ef19316ef9ee22b7c4e408291fb9d7f0b8578d546b50fd16049357e66fd3996d7fc58aa9ea8edd4391df3c847338b11b28678fb88cfaa4d9260

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
341f43517ca1dc51d7ba2beff90158e7

SHA1
e0656670912d4e0d99a297fbcc724c2758a1bb2f

SHA256
2529e54fa0b98f371d0d8a6b6210f083a553bf9a3799d243999c8d24ee288182

SHA512
59721c1048d0d05eee72c0c75f49ecd665920a537fb8ca240cf3b60be55f098d78058694098194feab2805da3e6604f33ee8e5dfb0f6c595b6e6409d1958c86f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
77369e1766f6957643e096ee45cf62b6

SHA1
699eed19afa12e1dfdcc0c192a919432c33c98eb

SHA256
bafeb5d2d044666bd4f38651fc63beb7f18b85421035cde801b65b307a002746

SHA512
5eff613fe6be60261f63698a0f23df03b44aa3760f679f4bd5beca4141a2fcaac05c2a9962d188b445e91f0e4a5168ceee029b984c32d437cec073efbd851eb9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows Sidebar\settings.ini

Filesize
80B

MD5
2539a44974a9c63acd1850e02d28c502

SHA1
2393e05e619abaec5535b9e03c09b4f887de7f5b

SHA256
222e75b5486d3fe0297b8c08b25f2ba4666c6a4e7baee2c15dd1626d2cfa88bf

SHA512
5a87f2ec642659a064fef41a739fb4fbf0d374fb85a66261f089a33e2e1b1d0bb197c7e838ec7b4154e89d39895459ce6f04bdc6ac819eb01d32b9e57cecaca0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini

Filesize
75B

MD5
73bcefed1c400fa5a27116b8a4275fc2

SHA1
ab68e2cbb1b5740961b4d663f8bce4370eb5d3e1

SHA256
d3e8b290bbbaf02b2f293f847009a65ca8f552c3bde4be533cee424e206d96fe

SHA512
8eca3fcb22131c6c58d93678e026dc00dcdc53766da56d9eb8bcc3713b0c460054fb6f7c022c694f16fadc82ac411559ebb99c8d167d90b20f723b2f700cfe08

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini

Filesize
325B

MD5
b3f09ab18937eac75b6416994baaa311

SHA1
e0135501f6f995cfcfc0e7431d1105ff36a452ff

SHA256
230882480b18ba59c6601c1d9b65f638564efb82e36191df41db537762f6ce7a

SHA512
b26baa1611c94d6fa202e15b0e81a8460650100a4ac792aa2441de9a08d41f7bff71d782f4e655ba868e7d10c81813ac4bff4276c5988816935ac526eab3be72

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini

Filesize
941B

MD5
6ee575eb9a1d485b2b5b3a7843528d85

SHA1
d085222645ce8bf98baa6c655eaf03b386911ef6

SHA256
9a7f81eace5c0df79ed302821f8ab0ffae836521618f9904da3f818d3c9b586d

SHA512
becd6984dede2ee731d5caf9147927b35fe42d533b3b9a09806ec8ab6011a321b09609419bd435dba0d37ad867dfcd6c6216a99db6ae1eec9ce4728b78771fc2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

Filesize
148B

MD5
fc8784160fad84aca8c91b72e021f8a9

SHA1
ece0374000880bc115be7064ea0cac9871556185

SHA256
937b5f936ed63f131786bffa59cabb60b1b13ff3052a5eec8940c91a385b72d9

SHA512
01766886a24886e8faf9241059408d3c4de41e80610c70113a2639f155346b617cc03ddb27724aa3a9738916c68f71dc8a1af60a9f8d8d67e7136cd9282a295f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini

Filesize
568B

MD5
0a2bbc8b8e6451c78b636243878febe6

SHA1
188282a85c946e4f3ec2cd62c4599752083ac1d9

SHA256
922e14c3b036fb40170809c9e5bed8a59555679f0023d32b6b35c631881e1ffa

SHA512
ea4d6175d671b19a41f2d440fcae66e0a75b261ab18276e09f2c911cef13de6751c2f216eaaab399b8e32e4cd1f695410cf8433d0cf861a9e754d504c23ef026

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini

Filesize
934B

MD5
beaa65fcd6715c1d4c9cba32f81bb60b

SHA1
1e0f59ed08378db0142ee98bb7c62a64ee80c667

SHA256
8afa83a4bd89a94bd4e83e516539e880e177fdae52c0bf0b6324a52fed87ad7d

SHA512
e7b9b717c9764a96c26700b4d976fcde4b558b68f290a6bed3c12f9bb03bb0ee18a6d391720581cacfc0e639893d8479a7883caa7837b95ec728b30507d9410d

Download Submit
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini

Filesize
558B

MD5
1c7a13d98b83bf6b1b80c79a3d614ce3

SHA1
01972681324b10109389e4b4432436a3f312188a

SHA256
52a755409ac7c107037d6b6afb3795ed010631278250524559b5f3686a40bec1

SHA512
88c2122dbb6519fe809d41f6f829a52be69b7b76b678b00317ee4068800db208761b0c6c230be93e4454da86e78e2ac7d13a9d9098e244e435541162695959b6

Download Submit
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini

Filesize
218B

MD5
1dfd06efb4f81614b85c4d18d41a7b2c

SHA1
613957d86f9b828adaf2d4a58cdd14d724a2ea1a

SHA256
1079d0832b79f8d307988be6e575e8a5f069da769e4d5cd32bc2c2356b396d9d

SHA512
962f7cfc40511f7bcc8af161bf6f9f1cab6677b2d7742f962d7f6084e731ad7b9b0367d679b80f216ad78015230d7c436e816e01aa535fa7cdbfc009a3fcf4d2

Download Submit
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

Filesize
47B

MD5
c31d3d5dd316d6eea4650cca2fbdb4e9

SHA1
e474665ac790ab1806b05559ac89796cd4e73b72

SHA256
11a1640f2c27d1e87f6c3dde858bb021ab9cd1e413c877a6cbd6585142295074

SHA512
441cd0bd66468876f4cacc200dbe29ad512438d9dfd528d7f5924cda85296d6dbed7295b7ea32562e79f20b9c9f300fac0161159511ddc8e332bf50f670cdae4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
89c77d48b86f80cd65f5e133cd615b69

SHA1
0a51b428b8edc6ff6bd316dd05d198da20555790

SHA256
3bd1464c7eb4916fc852c9890dfd09397b26430065292d584f610bdbffcbb8dd

SHA512
8138cc423ef8c97285d531b9b773c1b3f19d7e4a010b57cfcc0e80543377f97b2ab07100a9a9105ac887b8f898534fb027193422aaa1decea617ca55d03736f4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
dfdd90ca6103f4e7cd54959e94ea4509

SHA1
0ce1d3294573fedee2f44fb028f27b6d10a8b50d

SHA256
1e7694ba2b9aa4faf3d035874ca4b8653f3c5e5de2d5d45f08ba9e62a34fd932

SHA512
f2280a23763054340f205aff9ab970e5c48f1752c7cd73d2a5b90701e7efadf70727a621f04b07eebd2166241a7bdf315c5a2ad8b84a8dd8b353f647756fd677

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c4437a010ee313b39d94edf0c84da0e5

SHA1
6de8999fcfde838f9c91f329adb43e15f00f80ba

SHA256
2d93017b2f2f37f0bf81793efa713ff16f858543fc6fe7ca8b8b2b2c64ef1678

SHA512
55665fbe63b161503366cb93cb4f3e8d7e97d76054668761ed2f7d0450950e4deec65c69e72b295a69fea7adcad0f94823f437313e56e3ca8257edac05d27f6a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
562b634a5cf97b8b21a1e11b94da6c82

SHA1
8215291be7f60dee11d46a70cce074febfab6dbf

SHA256
b309af849ec98f26dd0a7dda86c645b0d0b5bec44aec487a7ac7561b6f9f978f

SHA512
84bc59d983de4eefc8017e544b0f3f8f1d0cfff7a7d0ea7223fb7ac8907950ec93dfd51ad58621604a66237b6d8b27994bd19b08d408d51f4db8557626411e94

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads