xorist | e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/12/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Size

39KB
MD5

e961e8fcc5e0debd6193b1a5b1b2fc2f
SHA1

a73623343f6a6fbbbdc143d27ceb8f5a748aa621
SHA256

e08793edeeff4a558f72ff3601c50b9660c3673da5db473d7fa6c33f1d4327af
SHA512

80d975a31e5e4386d0474054346d45758a7f4a242d2cd358836c2663411b55377be889d42a8d8963f85a64332f490a2b354c4b66d513c3ea335d51329cf359ef
SSDEEP

384:5ebFNw4Pk1itKkpAjjalreewqYvjS3kDCgSJZU/UMB:50FmBkpKjkY7fDC5ZOB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/1324-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1324-5672-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1324-11305-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2178) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scunknown.inf_amd64_90993a57907d9959\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1324-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1324-5672-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1324-11305-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentDialogDesktop_456x100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\27.jpg	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-white.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-125.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-200.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-125.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Logo.scale-125_contrast-black.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-80.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_altform-unplated_contrast-white.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\HelpThumbnail.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-200.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected]	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-300.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-20_altform-unplated.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-dark\Settings.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-300.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-32.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-100.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-200.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40_altform-unplated.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-125.HCWhite.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-200.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_connect.targetsize-48.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\7.jpg	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdpusersvc_31bf3856ad364e35_10.0.19041.153_none_4259cda9b25455c9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..erver-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_453e8a3a82e13d28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ntosext_31bf3856ad364e35_10.0.19041.1_none_89e4438cceba3f44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fdeploy.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fcb0687ecd315eb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1202_none_c4b5deacb4dec365\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.19041.1151_none_0f2f3a9cb1826509\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..-gameratingssystems_31bf3856ad364e35_10.0.19041.1_none_ea2adcedc21c0730\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\InlineLoadingLight.png	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_10.0.19041.1_es-es_f01ae5dea51f1b01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.906_none_451f9f9f8c8636ec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-authext_31bf3856ad364e35_10.0.19041.746_none_ce8be68e52275b95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fax-common_31bf3856ad364e35_10.0.19041.906_none_f47de783e3b018e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.868_none_cb09f56af1e015a6\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_7ca8369e55dbb238\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3bfbc85ba6735f51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ctivities.resources_31bf3856ad364e35_10.0.19041.1_it-it_bcf00c050932b559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ccess-userdatautils_31bf3856ad364e35_10.0.19041.1081_none_53d3b598562c1dfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_b569cff30529aead\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.264_none_e841ff75928aefbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_10.0.19041.1023_none_3754bff128f552e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\http_403.htm	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_10.0.19041.746_none_76199c1c412ad571\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\selectedTab_rightCorner.gif	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..es-ntdsai.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_81b3c2a84cb4525a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidbth.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_82ad241d129b2b9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_10.0.19041.1_none_cd0389b654e71da2\Windows Battery Low.wav	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_08f6da56337b289b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_10.0.19041.1_none_bf08ab1728da2535\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_display.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_dc917dd93f391667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fde_31bf3856ad364e35_10.0.19041.746_none_86054642ba7a769e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1202_none_d454db0c78bb56d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c8_31bf3856ad364e35_10.0.19041.173_none_e9ff08f651307ad7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ent-platforminterop_31bf3856ad364e35_10.0.19041.746_none_fa9c05ef68273981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_eventviewer.resources_31bf3856ad364e35_10.0.19041.1_en-us_23fed3709cd0dc08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_90d6f8903f12a42e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b4d3eb876680b415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_presentationui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ea81084b9ffa469\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_it-it_30f6db964f3fb861\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_chargearbitration.inf_31bf3856ad364e35_10.0.19041.1_none_d564cdfecfd2a164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_product-onecore__mi..fp_hf.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8d8d263fcc27e538\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-themeservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4629a3a74f53937a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ee133a5c1016ec2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-extrac32.resources_31bf3856ad364e35_10.0.19041.1_en-us_c1450d96907b2656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ormid-wmi.resources_31bf3856ad364e35_10.0.19041.1_it-it_02935a2b9dcd114d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-br_a28372437bff6cf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-display-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_64484ef42f5c7384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-authmanager-component_31bf3856ad364e35_10.0.19041.789_none_2777a97bb9a05cd3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-application..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c923184ff021aa55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_44843612015b3d1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1202_none_64787bc082e26efd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_201d37ba16e6afac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.workflow.runtime.resources_31bf3856ad364e35_4.0.15805.0_de-de_142e0ace56b75463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1266_none_bf3c721eca7a986a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-applicationmodel_31bf3856ad364e35_10.0.19041.264_none_0a3bed24321d7187\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\IME\IMETC\HELP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ui-xaml-inkcontrols_31bf3856ad364e35_10.0.19041.1023_none_4d8202ac4e35281f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1_none_bf56a5e7532d9c79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..honeservice-desktop_31bf3856ad364e35_10.0.19041.264_none_065e4e85016cb205\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca4ad7571b666b43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\ = "CRYPTED!"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe,0"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GWFLJHONWDGKAMP"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GWFLJHONWDGKAMP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6XAXS8k77olARHV.exe"	e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e961e8fcc5e0debd6193b1a5b1b2fc2f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
9e0e3cfc5eea0dfda3df47e993267150

SHA1
4ae843d0bd92a257f7bedb85b477c876f700472b

SHA256
a82d88040ecef680c8891441b2ea48a7cb59a69e321c896014d7ddb864feb95c

SHA512
a936d5d2e037593cbfde4e1d3e6e5d4ce62c6199a733bb902abd754cb288c90124a06e22194e67a1f1669509287858d16254f966c9aa18b465af2824df1ad37a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
2ea03624bcb52c1ddbed2a388ed75c9d

SHA1
c5b0f8db1b4289b6f38cefc9087f335f0281d28b

SHA256
df9a1473a1472465375bd8a9961636b75951bc0c1056ae2fdc3a180b41139838

SHA512
7fec65708202324cb8daaf57847776f5990b37edd695d1f17c8f85e5506c28352f80c45748a915b1a27bb682629a2e3704bf836ea48fea3e5c0135a166c63c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
de3059c4be87da44e788a65e7ed2b555

SHA1
ba8d2957964acec2ac8f6461943ed0eed94688ef

SHA256
e527d0536d63b2f4b63d2e609e6b4fc68734f5b1ee58fd79a7a22408cd40d651

SHA512
d75d1f679fa0eaec8e531e58f041e9e47bc7fefad41eaa4069934f80a08a96df21a9ad4bb3fb91e57a09606aea9dfa244bbadb7867d744b1f6617a60ae93f8b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
40b56a557f8d0a817b71c066b9b6769b

SHA1
1ec5ecf00c824fabc1bb4879c37e5f80e2d793eb

SHA256
1c1b69f3000ec9546b0c50df9657d286cb1ad7942ba6662ea1273fa672e13b59

SHA512
a4c59a231b2c6872cea977a8e17f4c6f786c06f08410777f1c909af5d32a4414089d983249abcc6c5c74b631daf991ea37b57087266cc27da3c7e9f773474a23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
81fb30b5239e32ed27fa37c5c0e096b6

SHA1
b01b0fcef1967585c6c2af4faad67df0bb756b1e

SHA256
d2394ebe49e3dbbaf9a0747771f5c8edbcb53cf94bf4d1aa830241fcd9269671

SHA512
7fd60cc74a7300a68b6056df05178e35c7a87089a7f24b93d8d74176a9a7695d6af5a6b338843bed43a1ff95a19b54e448e89a1ab3633b4e997ef7083398e9f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
efe9d029d623176d4b407004b3719125

SHA1
72549448cd5f1ee2728bc497f95886ca887963b4

SHA256
bc094481cb795738e8eb54b8eb109e54c0b7cd90f9a4c58cbf5f2bd384ab5f71

SHA512
9791d4a49a1687733c8fb3f836fe04242087b404125c33f0b8588cfbbab29a14c11392ef13706497282fb750d23ff443a2f56b631992465b440202b20da49975

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
6cec48d7d00d9b1e609de5e54a3f8d9c

SHA1
354934aba127b8c474ae5e707fd2b517347b5254

SHA256
abba9bf27f84cb94095057d8d3268dd86131e987c46dcdd082dbd6ee1c1aba34

SHA512
940d8e87c1f66bb2ff2cf8b2bd49a156418a6f51458188d7195a80dbc364b3a07ed538c78808fef9de0e3c8d6b30bee36156f7810ae08cb8e87582b3c8986a3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
3f8354e4d51c45f63ec54d4e74a0c7ec

SHA1
372cade9869c46ff2a45cd371a47cbdb43b401a9

SHA256
2133eed74a7f102f841aa27ce60f1ca7720aa1af452fbe8ccd3c0a96066ec5a8

SHA512
e6a65c39e8c59343f8d2174816432108b5e5149c044e5fcbcd0d216f112bd8397761004224fa9c0ca2d973efc03cbb177edc573d700c36bda9d150de72779a10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
b875d52bbaad67f4ff30029052c76e98

SHA1
4516a9e853703b6d1b8bd7826107e71579b527cc

SHA256
0a51bb82eaf8283740695b8480fd36a773fe86f5b91ea5e43f44218b2936f84a

SHA512
a012cb1750e728386ec249b49c8be592bfcf7034b368990c3438d5c9c8bd32cf0c43a704468d65a0a6a339838e79a889b5e391738f3ba2e63505a797208ddfab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
0c08092d2fa790ebc2c34adbfb7ef5be

SHA1
a63b0602f88f651f8760efc90b3fb732687a3093

SHA256
439d12d14d04b77a507a55f402026a7dbf8f1bedd13d0bb455f32e6427e6376a

SHA512
a0fb716bc804846d22ea33b360f1ff9eb97d3f62db10b769642a630b52e0f110d45ef93c3132645b21503e47e72e9c5b9726b0e2e7ecddbe9125e88239f275e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
f2548a338ea8b5c6f2a77a19a5623771

SHA1
2dde1592a488995465d7007faaeea61c672f1bc8

SHA256
bb62cfaae916504a8c84f99bd59ba96443004c853ebe8044f4bbd9c6a07e9e0e

SHA512
b7cd461464dae679bf84c7ed6f7dea68c8f65693bb397dc0f3e447297e64b913a1812e10601d277312f16cc71a76a6e0336d9fbdcaef36c92e19540486da1d9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
4ff3624fa3664163ba796316a1f51883

SHA1
8d40a47ca1fb97cb325b78c2ff8f4504b84aaaa3

SHA256
9d305d5d8cc0f5cef6ee13748eee11acbb1a7fc11e898df39e90906ee1e4eab2

SHA512
c1970b4066bfb818451870323c2f09d1e0b29ba6fe1795c47aa76497feb44e66714235ab456326aae4e386683707309b9f799c965760281e031f0f7322e18c31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c4bd63087d8b9eeb8850f648b1ae81f8

SHA1
a274a52c7f5017ade032ddeaa09c3098a80ba910

SHA256
1cedb53f5bf87d2ec8429a0560ddde6cad33afdee69b63fff3d2bc67112d844b

SHA512
3c29760b6299791fe4c0b18c3db004b84ff489b59ff5b1f666de99cbe3618b12ba0c60d079fa5049d26ed86e1eed42ed84e5b01e35bbe4b209345c019b6fc083

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
cb230015bffc4f6a21dc3f875aec6c0c

SHA1
1dd6e20b785932d5f37d40924896ae0efb2681b3

SHA256
860d9910f36d038251c7545b766962f59d136371436e6f8b960565a38d888d26

SHA512
fb7aa37be75cfdd777bf79ef0ec92e1fe6746e37b48d1ee2b93c768171cf07421bb4b183a916211b2b869a2c9feb9554f898c82c845d4d07fa8499fdd2c1c55b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
4898d6e374409a36de89c42780c58b5e

SHA1
784b30db7a7412ea63f39469db76f44fe2cc92f4

SHA256
4fa0fb497cff8c22cf08807fe6de3536ba7e8ab51314c62e6d79efde6517ac84

SHA512
bfab39de58d3a4e9b6b1f6c9e439b83617bfc03ce0e8ea574f25198122202bcbf2a41b1ac4edfa38e1c838965c39def4a33920fa6104e14eb366a21dbec180ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
295b2626dbc45a9665862b2480824dbf

SHA1
95cad2e760c783dcae03893198915af91f745d89

SHA256
19f1534fc4c14db8b9ed0e94c10bf9840c6104d49898e83b0891ae16c3027d90

SHA512
0292a7b6607702a8e5e39cf64a0d3954badc19f17dbd14740fb36804820764af69717e88c35bede288fd4fd7eca221243d82f92614612cb548d5dfff57069737

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1f5d55dca3a19dfb2f181a4754be2e99

SHA1
7e79fd4217f6557b76b5c0e872f221029da3f473

SHA256
3b2f142dde2cad44f6cdac3a050ad0f1385277338eec6d187e05dcb7f8b7907c

SHA512
8ecf57e6decfca8f0fe2e89617dcc4a110cbc7c2099cae3490619eda578d20b3f4ae2def7d5ae7d072383c6f0241b46d6c0c8417c40f2f271f20092c1ab6429b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
2b17d0011081281cb0d2f000bcfdc9e4

SHA1
1c0d7429d5cc873f49e479866128f20f4d38acfc

SHA256
775205c0d76c9e9605ee99ad636175c623962ee5265d1f4a3a5bddb3c81f558c

SHA512
4769e6e8ee378ba26d710f397a96d8523c0d0f7df5e75b23f7c4ac5cf63e697e77f0636b809ece212acc7e445575fc45a59ae930d29052f07f400a00c1283345

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
cb8ff50849bd4a3bb0f2f350d05e573b

SHA1
c64897deefc27d8f73a17ed6393925327937f45b

SHA256
b33de921d9ee19eb0887da2e490b2cd28fed1a6d7dc2a7d412ca79d0fcba1f4c

SHA512
9ed9e214444693f2c52fc2530fac9e055947e54d637b23a18eb7f66b87bd3646e3f72ef08cf86e79faa02a8bb18e199e72c8a8b5955bf302bef9de136a7f6f64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
e20f293d993929388e931b0e3c4cbd88

SHA1
ea15244b1eedb01abf83c032fbfb9ff5ecdf9019

SHA256
299868c819d6fffaf87e7390f9ae619494d866338ba2ea0f89ea62fc3f2776d1

SHA512
d2312245073b8cd9b853968741d3e4fbf363af0b3b913b610f1a880324541670306f78c68e5c428901a4429fdea49d875b949a8a43b9e982daa6a42292169f76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
fe4d9a1e5a3c0c6bb619cc6413e2f43f

SHA1
d7c633425d7418ddb1bcb8ed8cc92c6b00dd2786

SHA256
757693ef2ab38bb7001e947977ac3fb09eb03810d6d0a20c78a891d7217394fe

SHA512
0a6ecfd2b7ea69af516e3006aaca97e7f23e7c99f373598bc082ae1c1a14336c4ee8d4bda37d3b0c5236f3ca85eff998a833f620afd4b3ca1ab15105aa7f2209

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1cbdc67237894517b06ff6ab25ad0255

SHA1
e4f7a93359c86b8f87a97fc3d23ca8a372014d3c

SHA256
ed6536e8b31c7edb92b224a3a09f5b641d9c88c49450ae35035154d6125f082d

SHA512
2d25121301d8bf0a663264407eecc299a00940186118278dcdd598383ad148a2eddc981e487383a454563e71fe5a393fc91735c4e2c8ad1c42a42b3c6bc0a193

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
50ead4f0a0a478a46bbdbe83076df066

SHA1
9cfbb567ad0c97b3670d648575b1e998c17c6f9e

SHA256
bf1ad5f1b201968b0872b29fefb9e482b4521f05234ddd8caf28d8765b99525d

SHA512
0d4b45ec5dc99c80a7f2df4464a26ec36e3306aa93abd53c3aa7f9371bf626678987b5216b454ada3c27663d5e0de988c8007469893d16e51e9e9d02b5c1c4be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
711a3aa0371efc1cf19eced89d546853

SHA1
511a3167c6baf0d7cdd727a328aef6d8555ff21e

SHA256
c5fbe967a52459c92bb56303b12648d994d12918f1da28d129999d969600b310

SHA512
c7b68392e9c6211a119937a4b7892ef7dac3f601856b39e493c57da0ddac2c1dffbd172a50c6820a89188667d5549a5ca7c1222833781908fbb2a45c21e9b286

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
980886a94776c926a880df1053932a81

SHA1
570405523b52d664ccdf436f47bbe29ba7c36dc3

SHA256
827d08f08f7c34313e40ce4c62bb9267257786dd11cf6ea9846e4e992e4b1b58

SHA512
26e06c20bd4813253b3ec705826a8a1b314175aac4ae00ae130bd8b7262cf609b4a57ab8175f1867453a00b24372956ad18a9ec1e031e8b214b64aa7ab2ef3fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
966710334669f9c0ecf84510bd420152

SHA1
7931fb75fce0d19ea3046adc97e274c083be576a

SHA256
2065e6185638c21e01b3ab4d18e0620c4dc951f9974d92a6a4004664c018bd17

SHA512
71a46831a26a513ceacf66574132085ff4787f41332ba781ae2d936d1514bd9c3b508d19566b30b2b539c4e8b900a4b9478fb967a11afb35ce1e47d9f764d80f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
a149385576e52343bb8601bf903c83b3

SHA1
3f9b6923c343199dd4b8d9b14b063b1d99d2a9cb

SHA256
03ac8b3c42cc2e4d7fd3e466ff0d73c310032353b9dd7416983a760f40c45a2a

SHA512
8b57ae77fd7405e7ef7dfee18813725c7b0d507c04ff012c2a8194dfc603496bbf4df8f756d98bfdac6b0140053a66efd2a2e47b3d5b3168156a30d44c3d29a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
fcb08bd93325a9a954cf84a51dc40bee

SHA1
0ba9f21de089cbe713f02d6c5c3259d6f386aabb

SHA256
4e223f5c029fc0adb26ef469e83721fc8f821a9c4211b3d08cf259fc0d8a12ff

SHA512
3df47d7b5b2d3d601f62cf3d3b094e7f071ed4ae110e4f1bb22594e454e44e98fce77a482329326e20718d14f4e0b5907899eb979576197c27621197dc63ac8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
e1d47119d0a2c2da00358466ca97002b

SHA1
e1f9b82c0c7afeb0981f89024d1a8f836b668439

SHA256
bdb055933965b4900d27ad8277ca117a3b06a394272107df88374092690b3739

SHA512
5fc1196d2cb129edd4b0e90547f30032bdede025534c5ecff7f4ae5931e563e64d72898be9728f522cf320834456df408d8be089500404c1046ea2a26d4ee786

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
621318f23f46aa84fc392bcd66d99bf1

SHA1
fcee64c0f12ac1a925e6b9ac0876e935d788c43b

SHA256
1d621c0a6ba6488e6530303b096e1c9c93eda549ed36f58028045d5e008fcf0e

SHA512
d0ab97a2fbb34aee543f4676eee402ddf09656626f6f03fe4c95457ed1efff096ad032135400d0491c974956dda2666f42974bd503135b3a35ea0440ae6aa322

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
4fd0275513a30fbee3efdb95de4b9da8

SHA1
155920486410f3b7857cb0e2df29209344a759ee

SHA256
8a234c0923e734792b7d4e533e3047d0654f0231f2ac8f88eb1c9896497f1b7b

SHA512
91d7eccb4c6fdca9f49930d80005a493c40d5273136350b0d6866d84e25b68d841f2aba3c7361f6cc7eb7d1d82476c8f3bdf3f956fbb8619e2a08a6b11488cb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b777c61a9ba5d3b58ae0c00b621e631f

SHA1
1fe60ef64b146bcbfe2e177e46ff57209a2df1ba

SHA256
e7cc32dcc476225234a41dd720789d8992f21050a4f8131220e07127770f641c

SHA512
4204ff976f18e7a05cfd51c4b443cfa849aa52e7dabf16235537ce9b9d8c77c406e27cfcc6356f49cb4e0e8bd070c5ba831eab33fdf3133e6aa37f937fb99986

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
34afdc178cd5d649baa2898c10242319

SHA1
bd12f8ef1530e484666b16fd795fe10eb37efcbe

SHA256
ae1411eb1377226c38e5828eceeaacfb5fd234105e82828866a043997f7078ac

SHA512
366e41ac94e139c989ca11056f583b8230c78eb8733844eb4822cb679bcc611cbfde85005ad5511574357903ae3021eb9404fc716dd8f4810f80a3415aee7aa2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
903f45d2cff93c59a0a3646a8168bf3f

SHA1
c8841c18005d276e3f494d877ed764068fc1fd9a

SHA256
19bf7c80e79c105b2a2cf75382361db9dff6cfc9ea64d5687e60c3f02c9c8d19

SHA512
f737e6e5136a0eea6f17aae113792e1806ce55201c2cdfb8f01939d07cb01b3fdc40d81692fa56e0d7767c66470a5513986e5791fd800b599e3e3505611a9f74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d5e1f18de2d5d3bc58f645293723b6d7

SHA1
34e7c70d87e3e3793cb58a99ad6e7a50a506f09b

SHA256
307b82a6eeddf59638fdb56cfb1e49b31492e6721cc6531198d965667bb01b27

SHA512
106b87bc802ec6c3cebdb9d61044035008c1e432cf59b52a763ff941be7d1b72f239fdb654fce3af6beda0a3f2e1cc734ae836fadd2c2acbe3069302cd2c6d5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3945eef83d31d148e0fd97821cad413a

SHA1
76b57b7c5eaba11cfff7825e4985874beba61104

SHA256
a5d5f69a0ac735f9553c5fd45418b3e93b4d640f1636688a44cd5074f668f4cc

SHA512
ae329e40e62e6c158068407bd51485dc16c079486f849c1b0987d74ef3a30bec94b30d274a886225a32e10e6753c726f28220363b469fe81831295483b906821

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
8e35561d3762140b2e00bae6a9d5fffc

SHA1
06d588352e89b04fca928282a5f65866f6d80cbf

SHA256
4f0e2edb94f2dd974f5dc2d9162a35998a71d60ebe17fa08bce101db98ae5945

SHA512
d33125a829e61d767b55649703f9ead3c257f2feadf4b2cae711dc06a29e6a628cf339fd7c84ed824304860df39f134a7032f85add218c6c83c456636a248702

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
0fd9c1ab951930a4d6d6c3d3a8953166

SHA1
6fb4823a055da71e272bfd26d98b541d82613f88

SHA256
c90669dc68076ed3dbd5aa6c07b3bbee9cce1034f615bf417941eedc21f18c16

SHA512
662978750d23bd961ae04c82200ac5d6976bf4b00e9b0eca4af75cf792f87aaa48e08130da7da5d097d9ccfd8a0c51afa16a2331fe9ac64609411b6755e7a369

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
f88492e36b3883d0259c4d5ccab6bc2b

SHA1
60f24fd1b969e034b9eb5477fc1f50233a5679a7

SHA256
8f6aa5abe9e5dd36bb4d91b5449898161cfdbb673b31efd880b980c03e4bb91b

SHA512
ceee5d62ef357cce14fbc3bc8fdec3337fff47a4339e959bfce9fe5d2f14f10d206d6e8a3fb29150a910566b80aa794209d7e4052db0c49b74a7d9661c1de926

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
75b4dc7617e35a66a482c14adca57f47

SHA1
4b7ad2bef787e041922a01638b251a8cf691ed2d

SHA256
577ee87d9fc8cd031b7af9c55c88f6d649437b91efe1d02a115d900f747ec647

SHA512
5a6ac2667b66f675244a6379ad467623ff1484c1a1fe1efe2f366353f0986af37cb7fc76c8ec0944998015030656d67c6e1a7e623a469df138e40f0f870c4b6d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
7db60733b50757de80abb8bf47f7ec32

SHA1
59f2f006e0506f983f15fc9c07512680fef0a9d1

SHA256
a3c45b01ae9418835593da02a6b322c9a1b6756fd9324798d98897136211ad24

SHA512
0c1e9afecfc1c7296799ab41d6084016bff35a68b47b0eb3db65b972f3d3a95732af9ee180382a9d1411eab6c9026f5328513627f9f23bb6a9831df7f0b6a80b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
b8dc30ceae940f73672c2fd032a3777d

SHA1
6bdc8739ca5ed84807a7db2a603d32c60b82c816

SHA256
7b101663e7646cf8a607c82cbfafb7d90317e866b411f02a3c0ecb152fbeeeb0

SHA512
5b571f013f734bdf358ba34a4632ecb6d5186de10640e71cc3a81b9bf6099970225c151db305bbf294405aeed2bbdbfb0a71ecad3a871b98faf24a3052a40782

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
5e94f5fb95327a2ad10aa3f859a89932

SHA1
b1f276147ebaa2b00b2f1c3933097b118bae187f

SHA256
5481b8c75f4118f227f84e37653eb0f18462635816c30bd2dde27f8f00db5432

SHA512
9846a683ed896e7164f5075cc3012ff3d66f6cae726da4e91aa85367814980546dc8646721ee56cebc51d3cbd82c24f82b95c529561b4119da04e052d9a0f342

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
123cd5f7bba8ae1426bf16ceb15b65d5

SHA1
2e6c49b31f460f86529714b900077769c29a8e6c

SHA256
74e7b956795221a90a0dfa57e3aac8820b0b2ba0ca238d1b8721361b85161afb

SHA512
27dc110334bb52c3dadb6fba4ac8ec59ff44a6ef6cf5a3494a98e05fcbe0004a49053e5fc3988bf08c062ccdcc053537fce01c4cabe9bef873734de277345272

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
4ba54383820631c61d0ea574d787d5aa

SHA1
dc7ea5101afd0dffcd7ee522ed1839c0ce5177d0

SHA256
184215065bf64721dea52d7b807237a48d55f083221bceeee2af0c7794be5134

SHA512
36d72c8cd58dfb94cfc066d961171d6cb3e0b8d90ac84b42b07ad4ca40098363ee6e4b439ab85a2c23a760f8e0558cfead2321a6be2a38a37c2edb3cbb3dd871

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
68dbf62307d5b216589e963daa609d5a

SHA1
99bbc81a1648862a56208051e50a13c30042d8e5

SHA256
33c7de74edd4d29c2bc264f1f3b0aa019d2ba36a2e6171c524b26c6b92c52277

SHA512
64dcc3c053c07eac3f652f40583dbed64d8c85f68cd913e3cb0a2f0e03d056b3f48701b1b5dad110baf56eb19854f49d25db4d426e91a62fd4990987af78b751

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
8d2394c53b91c19a5dd546e2a2c3dad2

SHA1
87cb73d6429baadb42f29629ca1c498d587b1366

SHA256
ea0391b95ba51d19bf0cfcfae9efca4d8278215187b7ac1214d6c495b53f3c0c

SHA512
4d6d4fe72278e400cebd4b1409a4d7365257ef7363033e4b00415eea73a6e26889ca09800a8cc6763e304a027aa7f4855f15f15ec6d4da9319e036a12cd21643

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
6a32b73d895d32ab7a42425e65eb0ba5

SHA1
98b3ed1264d82f8657e653cbeaae17c35d97a0a7

SHA256
17517390ec273db101416183b8e97bcf16f23b765c9d19816e6dd32c97942451

SHA512
386e2e2eeda99c25f9b4ab78f0790079b01429051d9d847490e940b34faee24abdf70fc1c5e8e9232de41a8c0302f59e14556edec9ea22153bd22ed16f303316

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
fd0cbe3dc11540725af1f856ca62f81e

SHA1
7776cda3f4d15c5f2c86f9698f2f37e4cd0fda26

SHA256
7c0a42995a77e7463823edebe68d5a9d3e97c82de8dbd3da3410f7fe9dea4cf6

SHA512
b6ff31d991fa5031814be6181c25f723a279b6c601c78972eb0cb14a84a5f065b08715c3665f12b9e45ceddcf9ea7f5106dc773dba52a98ad58134b8021521ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
c4eff88f53376bbf84e032a0dcd48d6b

SHA1
557f998eaab654a9c7c6c40965b82d6f747f3866

SHA256
cff878bed3b024453222532910be4bcd883163a0d8f537289ac81c0a8a1514be

SHA512
7fd09e2288d7f54ee764f854785099ed6bba76ecac3a87a44dd3d98f16097bdad0245852650bd4c3cb468afb2523ca6533f4db2470ed2e929db42f6ded2c3b74

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
38918a7ce7ac4fe4d38c3636919f224e

SHA1
3fd34ca8935ea29088a43ff0a67e7f7b4aa55bdd

SHA256
19dac0fbf7fcc6ad3f8e9931c460dbdef8241120d890c70b732c2ee73b779e58

SHA512
a047708ea76e7efebbfecbf2a775b7f0c0d799ac5f40cef68c0af7c5da3e6fa9ae94034ec53b1dc69f12bea94dc7f173e9cd50f47326520fc9060b619fcba8c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
5038d4dd62a21446aaea58731db81b2a

SHA1
26178e0839196431bae78cf6dd92725c80c37430

SHA256
7afeb15fdd9b33225b93520dd0a2d91ce137679216db91442aed1e89d7c5adfa

SHA512
9d332746d665b80c131e0651c11d9bd1b0e4cb51b9fe337157cba848a9716d2ac30111f1be1f23f2310f7f1a70b900b65e1a5fb3f53aaae65f613ca39954679f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
364911c9171b19083e0d7c037dbae8a8

SHA1
973677c14fbcc297a5da1b184e1fa77222001306

SHA256
88202608212229d5e81503c4cf440ce41a72173c6aefd037e42543a0f06eed86

SHA512
1169b5b6fd5ca0cbcecfb0c4e6bf4f0ea37e9afe7295d160595f0b239c48538c7806a13a57dc661eb907167b61bfeade8ef8daf63ac06832c7535c313968cf51

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
ae67a8beeff5dd7bb485cd0cf4abcc3f

SHA1
4481ca3aa0b148f327f34a758dbef3d30b01cab5

SHA256
1d11b160e25ea2a478bcd6623aef41c050589784aa227b4cec72c654b87a3fdf

SHA512
af480f0b3722043819e7830168e2f756daec1419cd2c72711bebab27ec1eb5c25c102079ee64ab688e265fb434a27c993cf14e39ecce5ddce4671285f9b5a48b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
b936a8f438df27d392587e7c2ebbf57b

SHA1
65728351648558a554f63198e443577142bd3f0e

SHA256
86963af298953118aca8ca999930435b0ff2989777fa02305a05157b036a3589

SHA512
080dc31310a55779e663b59158a73733bd0dc0c178de0bbd025b904d69a5c3b3c6dcf6c72762b5b922241dc5e672051e4ccf6b29504e7528b8f8930bee10a789

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
1718472b14a330c54a60532e93f65490

SHA1
def84f7d5e5972b972fc865e22ab9cbf9a707a65

SHA256
3fabbe6f0c99e93fb14f3920c2ba765d4d455fa6fc86236f639089f85b65d4be

SHA512
4da5d10fddd26c6396cb099272c85dff50915e4a88082144f9527f751be71befbf898dfc05029d15f5d1f23b981cc309af2cf388050d38f17bd59da9e360745d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
f751dc9ccb3393b3f76fdf8963235f9b

SHA1
51ba7af2e3ebf7335863a00a37958bfef9af2b23

SHA256
b174c898e15e47e991f8a8b4af334b07693f36e84008a5a8682506a3cff72360

SHA512
12bec479cff6f615edbdc1d6aa16bce64922a87679093d4fa8308a61daedda28a80ddd3e2ee1dc5c7fe67ba10357fcf468103c343f58f075c4808f4dc2158786

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
642ddd58f87bbf3098d154eeaa826400

SHA1
2941142c894f0a0081ecd6069f83bc264f3d2bc0

SHA256
9ec4b4f18c291d41564696496394dc5c8922dcee57346a8c7d8fc41eeeea29fa

SHA512
bfddcc492e95a8fea96ed461f59047a744f7052a2c2055082614fc26e6668d41db9800246041c8edae7c5d559d59272ce0e460aef5c4aabbf4830efea82d8351

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
5b5a96df67f858560bab2886c327249b

SHA1
aa27f3d81e33137c859b0ec5e580ade806369420

SHA256
2e55f53235230a4568bf1608d8c699d7dfb0c154c58eceb443a6ab82d4c29b89

SHA512
89931b0b2546d0d6e27a464753848e7411a6cc86406759ac6321de01e5576aadac7b26e34727cdc55d47b6bdd9d587e08a16fffbfbb9aa82b484dec7c84a5d8e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
f3aa6a6317e9830fe3c2715f0a50046c

SHA1
6df991575dd8cfa85315e37fbc2c8bd15827638c

SHA256
1e8ee2d41436c02aaf674f42cff88e31b26672e4f9e8029ef0fc7fb55567b1e1

SHA512
6abd2cc90f0e72dd16b289ca06fc5261c2d9f0b713f3876315e73134052f508377d33483b19f7c3fe27b81bad47095b406e6828e42e7a1b8044abc5664af064c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
da6599872f901276ef05c64d9f2fc60c

SHA1
95b91355429adee70499c8ca713403932806e34b

SHA256
3f9dce4a01a3b91b0c233e9f5dd7cffd0fe3d4b5d482e56b0411fa34cbe17dc0

SHA512
3d7328120fbf3e004c1b5bb7034a9dac0de700cc169205f056bc84070d858126fb3b1c12146d4af8f42be9769446a7e0e3cdeebd0dbedf3aec59acf26375e2d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
899674ee3eea7bc8b126f473acf94b50

SHA1
aba99a2c4d9bfc4842ed39e2aefaca9d98e69c22

SHA256
c7fe3946d157d9639410276358a5313596c55937fd1958d76d8815016c313b6d

SHA512
85ce32e52b163289009b2a1fc61fbc42de547c3e8832775bbe23f2815e049a79d4aebdd2a22059ae6ae5aa59fe78e387e1451a2afe557a19b51d2bbcb4dc353e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
9a73e6187f06c111dd7d5faed87c8823

SHA1
68f6f0e00e1603f61cc30b8f6c627d30ce67a949

SHA256
45629d9a2a669522822914412e5590c648dd1b7a16f3d714868691c80e172859

SHA512
b432e25321a01a1d1b50a2e45c5345d810fccc6b7db5098485e61cd9c59b3b157438574e32fee06aa32753afb9a05efb3d0a77e85709c0e3c571bff9a63431f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ab04113662da10a11f0f795cd3f56604

SHA1
170a19fab787ecf3514504ecc1c04dd3c7ece79e

SHA256
8419acb950c20a591345f0269deb0544d26ff30d9e11178ac3b91e5ca03536de

SHA512
d85178c6d4187bb3a306e745600e4b9b3fe1923daf34dc813d19db9f2496a832a3d09b3e534103c3452a2fbb7d21e494b593a5a164770ecab23cdf47646f817f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
a6e0d37e55687454cc3b8977c78a766f

SHA1
3e84a3ba6be7a9c9e7e0dbd92f65fa3e01e10f8a

SHA256
4d7f132ad30a3e70f9d95b8d61349c0736793aaeff28236152016c419746f5e2

SHA512
6d9d3efe3fd74e63e3f0fd1f998ff6e04350c817b0a2ea0f7ce3dccb38ea7f57587a3fed7a9b563ed0fd577cb087bb2920bf918eaea764e7f2598d455485b31a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
fed832eb442afb04aab022fc07a2cf8f

SHA1
fce8a56beadca1059d5bbe3aaed87a9dfdad264d

SHA256
6c537d9d3effba2cf3c85f00ccc593c5d64ffc8bb0e3d288ed7a8961c8fc4297

SHA512
2fb0f15a9e621d22376adcb5fa7d7e20b7bcf6a6e6e6dec1923c06ce4850124e61a7d96cef7b26d8816c1baf80b9e23c3a21347dcf53f6144e9e5b31905155a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
92a23259f5ddcac459da2114f8863359

SHA1
5e441eed1921802cd8549008d4466178dfea38ec

SHA256
085584f8285dfc896b843d57e88ab61cb734e6403c52aada60bd0ad7f78c9f27

SHA512
56614ee9cb03ba9d77b03c79093f857a8c32b29fbba30068613c75539db984481476653577cb86f75e1cd895f738befbf53e159b1a61897615735ad1a8f2733b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e58ca7315e9ff3962a48ca9c4a6d25b9

SHA1
8e4db20041b3729f55ecc9b357021dc0dc505a37

SHA256
9883123184fcce3197631dd3565d88207d132d0965cfba79ac220343722b530e

SHA512
6b4b3ea43c2cee427fbe99f95e7f595d6a05bab7327ba5c986dd3dcbbb8151590458bb6264a62a0d842f9d7e7350039f7af4c1684c76702d8ff3dae2cd016280

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
fac021277a01a8a921bc555f0804fb16

SHA1
7df596d19e84d83956936df484a37cd8c43b09fe

SHA256
3f98fc9b8e882a5928aa46bbc85d3f708584b6928305b46de8093d4dc78f6905

SHA512
27ae845ad4a68dcfb4a91234f4e47b7478cee5bb2225c52b7d03aa4db69203418567af906b2e0334f8149f503d3ce95f6f90e730c07038af50b2e9ab8e4d2c77

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
a635005da69b7395cc50054d2ff23c43

SHA1
33dc5ff0714b3d7905b1603ac53ccc9e1bbb0f0f

SHA256
7a83a083df2e8ee9f0846fd4ce25eceb2da3db156b172876d661d3b66d453c38

SHA512
b91ef2deddf28d2fd2600105f2b40673e153ed657183bbf37038b5d82bae58cbc058a6b038a85eb544bca19d8bc1fbc976d6d2c93250ccfdbb8ae1d2c00f97e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
5ed6d6acee4637a24916d71e4ed8c687

SHA1
3d90bb782280439500085d5801b0f45987bdc786

SHA256
fdda0c84a5444426bdc8580b14ddf13c376fad463aa63e0b19dc5b2d06ec7b18

SHA512
74da4f79c7effa561e34cfa451760cbe3e58e893e61574d90e75346897c5c26486b2c5c5d8f0ea79dc00b2e501eba9ccf7c31ad07a7c37a772852de974421bb1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
5fe0e1d5e2a07e735f3671918ce16e0c

SHA1
398041ddea8c59268b23f1216e3a25d3510ca781

SHA256
11c527fbf874725053476418edf89d5856964bdee3e998309b90009367ae3605

SHA512
a8a8e6cc2195e5f8d7ef3a7b86f6b8c79f72cc3c551abd9ca888948165359d7f7d14dd0999cf9e560eb9db54d724846466765dcc5b11dedbc1731a54ba57fd39

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
74421d8bbc84ec475274f27c8236d8b1

SHA1
a9e83a9a9329ab3884b47397dccfb26503bac0cf

SHA256
94d898f8289fa397dd83f1a5a1c5b37b2d6256529d1d8c406cf6fd1773df01db

SHA512
8ea4221202740f07be711ae34f33d540c43970746c59ea463da6f06fc7f8c4f2cbe3dd4629d0a6e9d3e7ad92601f3d685ddc43191fc9bc5f5a61f28766675a5a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
701ef2f478aff487b7ff1754976cc1d1

SHA1
a97f899061a18adaf5fdafff1b1bc2dcc8e5f8a6

SHA256
583eb6cb4e47e70c4ddc9ba015675661642129cb3ae4dee2b3c384d936cbd160

SHA512
5c33951ec1d4d4842f9fd160c88b0ea1ace5bf89b8c21a265fb409168567a7d48090783bb65c1c7e31ce6e6eb1963975df497d76a26fade13a91212d1c9c68a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
17ce64fe8837ea6b6903a56d971d47ca

SHA1
635ef2024bd52f7b098aa8e95a6ea17840f260e5

SHA256
6e54360130141a29a7198989d98dcc4a203ebd88b9e078406e0e8e3e2530ef20

SHA512
6b0f3cbd2647a788059f9b337448133e0170fe6651378f4495e08004b39f590e7f6166eed8fa71ac73a2bf9c8b03df37ee313e32a99069a73db88d6c4d1a17aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
b3d79c185639c15cf7ff9dbdd96b0255

SHA1
6cec07d45ad9a64070650b89a7f18ad3c61e7112

SHA256
bfe6f1d0e7d3d519a9cbd50921e27f62e65c1b08881d662146fdc36260260149

SHA512
b73ada9104d715435fb103dcb626f94980725ff6e5ba2c83b1b35dbdb3e54c5f551fb1e2d88909005fc7e1922b9565b984e9e64a309695831250fac944455535

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
ade6291f23685406612e783f3376dcc2

SHA1
6f32718edabdaa9f0f5590f73d17c792e28e8ca5

SHA256
576dff797832430e7017d43b937c3385634e156941ebcc7df5a2a0959743409f

SHA512
3bec3b179074783cdf0cb6ab846a4f63ca1ac181c1ffdeb3621935bba6e491dc5bd8bf7f49b67034e679eecaa24f7f49f6e45022791e0794b506d999321e5cca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
af540ef30ab91703185463efc84c1fc1

SHA1
e78fc236f1555d2390aaf589eb00ac160cce2edc

SHA256
fbf015dd95b183c829be993dcbdb9dc7ea63d68555e34622807b36e7d81f59ae

SHA512
dfe4c41460aed2f6da98f9df0ae1d4ce000c1c459c2a30aa12355627662f60633ca5cc5af07ab9ab2ab1d36e4fc94b0430e0c49ba90179a4b96a2408350c891f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ff4444cae687fd6e2302485240003a54

SHA1
918d44de9527ec8cfd449894071b461c1e99bda3

SHA256
0631d8cde6731a0d8f089258f9899d673ec60714f0296fb1302742d4b01364fb

SHA512
09bb8eab8bfc786567a6163a8305ad1f5fbd676bb8e479cb6a635abce25b2d6351752d723d50f96dc9f72cef9387993539c0bad6440b65d52b6d0ce99486b6c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
a9a582172c5e4012aab38e150fef03e9

SHA1
6e145f83bce174b84dae5d72f77ad430dedeb89d

SHA256
e11c1ffe90f07389beef3552c78546ab231cb6fd801172601f49713a121fdb73

SHA512
7a599b4fea8aa3410bea56c38af2166e81a57e5a967d10c880784cd3dd12b8cd21b752e57d9175a96e3615c1ff38fdd2b40a9b070ad665580f15805ffd8d886e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
6f543b216d9c4d96f8095c95e4c294f2

SHA1
cf7ec72ba45ba92d8ad4803b13157cdc1a651188

SHA256
95fbc9be3e2b70c39831c99980940cad2f38b30fbfa393b664f094bcbdb3dc2a

SHA512
eb51ae0f0244dd84ffa632f11283fc4db46738d0890d60b43d475f80205d2d1da71a154d5c6875aa7427ef14e2a3889d079a8bd997aa9ecd605c278fc1c3e577

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
ec57ad03cd799af27c30bfeb83c63c4c

SHA1
2676a5ac4ecd3c070c0b4356770caca6fa6ca0e8

SHA256
62d1ac887f71108d5c1f901b4be28697488a7e0647c26b8742ac2792546494ad

SHA512
ee1720d531a8c0a9a9692e819c5542bc6b80265bcd96019378e91e8d0f28df2e2f9e6f521b0cf9b1b6136b4058ac4fb07f06fca05da8a74de5bf43682b3f8e7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

Filesize
77KB

MD5
fbd4c2df6c5c2ab5835cd08f5829758d

SHA1
9f4ddfaa840e2ed6edeca90000c2c7c815ec9865

SHA256
204db55a920386fb98a9fa53dca4d04aa3d8bdb052fef42a61bb38a3c8397d21

SHA512
3de05ca9c89dee974f7628105aa4474e6087b960beaab5d2967b195502378a6c4fd9df03ce97741979d4aae6812907787d6d27779c550bed27f4f801d1f6b316

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

Filesize
47KB

MD5
071d35cce49b538cfcf2a257d6b00619

SHA1
471831b32f9accc698f7999933f58774424fdf89

SHA256
abf73503efc958473dcafb5e7e4a4f8cd09551473f095a19dd65537661b7a1d7

SHA512
104bf6bbc95f42f2fd774b8e855821bebad11bcb55766fa6b85fcd1d626bfec107dfa0b0fa06d7d97ccfbd337a777e6d314cb2f95187fe66288b567776081b24

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

Filesize
63KB

MD5
31507a87c372f51e662d282cddc35186

SHA1
05e53da14adb11daf7e24488b9ed124521b6ced1

SHA256
8dbe4cd9db3ac2b32c40ba30703be70c5e40949d877e5fc79d67614edbdf8b34

SHA512
29b54d5d2cbb463bb7d013275b4e02a4a6bd9bc32479185ac29c68c79f630349b670abdc81b6d3736df20cf789a0072d0e7cf84a075560996d0b0cd2779cd650

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

Filesize
74KB

MD5
123a56afcdf920e01869a7752083c86c

SHA1
20fbfdd344a3b3e8b2da07e1988861635a814dff

SHA256
56775989a726003d15eb905c76e8925cad23edeb11fe874b7f0b68e1ff0c1190

SHA512
d8c550531e5cc4fc2e8ff1fcd73b45c1fb15cd5dacfc8f05fd4203c11f98911c842dba42444db305205bf5174f7cc427dd03fa2fc15bc8303635605a25b88e79

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
a6ae4b7410504853c71f4a971c08d0d0

SHA1
9d0d598d7cbf56a875cf6aca750e457f7bec9de6

SHA256
efa7107dce20de7065981563637a01c010ef7e940380d0a99333a134d60252e2

SHA512
eef0e0b030aca4583a1efa3a5453ebce8fe2f185323d0ac2e171bebbc3dbdcfbc0ff4c0157763848da03e9e8209e06b3c83313244baa6dd53f34796a083a6326

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
947a4a0fe815441767e049f70143f8f2

SHA1
1524f8da80a0d71a84ab02a9a4e6df49abeee48e

SHA256
7cb6ef44a5809befcef4265c70b43036bab92e2c2e9d4e17718b1dd4a8cc0c2f

SHA512
76dc58f65aeb05da7a5f19e5f4f6f81913eb65837e268a5c49de783f08d267c74486f0e9987f820fdfeba487d3d4f14aff61856755b852b3b0423dc6a13831f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9ecdd20668c6d92185a03a4f79cec53f

SHA1
5aaf6d9d606ff80c51a8a58fd70e23d43ff34add

SHA256
03647040afa09f73fbcc7606e33eca0e99426d583c63460ff6dd6d27950fa2e6

SHA512
7d11ca04501ccac9f61f0604744541613d6c36c69a03caa9979ef5ad4317f11a1e73128feb7a252e33de14f261179cbfbbc4fc3917edb349e270ff00d7559353

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d1d7ac62bb5075df17eaf56eed6febe5

SHA1
72fc3610d6b53450a3eef4ddc93746d375524f89

SHA256
a0ae8eb5cc2b1256769933fe525c47765f49784e0c9ed00c22c081d31ea712a0

SHA512
d7abd1ea092a99ed47b8d3a7e939e3afc3f74a83f661d9c30e373f64e8bda3285a474c51b8a7c4c461e26fe74709faab2091092af6d768acbb6e6a2a78abed2b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d1a791029b83d8da27fe43a35279938b

SHA1
b2cd78117984a9fc813422d0aa21fec365b96d33

SHA256
0ddd3a0e112256a87ab18960c7ddc1a7586e3f439fa553796fdc6a03527d8e80

SHA512
432c107595d4e6accc440143f5df10edb20e1bfc399962c138f80488b55ebc948cbf144f1ee874a418b39dce0dc396b07c8e3dd45bb06dc395372927adf6d191

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
ddf1a5fa2827b0c84f82cd276eea32cb

SHA1
da7561a6a6b6344d84c9411bdde50332384cd37e

SHA256
6dc03d8081c0ca8f8f9458bf6c9eef5d0d02c617349c305538d32276280b6d0e

SHA512
42d52c6bc8649b44da6b5de0af93025798c8310aa6d55ef4b69bb969b3e1ddecf0032dc3844f71cbccfae30f0bed4007814c7a5b9874b0dc6b087da00c21d4ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c3045c4ee7348bc98228794be872f497

SHA1
3dea5d7fa7784a05ea29cd2ebc8c3b779a90dee3

SHA256
016e471cbbdc1abc6d3ae65f034a43165dbbda8382e7a0698b917c811eb3f7e1

SHA512
b0959331adfc5116b92da9d6724300e9d43cbc439cd01263d96c6aeafea3d1dee5f0f9b07e180f928d009823e44a4d7e4c2f90e6723498431205f0fa331dcc9d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
d641e337d80a94b8fa44d992bf3891a9

SHA1
c7f6f20881c96aff72cd0e570a191d63ecbab0ba

SHA256
9a42409d49df92e5250e6b6fa348435ee413014202983404974e95aac96a336a

SHA512
18926d3827696f32db8139bd6c155a95c9c62328b0074b584ab2911c8e33dd7554e39607430713856d8ba13fa2afe94103b7002e704e2a228f8d8c2901a67638

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
08f47d182694c2d910cefe47a6ea0aa5

SHA1
f65efc484fd55492a65835e24cd0aa45b28b8898

SHA256
5da8bd196cf672f6ebe2e3e01d285b1a25399076e9806dcc30cde53f17e2e4c8

SHA512
8dc74b0399d9ffb586f573537fce6b761327d11dd2acae9a8307d420e6dbf816a881301e1bbb887cafb0cf358ca603e8bdf04c1ce80382b43c8ceeddfe43bac6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
238cc1d5e43d13c549485348868a9bf7

SHA1
a5c4e86e769c657bd1d8d33f6f30e6877f676f85

SHA256
73ab39777f13f27b3b5cbf5be1cf49d65f0a7c82727c7036d05f545b00dcd159

SHA512
f7293d9cca5c849a91ca4ebfad4b2cc92ee37944e513d95e3402c4e053750222682fce5b5f37f1169d4b6f1a7d756ac6608629bd10fc571a693ae603ebd7c8a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
27273d8e7aadb7053bd3210ca6aeec48

SHA1
258507ce7cfd05a17ac64501efb125515afd1173

SHA256
90142258a448972a34f3cdd444255f4575e8f0a38a145effb20da5dc2a24da1b

SHA512
0fca1b363628e10100142b83c6a21eddb939e2656417d9ffd815cfed2a45e45b8597e238f9de88f22820ea9897cde76fe0127929143c1510691d6192bd7e4f05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
447fc7255ecea56cd576dc22f946bb21

SHA1
6d9171cd906bd1908116e444ff7a56c069415b36

SHA256
399a5d950b6eab9865c2fe0cc4832ebd78d72a29e85e5bb2fdcab8b93f647ca7

SHA512
a2078f7bd33cfbaaafd1612cee506bc5ef8b91757bdd9602d344ab21d703cefb1e48a0674d32044a3146817b7a827b696d16434d9e334ab10f8306343a7e9793

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
b829d80a446a52752ad96728c90bd0b7

SHA1
27b3e4668ee3a5864efdcf5127f226edea55f606

SHA256
d112c262cde2d05bee9669e90630eb132ffcd58e65f4b52aed4503852235cea3

SHA512
770e372d0e552db094a94ffa84155a62ec9956d297a9a5dd8a47639aa7f7c4269bcbfdd54c0e2a0113681283399410ce7af95ced5108d87dfb22a8968a0c68a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
dfc4f34c1c3f1925a39af4d3685c74c8

SHA1
ff9f153337c65fe8ec4bc8237d99be4673d52222

SHA256
fca71752406b02417ba52300a3cc974cf069d56cd88e80107e4e9a54761379b5

SHA512
e1aa4ed2a45ade225764b3c54381b2aacf0f075de92fd78d013a59b8c22e4f0c2f6ca7d13aa7432907a1f7c3c0f1e1d24729eceb6ac12d14a240e0339c5fd4a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
bdfd7b4496dcfa51859ffe4b63693d18

SHA1
7aa3f0fb67ade65669096b972fd7caef887b7d65

SHA256
054386416c410ce1055b30a88cdaac18ec3ba219a3a16a03dc1f043cccdccfe0

SHA512
96987953d23d83a8e6fde9b883a006befb53c1a2a9e49bbbe4148ccdeb715933340f9abcafb485583dd5c0dc48dbd03be13a43e01fa8ee9f4bde35f544af59fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2b2a37d3dfdf8103cfff5656d76d8fdb

SHA1
a58e837297ec6eb999019c3dd1c3be9fb798d00a

SHA256
f96cbd181529787ca4dd012b0f7829640bf04ce28f23c4a24193bc5178ee8f90

SHA512
3343ca22c3f17ce8e19456c953e840441573f3fa460731d1093c618db73951dd3276ba53304e3976f8bb48fcfb5f1f39ac31da3535f921ff31074fbe81bac86f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
381f4e7b18cc3bc148cc5167256c1549

SHA1
cd8bd17501d3d0a3b5474b46628ee940b0fbbdfe

SHA256
074387eb8cb8a927ceb3ddc276c263b68b0e20287dc2d14bb7a8a395fba3ce48

SHA512
304f8b174544181fe48a6a86a931afdff47bebcdde232e8c12181ef26c2a3879b5c8f39c0c9a011403a68805bfb63ef6d7cd07d2dc3108a3cea1429f58533519

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
eb883f50f5bdb5c058850d06d16ca89c

SHA1
da06d1ec551f1e67a118591ce04675b4be8fa782

SHA256
ee573a202d86563ed98b874f6a511338910f7cfeab46408d4b7637f645dce92c

SHA512
96b2d3d23b6dcd82f5e9a330f5dd73d7b80a8ce2ed741dce25e46a8a5b175bdd5eaaaecd442225d84fcd3f5fb176e0bb76e368c7d195835b55e66ff9d45255be

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
61671c37080b9364a76d0901c194b7a6

SHA1
6635d66aa6f33e56e8df3dc611efa23d48c1f74b

SHA256
f0b671cc27027192688c9cd545e80de3e047adada805ac9d8f417096d13a72d5

SHA512
47a0ccb93f5f5a0c44a78b42ee370d280d8efc07385d6d133c5fdf359a81938d9dbdb3d9487c5494b682fbea4f102961ee753fa477414f9b7510c741dde82254

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
36a7bb6283b9ef82cfe7822b3fc80a1d

SHA1
46819f405a5f6231fa719c4178348a4012978ebf

SHA256
8174f2b565c6a828d499bf3f8f294f2530b2770ab7ad067727fabd6c686546a0

SHA512
35192153895515d8ad9581b05e1f855f0fb6d1cbaa5aa421e5f1d996c6ef15bf60f68ad4fab3e783bc5aafa6f42fb61d0f32684c61287ebd48e70fcae1014aef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
2a12227b497d9d9c58661950282a7f28

SHA1
d63279e0cba6fb04cc28b02ccdd9a3d9f2b9c99f

SHA256
1cc0dd904ad1f4888cc8ebf2f78baa3f0f60762f5f9205d1ec60517e7dbfd0e6

SHA512
2c12221e1770ae6ee3f32de4385af1f78c176e4c9478ce57ac6187fc214c668050e18c964c2ee5dfad48c481b304dc90f824cfcef7dccc5b0c7dc423b3f22f1f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
d4ef2734e289db09136ed25f79c5fd28

SHA1
f99602b7121f34a6526c4dd561653140c40611fd

SHA256
7023371f6dc55381b5f9682e5309e3cc0509f5dec6982152348c6eb649489474

SHA512
0b2b84be8f63834740ed0cdbb1a32eebe296adf6fb381741bf25cb9472595d8dcc8d8b4982168528419c717ee345d599d4605a3cfa8ff45a34d30836c658747d

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
54ac9e5dbbcfa9ed887554e85cdfc94f

SHA1
07a0542f0bcb6e696701f21aeb094e62525761c5

SHA256
7e120612d6f8f4199b028f57e1e036208a75ad804bbbfc39e7728b13ee032563

SHA512
9dad6f457e220342eb054e05e6aefef77623d09db06676cbd57db270b0f98323a9a72c94e37753fc49714abf4dd81197a98725cee0a8625895a7484a24c675dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
2b7b66d45fbe3a127b4ed432273349f2

SHA1
5f1a0c14e093465b931e55922c3bea6e2bec54ed

SHA256
d33bd0b802c255ed8c389c160123dd2447dcb869263509d8116c8830065750db

SHA512
4d0aad42756c9796f4c3ac7f0a8b9b8b87b5de175f41b16284531dad2fe5f1785b46eacce93086f1c3e0c6343c8a1cd870e79dad79699a2eeec112ea1e05d1b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
843928183e7b5ec9b6a5412dea451fe7

SHA1
04db2bf16652d7ffb03519e2d15dd2cc956d2eeb

SHA256
050e7d3eaa8a013fe67b29fa6f50610968528112e81afc3ee4a0098988c3f9f6

SHA512
631e6156c6038426c8bb8805ffd16e5ded138a2b85c9008b741dbd7ca8ada793ec48a0bae86fb5edfc2c0ed9c082faa601c5ca3865c3f8a5fb0e9a66a5474995

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
4013426c30b553061e3baff42fdc9797

SHA1
2af33488bb50dea5bf75cf066bb25df7656e7ebe

SHA256
55e3d02d1407430d5e9b5228f3347151974df6069bf8bee7bf0093063f62ea27

SHA512
267391abb5eebda4c461c63a874a5335c52f77e36b5b337774b68a44b1423e1ac667ee7e6d8de09164b7cb1a1caa50a8ef8cefeb648d45a0f6441af18b2b3825

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
e21e839313d0e852431e806d9767dfb3

SHA1
79b39b7306183f8a578eb308b6f18899f35ed6a9

SHA256
1dd4cbf24164e5da9b2a3641316b4beec3063cc4e8e5fcae1c42eee25914ef66

SHA512
aa25e52bec755870df4eedeb174591000a350d6fde7bc08158c3fc47c527ab53d020ad64d44825effa4f21d233e8447ae08f0de29de165ed89a8504fa3a99e80

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
60c699fb88c6c52bf7f8a53ab5358e96

SHA1
a78ff3f9111a8180b23ecdfad6f15e014bd0b805

SHA256
316d60c8168480ce613687fa8790142171666e9fbfa199e43166b54fb3f8dc30

SHA512
46b80dcb68334181f71b6296d693e37c755a70737c46ec149ae4b485a7c201fd2494c0aecf085ebb399274a9259203f0726bf39d1fcd273e0a468acc2d3ac99f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
2202bba15febf24c32b5f7ed4a71dc27

SHA1
9a32f6d5e333c5e8a7dee720711e9a33f5ee7d16

SHA256
8ada005268c4b2fcbb4f585f92f331d91adf804e3169c700f4cbaeef6d427a15

SHA512
63ded4f5c231671c5d4f301a8a9eab2173f93d6ac5ffc6b0f0e1cc5d9ed053b35e6684d407ba222c647d9c1cff10014f2e13b990bad9f7ebf6a7c7efc5a30329

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
7118a2ab5cf429c2db4381724eacf2ea

SHA1
31e82196d2f2ff89548b52e82fc3e7b3633c115a

SHA256
52989b4a84d9b7dccef273296d70c7adc7162710a7e471f318db8d3259be70a4

SHA512
72182fc92de4539c721fa6e9802cf6b4c76c4691fdfd4ac6dbc5f630a1e7b9a25bd00a0202c9ba8d061b4a2ee748b1d762cd74bc4834e13269e1ba626f6a096d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
69147f7bbc5f138f29df322589513590

SHA1
2e37b80a309839f04a32872407bb80fa4fed244f

SHA256
9bd532ea9a60f02b001fb3fd7700c856ee4ca1c24e44acbc49c3c3910001e9ae

SHA512
c3bbe0b34ab79e37f9dae047f10d3d4f31ce6762d8ca3d3d58a3e941156e20fb59d0da7709c7325b9fe5421b336d1a3046674589a43a6331120e16f0ed649f4d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
9fc413b78efbbb4249c6665604fada61

SHA1
fd1e61bd8f655ac45a419155ce6dc4bef81f9a49

SHA256
5b0f89ab29cfa27421a7bec97b713ba0c19900f0f34a5c7806823410d78b85a9

SHA512
de2a69d4baa2f0bf462a2ae6efde78fa22b24efca5b0fa411e32ffcf2ac3cadaee8210b3dd3370d4dde2a7fce4732fc9bbfc057ab3234037e6a2a4c9c23f325a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
c17742caeda939d769b01fbc43f068ad

SHA1
0eecd1ca1af00193d8833f32052e33a11ed50d41

SHA256
92fb5601b08a53ecb2def70a5e1049860678d3f2ffb06e84b851b8bbd3bf9f40

SHA512
673d253520892b420191c39f0d79d8b66c76c77802a4fefe708fe8440523fce1f56189518a5f4731518b3d24072694dbfa177761d1d871a94dd5f064220fb40a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
c03f930ddc9b9b3413ce0af06cca5e79

SHA1
50b4866ff239e398873e3b5164067ecdc0ae108f

SHA256
edc4c30b47d0781d9413717236067aaba34ec8669a5b16d522f5cc69150b85fd

SHA512
87672dd5047deb09e11e7f346d044755af4c36d07f2c7a24315edd6e26153b71560640c6c823e68f66c4d188cd97defeb7a573b019759ddb125d095a14a32c7d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
d1c22fd5f14b2f10815b1bb1b7f62c26

SHA1
7379240df44cd55213ec913eba628de6927e08c3

SHA256
8235594d7083da47af826b5823da2d0dcaa9da73acd512eb68da397caf7d79c0

SHA512
f2af7546044b9a298ddd215b5a4c347d63ddf5680ebacd06f1ee13a369f6401ace149724ba7d524ab8aa1f1f05fc4eaf34c38a9bd799014fd5ea49e340da0fe5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
d128c617e16e5d564ad0a2eb77dc765c

SHA1
9666445145bc4caea26f2a157b581a28327ebab3

SHA256
fcf9c5c4974009df4c796bada2e0a27b0a28975d77e23298b0f0d7b0ff27fca3

SHA512
fdb46c43770bef036834381356c8cbd038125ed75487328f634712fae963f4b7ad43f5e4d3c3dc531b7b479050032758a8e31fd23c3468ae32bdf9fbb8e333d2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
adb5a2d847ad898ad507eb3b72b1361c

SHA1
ba9c05ffa44e4ecd4c3415c035da0295afac1b15

SHA256
b0b893640a799957f2e86896c234340101bbbf73cca661fbb8c8c40b60f5fa5a

SHA512
80a509ce68ae8982ecf50e7c0ed237f563e06980f9e0123f3df25f31cef7a6b83699add5a8b24c5f9df2be842ca9584bd8cd0dea1a664b29de8444f7028131f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
966fa5af0ae1e6d8f6b8304c7ac640e2

SHA1
f0caf26cf4cba65b751175560e39cafe7f70fe0f

SHA256
f82aed72398d9bd6b34189de810d71539b830b14d8966bfda8302ea93d6232e3

SHA512
a274050cce5d7f5bde9053e8e1e0af844a6790c7f5202f53d9e77ef54bc18a23fa0cbaaf387fe39b7256d75f7ae50c26c7f0dafea4f4ccd58fe79af7c5882758

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
9baecfe6c9b251d3b115f1a725eae1ee

SHA1
4d50835d492a4f8267d3a7e66d4a092c05a3537f

SHA256
b1665fc5f75cec2b62e6f120ff81d52c2412769ecdd2e9aa21fd11d50210913b

SHA512
0d2ba2ec69dee3c04029166bfa4aaddcb793f6904fb0592ee7d70c3ae8e4f914550b5dc66082df1d9454e83818f7aaeb5c3265fc6513238da7412d7006e63bbe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
4b0cc2eddf6bab914b4fde0997ca4095

SHA1
c1e711f64121cb04a3070a0b9f806b09404572c1

SHA256
c0046384eb1ef3590be6ec56de3adf8dc3a078a034620487215011c23820bbf2

SHA512
ea6823abfe64577373e064892675aa2948b82bd47b2c3516d7435136f0a5df263cc67cc3964c129bbe3e86d474b14268fb7079519d2298c52a5477e13f69f457

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
5de531d6d79a90055dfbcaf241843978

SHA1
d954e493df6aa34c7e8678f606913f01bb9808f3

SHA256
8fd1c37263f6fecb73c272a4180771b3bd9bb8d1008aafdca9d995f91d00d5f2

SHA512
2bfafcbdef9084f500a64e924c2d09804abee56841c9f1f41dffe9c6b4648b9250dbfcee467fd0093287e6dfc6c14086adf996c325cb0f4cbe01264a55c15a39

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
95b64f26d14ee7ce9d483213f4e24833

SHA1
ae7f2407833c7b3dd99a95d0bd80062511ccd515

SHA256
eba071f83ef900f7c50999f6277da1208f0a8cca594ce6cba650b36caa91a3ef

SHA512
e9d0c5b9ab65ab5e4aa36e50d553d823069f1d9a27119f623a425d907ebf4ebe24269e6b84ef69aeeecf6cc4fe30761da1e921e1f890500e38328dae507d9a88

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
3469cc6d423846d95f5a1e60bcc7d064

SHA1
baa29d067a49efdbacaa6ebcc14152e888d4dabc

SHA256
d87046f91fdd8346dc0bb0ffd5bf28d0f40a1f0cc74dcb12d60f3ff53253ffa4

SHA512
76aa7f4b9addb38adf6dccf5fddef2ced65c1845859b2eaa7e633dde15ff24f333ceee9763352fe3c50c860c14ba6699293612d72b6f7382ed26e0a7e5300095

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
955eaa71de7ba005b018e1a2bbf04478

SHA1
0d139a555ba3f1295de133b1f6ce9a4d873f82e6

SHA256
98e8b304f0ff7efd7671209d6d559e95f4df67f89735a9d9d6be0a7ce4840fc8

SHA512
7bb6dc558942dd497e04030e2766cb587adeb1b493b23dc89da6ccaddca9931530ef77a64e9dd7fdb402f3e08e3dcc3453953b19d7fddde86e4e38cc8ea6a101

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
06b120f84a074984f257242b0ea22360

SHA1
d5735e05d5e3a9066adea25eeb7e749f214a874d

SHA256
25e35f2a733c7c47c54ee308a34fd569f6ea07008b4c4feb7f92e1577fe7659f

SHA512
a04b54ff4b06d5c6d3f396d34f55a19cb0bc376465c1f454b661ffc1ccee020a0c1e660d92090ff8f3da7d913d52558896b66fff6f0267e571a461d95dd01cd1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
041bcabd88fedd76dea27840564c27c0

SHA1
697f3808a76c8d8f39171c055da0904b238ca2d5

SHA256
31f3d7dbc3e516bda4d18bf47cdfa25f697dc499526a94248ffbbd964b8000e5

SHA512
4cce4adb4c893ce9a9ec525414f3fc6b5ee6a3bd27da82efb8106b8ab5c05c4c1a633763641fc51eefffe61f461c1acd4aaa5ae253db61a92fd5147d19f816cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b1208bec6e26f37c08650dc2510a5dfd

SHA1
0af8b7c867ef649cd0c13a1efefd3c3b6935cb38

SHA256
04d54c34d946bec00819a083e5c7f51ec90a0ad1199e424427f7ba8d01882f01

SHA512
5eb462dec5764e6fd7b734c2e439ae9479108de7761befd2a0aa64d8210f1275057506beeb4020eab188d0b06d8858b2f503b6ed73cf99cd41019f48dab95589

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
cf582936cddf12c149f31624f154340e

SHA1
5728e6c0bba0140b632f0293ac7aee8369b0e5b3

SHA256
45eb9caca68c5c00aaa9fcb477309461c17657c464753356044f321709c0e96e

SHA512
b4defc8ecf9abb00a50168ea8c37397fc30457ffe176a5e266ace08b8fa4c0a13f1d5e96afb347334784d3298bc9746eee322e0498617fa154d721bb2bf123de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
71b1a49917f3ba8b60e10386e34b9a3b

SHA1
df4bb2122e699b7da8e355b5f5e5405817fd1c57

SHA256
02c3228492f63d914bf7244688e7a320616683d1582d875b09227a058f2ed5be

SHA512
288b2bea79f4d2f7f5d9e74f63c4d89be45e2969bc1b71cb35522804b0a817654edf2fc9ebef88c0f8c5354d0c6a5f394a7d5f8597ffc83b2a59852aa604c8e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c72b64ea4c6e8a7273c2459c3271fe53

SHA1
3137fe5cc4c078c037585ede915e28858284fe1e

SHA256
cb247cd49a2c1f65710de4b9fd04dec5aa8d76cbf8f397267acc82be8080fc83

SHA512
e88fab00ba78c0ef3fba3248316ad318de8ee3155528b636a6c40f31b9f704dcc6573272e56a9b09c699f28c3bf5dcacf0a3d499dc4308223245b2be1e79321d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
e1e23a7a9a7f8a951eb14f12e4fc15c8

SHA1
c663c5e0c2def7f1be7baf2bae03bfe93835c4d8

SHA256
ca395ac67944aab33668b4f0b3a40a73670a9f976c6958cedc857c02dc597543

SHA512
547044c92e3bf1d2323ab632b3956759d14e47420d8cd6dd1a2922ac45f3e755d469b23bb5395ce24de074a5f105f5baaa398d0e64b9962d4711cfc89063b8bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
0fc688d458014d162c3b97daa23ac55e

SHA1
26c5423a3dd296d121acb7eeb912cde856606817

SHA256
af29270a67e71257452dff1d9fec0a02c90b6735cdee172c0320cf24264b488e

SHA512
1897ca814bd7468e11451153f573ffa92d84e80a3acdc00838f452b2ece3ee102f1f690b070f6a06251c474d292b0a4f9f12e626c8becf3c973b670ac424b942

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
9f63ebf558d21c3623bf8cbd9bfae797

SHA1
3edbba76ec350e923d687a054b3e8538f50a537d

SHA256
1dff039cd9f754c91681d68b4d290a2856af4108f20c9b76188062ab1e176a78

SHA512
9c609074da8206356ceda4689c05cb1abaf208edba56a51f92bbeee9028b00839315cb9b2e7128d51607bd1555c94ca9095796ba3f22c68762f54efc3c94700d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
751c8c5eb89f19bc41e33653674b144e

SHA1
7ebd6a0041f6dfd4c94c047d48da0317556a3020

SHA256
54b3385c23f724b4f1fdc0050268feb194fd43262540168d359ca32345428390

SHA512
4a05c1c31096aaa5f0fbe9f36711a75fec09f0abe117ea8e811120bb5affad3b2f2c21fc023abf2e46bbedb57936191703a1d188ed15a92f20176514fbea62de

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
51a187f46e4780e91bb607d022cb45e9

SHA1
eb64d93303803756fba5c7b9696cd760fb11ef91

SHA256
756c92f0af8a4bd3375915425ebbe70d378879bab04aa7fbc3792e2c27a45a39

SHA512
12a1f947cf5f480dc3d29b47619e3f4f6a14a9433a96be3582844f984e87fa78a3ce48161af970969b4a8647fc3c1f52e9dd4d24f73b4137919ea9649bc3899d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
1183ab91fb607a4272d355de3dcd647e

SHA1
8e016207c870a3bf680b2d1f9ad370170813665c

SHA256
cd4445dace6c05653c61fab3feaa9bb9706db8bfa534ea756e8a129e5880af77

SHA512
e1cbb89fbad21c7b707359674e052cef0fc4485b2b6202905f008f57e27ce709b02059bfbd19c857db9595242383e05a448dd96083f8a68fedff42f43fee88cb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3079bd6e7c3f073a7328a62fd573d20b

SHA1
e1bf3e8a8913c4c18285248fff2ee919d02ead80

SHA256
ce049a68c3c5794050046461066f835b1fc5a18a344871b1e369a1030be168d7

SHA512
cf979c0b5418557e4a9b39bef2bd14fb07058587f84bbb87506049c51ae3064e2790fd84a575ec7601279b3b928ac5a8fe041b304cc0f7483a8e56ccdb583174

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
869ed21f36e9df47fd51f80af210e6ce

SHA1
a439eadeb603fd6c6e368b586192b99624ae9679

SHA256
738ad46ab186ea022bda81063457cc78af8037bedf3da110a937c29b7edc0cfa

SHA512
3f9d15aa7a9af83b53d0ac22e7268d70eac5512640894c561a6b5edbdfc7462202b1313daf3cd516737c017ca17b05603e1a071823ad3920224046f805d9d32d

Download Submit
memory/1324-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1324-5672-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1324-11305-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads