xorist | 676903c100dc93681f6812043ad2c4b1481680d18dfe36e27ed21a052150a9f6

Analysis

max time kernel
95s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Size

7KB
MD5

f4c61dd3244e63b3a19d97a893e0cd60
SHA1

9df83615080a3bda80f91135a4d345e8055be5e3
SHA256

676903c100dc93681f6812043ad2c4b1481680d18dfe36e27ed21a052150a9f6
SHA512

9ff12f990bf81d0b3896e47a60704400b1581056e40a47debac6115fe0d9e45731fb6e28774eac4d2108c242a2ee9b6d3d87c1c4458ed1a8fa60e91afccd06af
SSDEEP

192:Ewzdrr1FG1WDCgmjPZLs8xqE/5eRGMUA:Ewprr1gkDCgS2kesMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/808-6482-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-6481-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-10905-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-11028-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-11333-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-11338-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/808-11339-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_shutdown.inf_amd64_bce6891915e70bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/808-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-6482-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-6481-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-10905-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-11028-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-11333-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-11338-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/808-11339-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-125.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16_altform-unplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-200_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-100_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-32_contrast-white.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24_altform-unplated_contrast-white.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySplashScreen.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-32_altform-unplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-150.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left-pressed.gif	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\moe_status_icons.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-48.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-lightunplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-72x72-precomposed.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\be-BY\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-400.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Glasses.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-150.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-100.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\PushpinDark.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-lightunplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-125.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-125.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_contrast-white.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-72.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-30_altform-unplated_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-200_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-60.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-36_altform-unplated.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-100_contrast-black.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-80.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_SmallTile.scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-125.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-200.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..rbridging.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2229a35d9c00f887\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sxssrv_31bf3856ad364e35_10.0.19041.207_none_3eab5ab615eaf290\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headermaximize.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c305417d6f76b82d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-gameexplorer_31bf3856ad364e35_10.0.19041.1_none_024606e494fb49f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_c38d286405cd486e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.a...commands.resources_31bf3856ad364e35_10.0.19041.1_en-us_39771c4561c1ea7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2fa0fba2e36c17b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sv-se_fdd6d3787d6e91a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-8.htm	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-coreshellapi_31bf3856ad364e35_10.0.19041.1_none_a833192bf8ea007f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_genericusbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_725e05de4c58e4fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash.resources_31bf3856ad364e35_10.0.19041.1_de-de_bfad82dfa3790366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e4fd3cf0cb71e3b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..serverbox.resources_31bf3856ad364e35_10.0.19041.1_en-us_536ca7a83f44f894\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..nprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_9347573f1dedf5ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_10.0.19041.1023_none_a381359b51d29b19\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-installcommon_sql_b03f5f7f11d50a3a_4.0.15805.0_none_37bb712718e5ea5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tetheringstation_31bf3856ad364e35_10.0.19041.1_none_ab796000a895d829\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-clretwrc_dll_b03f5f7f11d50a3a_4.0.15805.0_none_cd42337291cd5c70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_18b834522b9eb97e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\perftools\images\i_appevent.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..trols-wpcproxystubs_31bf3856ad364e35_10.0.19041.423_none_b3d51624c98161f4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_napinit.resources_31bf3856ad364e35_10.0.19041.1_es-es_d2d03a2fab6cab82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_zh-tw_88c9261aa201eecd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..o-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d91c4c6323134623\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngshandlers-display_31bf3856ad364e35_10.0.19041.746_none_c1228aaaa97312cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\BlockSite.htm	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-asyncui_31bf3856ad364e35_10.0.19041.1_none_3c2709f1c5e46dc3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.19041.1_de-de_a6988066d8b86353\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.19041.1_none_f6e35a697a06e63e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoLocal.html	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..lders-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_8a2acbd3238ccd56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winrs-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_45826cee4d9e2fd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.packagema..ce.common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_86037f72beb5d1ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_tape.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_657ebf2faae224ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.19041.1_none_09fac50a5fe3aec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-networking-switch-interface_31bf3856ad364e35_10.0.19041.746_none_c4439f664d5aaf06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_12432d20daeb3f90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cc4df80d31a32917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobezdp-main.html	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..l.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_37a8fc596f462cbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\Folder_Small.scale-400.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter_31bf3856ad364e35_10.0.19041.1_none_6ba2da093792c423\SecurityAndMaintenance_Error.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nce-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_cfee02540930099f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inputprocessors_31bf3856ad364e35_10.0.19041.1_none_503684891cff52a0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-at.resources_31bf3856ad364e35_10.0.19041.1_de-de_6d121c56b24aabc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-computelib-legacy_31bf3856ad364e35_10.0.19041.1266_none_2764be90dfc8b6df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bits-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_76ecf369c7273cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-eventlog_31bf3856ad364e35_10.0.19041.1_none_95c78c06618b49c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msdt.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_92d25bdd97f13163\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-game...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_267afb582cb5d6fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.web.entity_b77a5c561934e089_4.0.15805.0_none_80564c5fe7491d97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shell-setup_31bf3856ad364e35_10.0.19041.746_none_baa8c7ca7cd0355c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..-radiomediaprovider_31bf3856ad364e35_10.0.19041.746_none_6e5c4ccb8ff1e911\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-200_contrast-white.png	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-unicode-components_31bf3856ad364e35_10.0.19041.1023_none_8d723d8c46de7ebb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-textpredictionengine_31bf3856ad364e35_10.0.19041.746_none_ffcc3a1a9a5792d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..nt-extupdatesupport_31bf3856ad364e35_10.0.19041.1288_none_a2ab1a53a8015ca0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.844_en-us_14920372d0be802b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..nsors-api.resources_31bf3856ad364e35_10.0.19041.1_es-es_7efcf868936caefd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\ = "CRYPTED!"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GFEGCEIRMLCYGWQ"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe,0"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GFEGCEIRMLCYGWQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08Q98gse50wrWu9.exe"	f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4c61dd3244e63b3a19d97a893e0cd60_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
aa78ec38fca0ff7c9c1ad54cc6c74283

SHA1
eeb14a98719c3368cb8314d71fa7b5d72ce14c95

SHA256
8d4045f8ad131d8a0f48c9c8c6be42eef1e8e5688dae50dff5e69ae399707f69

SHA512
fc217af2d406a8181276d5c65f28a5867b67359eaa760d56a7450ebbc6b9e9ec8bd758f196f975277b416a597ce53cd3ed43dc78ca4663d92c4c759472e316eb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
35c6f00bce0684b0b1bea18df80b0aba

SHA1
c1d297a6cf79fdefaa1d60d589c4d81a3ae73c8b

SHA256
057bbecd63b7888444747e09fb38f4f623e2dc8ff15c7e7292e0e7e73f5a26ae

SHA512
411093777f076600596efd006f0a1a0cdea1af8eaa7df7efb32f9d37eb4aa6935dc17361b590aa4fdf76d30ac857c3b720aee91be16bd316adbf4e911d2b30a8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a0b488874be1f6ef8200001f610ee7b5

SHA1
76f40431a148df7cb9852e2b54ce85c8a13be83c

SHA256
72bdac0e051c0c3c929f1a36d2b9895bfbc4a95fd4c9206e810831618ae79db4

SHA512
b8d5740b8eb1d19dc0e3ed9b82bc0b7920bc5a3cdbaaf350d60ef8b0828954ba567b4caa17cb4d7f7ccc040ca88b8b398c2760065108ded78c6d7fbe7fcac052

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
36c1f0dcd18133a351e78539fc57d95c

SHA1
b77047f2df09d59ff51f1281869ae7ac23278498

SHA256
334e6e4e25badcdcdd1a099a2300e1bfa6d58bd0fe41692e9e6afa487949b4d9

SHA512
ba5ad16a12bd63cee51a93a8356f482e3ec06d6f22a8fa5d4b1ea7a13c526f8d65a94a78cf0072ebcd8b6fc454e88679daf27513f37e810250633f31cdab3a01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
06b8a8d6cbba73fdeff8227073fdaaac

SHA1
077ce85a4eded58a63eb62da51a06001a9839057

SHA256
00053052f87e554e2d6b79ab590a538502b1acb425b2aba57e2b1c1c6d3a8cd8

SHA512
12a9fa3887357187b1cafa4d2592decdb3c35b4e4ef80660fcdea53ddf51a2b059ef863807f5ba7fd8c8cc34dd44fef1fc5feec96f79bbc71dd74814c3fda8fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
cf0fc4cabed64ecba9bec713d7a0eb96

SHA1
97b9e43e67e3c9915424f25ec76234db04d8b4f9

SHA256
d3c37d89e0cda77c147b78e74f812cd520e33a4fe7c5ee0a9e4439341423499b

SHA512
2f639cf69c0690845dbf388071ad19c608a33b10650363bdbb262f44c27cd7effe046bd1c7bd2ec3b40c128bd805b5ee60c6a9a98cdf82104abb6e59baed6483

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
39316903f5641ca365edaf8eefad0b00

SHA1
05975cb79c941613cbecfb686ccce8bdeb543920

SHA256
9de937aaa33765152b16e02e11b848ac36b0b79545c67b8cf5543f432ae05f94

SHA512
dee97c612724b6ea29365ded940c5a2a59410c2f94e8b62b0a18a404dcfcdbdb243079921804d75e7e0caa7f34707b4f3773a23d22ed7ff765cf1aee1ad0e8f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
9024d1dbfd7ded02eea998d43a44dda3

SHA1
a42388bbff7c4ce0a5ac36e5f88c6bbce1cfd231

SHA256
1d6ef9ed9fe425fb022074fc86207dd84b64daba7c6b03ab13ecb1d806992600

SHA512
50994c216e8f14b797a380b850d3322055f1aece4f1f4e747d026f717995ca6f5ecda815f1d7d15628eed0b63e47d21369624790b522d235082fae9b4e5f3b0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
95364137ace463016cf5893c187892de

SHA1
5712d5b88820ad16ae0a408fd7e748ad4aee93c7

SHA256
c70db18fc000f199e3cc1ee842e769a3035f4f0e80ad42a397e062655633d1ba

SHA512
a1a8284ecacba613c0afe93f2fca28df8c514b45fb7161012ce7eb2156cdcf54e601118888b63beca39970da8b39d94fea9bc04e4520818de20bfb099be3e0e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
70ed706060f0e6dde5ffa2683c36a2e5

SHA1
a1f0a0e0bdfe1baea2d6dda3cd7e276599d0bcbf

SHA256
4819fd119da101ee30f296bb9cf9f9061c58a2da04fa66b3fedf8547ad1db0ef

SHA512
711973db627fe9037210a162d04f104ffa14ca221387e42b40db2b5ee9b726a352a4166ac0c8650e345334bb4fc5145cf8905cc0624999305aeb469049de1e29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
53172a1cfbce3f9f062283973f1d46c3

SHA1
00f1e753faf39d045bcf240202c502b11819cc26

SHA256
da36aa8911dbb83482ae3921e709ecf930d77bbcd9ab7fd26de3163af5cee4c7

SHA512
de58d5ffa70717e8cf5c2610ae6af8d47ba6991e974bd6bbda6ab1f0ec47026aedc7ad4f43eb60bd66dfcc320b54892764aed46699fde01c167b20216ced3123

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
e823c43eb6774ea30105b1aae967d9b8

SHA1
4935864f5e17debd1a4a5d83eeba0b73d28d4f20

SHA256
6e2954eecd12cf0fbb13b0009710d6f89f2b38be300a4f20fba00408dbed4d57

SHA512
b4e762f6b71d3bd2ed96fb50f5b43ad437947696a8aa52e0975936d24b648247ea94156d6df8a5f593f24a9c238af2d5bc56c303a9f3958ae9a80d6b1dc8c2d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f5db54587c231984fb8a3d8ee8fac72c

SHA1
0a1b3bce043cc934fd216742f0903bc76e473c98

SHA256
003646900221c0b42e15bea0c27a536b2771e9ca00826aadd0d83ea5dfe44fea

SHA512
3291ecf03ec32d6717e635afec285086169e4277057107fbf86c4ef1cb0b79da5db3ffe8448782ee2278938b00070c673de230837d9f1594438f7729ddca222c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
3272665626516c85b3ea6076c1787a2e

SHA1
436c5505ff798eb59fa4dd8497ec0e1c9fe9ddc2

SHA256
258f06f2e0e6a9a2de5c8f10ef3376708d5a0ef8270d2574d6dd0dcb86d5bdf0

SHA512
0393e1a478e5833d19f0a0c4b0f962c3775bba03282ee7f02c118cef8ffa36ec06a7ff764af1942c3487e7f417f5621d297ede47567acb5c59b885c28b75338d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
2bc370f8904b61c1400c638312d79349

SHA1
a8f7777b2019c01a65143bcf3b7bd10b38807f7b

SHA256
f7919483f3542d63bd5f036d3c471ca47d2b171f7cb2d3e8194d707b6b9da780

SHA512
c8aa293a38c591667308cf4f6a5932730d5aa5dbf4e1e73353f3bb8cdec72a1e0fc1a424a027fb7cf753b171aa8dda127801fe5394d5bfb212d8a0eafe3e2942

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
2c740ff8fc9cdfdf74315a82871b689f

SHA1
f107a5a25486ecf401e6ddd3a1f8c4a52ce1f647

SHA256
2f8c11a4658fa1166c6026759cbffd393ccd0f26f0f519c18c4a5209d237df6c

SHA512
9657e16bba1feef7d0646205616993fe827e774bbfbbc63fddf7c7d51a469e0c1fd290ea1076b520ba4f54e29c2d469c52d6c1da6b2c9a7dcc0399d3173e3e96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
49b029b9d7ff1c23013a32ec742200cf

SHA1
3e62ad294554ca7bb244477a310f101bf68c6e97

SHA256
2e2178a249cc03fa34ecf9945b092c4c9990ca387adbe56e25601599163c9c27

SHA512
52d6bec31ab5d916cc600072c153338db075b81656f1791094e803f8c2f7999ea9a21e7f83ddcc74268d0367a7daf8f2a5dd48ac5d3c486446e73549f8f300cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
a42f052a9b9f79868d9db95c9b9d8e37

SHA1
76348d8ede5fbe3c38acecaa8cb2863d3b7c394b

SHA256
4fe5c57b01da90ab7cc71876fefc0a8f973723b284ad31820365311ff836f47c

SHA512
066d251b0529766e2fd4c4991374b9dd7fc59cd8820739f3efdc6d5b1689dba60a6e7a23aa983cde4d8d0d5a99554d0486a8e74d6939ad31810a4a5f83d1f358

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
aaee46757c49ada88fbe92841e63d866

SHA1
694ec05b0179190f4aedd128625ecea84c871934

SHA256
3b658b8dee6650d784144f3bd2b7ff005d644e1010bd37078e5a81526c4dec5b

SHA512
4b4991a989abbbf8940c0768846fef52ab1d4b7c38a71a847ee30313f6c03a638554c775b3d66823990ca5d57005229aec303ac13b3a794c52b9ec3e9bbc8570

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
05c833a92af9b3931f813101b78e6223

SHA1
a6523ccea31709b2a0649f50362301eadac5a311

SHA256
bd323dc0697fd9127adb64b080ac3afd9a42c5c9ff473e7059a14391237344ba

SHA512
f0e6a4a8942b65732b08260c5c67ef2bb48a2470ea229e06330ece332c6660937f872b9018944b3dc38b341e153d8af301cdad36620ce62b240e5f0abaeabc1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
227357261a71e9aee7a0cf5d2c849103

SHA1
08281f91a9a77e0291dddbc906237e97adb29f3a

SHA256
ed547b50734302f8523af57937adbbac58408f83cc939fe6cff5f78caf730262

SHA512
dda59505f09c418bb836111d95090029a29409b2c26ba850d52793043fc80537531b4dc03b3dfeb6f766eef41acfe94742fe546daaee4f1616dfcebe941607b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
433bd88d7b6e359a265d2b29235eabdf

SHA1
8943a695fda3762820f79c4c0f08eb9a0fbcb85f

SHA256
05465c99b49aeb0730e66f1ded8355ecfa24d41e04b32b7484d8e8ac77a5a6ce

SHA512
e52320f587e1d246632da91cf25479cf8f4ba922b5721e362e58553eb88a3ee29ec6a549a7b5f12f36bd5f7e23733e0266eeea5b06f501d025ef2b1cefcba2d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
e010ba32810aa8a20cc28cc7ee1a9134

SHA1
116f45736478f6b637b5eafddf4949606c8c178e

SHA256
351c2d12854ce38f245e8cf38b47932b79a0178ca16f90f3ecbde9dad5fd23cb

SHA512
7f6258607dbf3f38c674bcb612c32be098dc6535cb81e70531cdff76f32baa55423287963e7cd9ac8665bc2f5c556909469173568c9e63cd60f3a4abd2321b47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9811d7ed4ba2d74a4568c27ca8e93ad1

SHA1
8ddf050b01dadb75ea261be0dc9e8204f55d341f

SHA256
0a37a4544776632eb2aebbb0d8ca6db611554faf708daf6843724d04e81b7150

SHA512
9446020975409372789aee09d0f5d207fe7e08c2d200c67939392f0638c1a16dad39551a2c22692150a663f342d241ffd703bde69569518ebff0867e213655f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
56f8dc9b6add54a93c504987c94cb457

SHA1
e05fc49a4c548e1db065146c2e3cc50ac861232b

SHA256
fac2d93576f218a676f4885633f49b7bb2eb06d44b4ab6eda22520356885d14e

SHA512
9cb58e14a41ceecd0ab25f21822adee94314dc74a1d042ba1c7bf5857ca8ebf9d7d7449fbaac606b8d3f9c6678509b743c1d1fcf7e6034746844f0b4665eed6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
9e42d2439d38f0d49fff8a27c5f0c4e9

SHA1
27664478ef45b69b76981c82071f45f39837fe30

SHA256
f1a35a1bfc34810d3391f6da90d0a2a6421cd85bc056f8be81adb6fbb252bae3

SHA512
136c881b8b73ffb8b3f426baa6d5f1386f4bbe5049d5fc5232de1f108f57589a71780aa1ef028d2d84d1f8299d6495ebcee554e9658ed41659a01efa57e98140

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
0b80843ff5b3053c665cc7f10e289d49

SHA1
f31a69a0d70f1964c8d46cdde7d501a24c289882

SHA256
9a8fac5e6925cd6265548d7f4b59c354e4698d705563ad120117ef5dccf096e5

SHA512
69b39ef17d016e85a6b9ac6436d92f449090645667d6e64007a621fff1e6efc36c0d66394f07607e2c05850353cbd2b4b929f9121c51271739c37f26d3698624

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
9aeaf275654ea6cad60d1806831851fe

SHA1
dbbbe825c5dc518daa5f94b2bd990a015e29fb50

SHA256
6e6ff047c2ecfe69664a72e1bf66fde4f9138db2af8fd6224e027ecd6292489d

SHA512
c5b8defb05011b530aaf7aa4b113cb4f7cf1f3273e5bb56ccd4e6e4bccaaaf0f3f13a6ea4a5cb6040361c0c1a575bd1b762266f43bbc7084d1861ac5da5a8ce2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
befa42a6a4e2645fc746e0d47b8492ea

SHA1
bd450af2797dc916bc668ec2cccc29b52783208c

SHA256
6b45e6669a8a9dcb855133845bcce7fe9a64fae43fe19b1bb165b6accf2a95e3

SHA512
754793a7548fd7967bf0b0a4c94784df126b09eb9e04e24bf45f656ec256ff9ae8cb48d37030c01b71a5aedf11b3fd03fc245641e9b775d54d5e4718f47a2cd4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
c8f477ff54ac6c36669ac5e6f8118f8f

SHA1
9069fcb2d94a02a567bdcbd33719aadd4d6b3342

SHA256
fcb87b19c77ce486b47b59f827360562567977f403cfd838481a21c7858ec8f6

SHA512
51f30cfbd483ac9fe5ababa7d69a1e4a61b967f9ea85494440cacd02dddd524c2a0e140f95f5945f49108f7e8bd3fcab1d270d2af8a2c48463a0f9b8b7babb11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
35043b67bf5d53d993512022badd20e3

SHA1
069952cfa07fd448a3927aec3a7de3836ef84622

SHA256
ad4bf0470b0bd950ab8fc91fcf464efa202090ae566e9c23cb99ed5a9f156b54

SHA512
25fa892f8f2ccc329f787985e60443e477c2eeb8c12f0a830a6e9f7797a85008b37e5cf9d71b73d22564b294b3894075c13202c5d75186f079db452e0eeb0ed2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a1d665724da9f5292a1b5c8bf152e57c

SHA1
bee399ce2750d34aa703f6b6f6e8730ea426f4e1

SHA256
5d80e5371d967c9df7f28ab351372441c22eb43608a0292a336b50aa59dc6f15

SHA512
b6aeefcdfdeb4df73d9c77fd343ba4774eac6a96bd88fa25e314cda926fdcb312c5a958ae47c72685582e329c79582fdd5966bd3d6811a60a84bf11d6b21c0cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
816d139d3fa57f64095be47f981cb1f1

SHA1
d4db14abff846f7f1b71c49105cae8d374da3528

SHA256
1a75e822b8fb8727f405c0212db9ccddcda54820fbb99ab41719976e859116d7

SHA512
d6aa00b6a1541daa2aabb8628a032ac76c69ff2395ddbadc246e3456b02129286c87a1e9844bb16da2bc917236e60d993dedcacf38d5bf9ab22e5f087a4fbcef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
d2bf7bd969ce1684d8b462abb46af29e

SHA1
ae7c5127b535f931d5ad8604485d8edb51fa3133

SHA256
b77af2ee7577afd9c24bb03d64c01a373b10c970007a4977c3e6c890da02ac60

SHA512
88a59ee5f79c5c32746bf7b2d861630495cff4ab21c8cf7fafb8145685aa9207ee39541bf7577a25a745569be684d7cdcd897ff11b33f30c6d5e221ccb59a0ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d5259528de15c5ba1e70eff070630878

SHA1
5f19e18e04828174e29303244b1d30a25ccbb68f

SHA256
11b6ded01439131b6d4c0e2904d52e0e5f475eca4ba815b61f6989eda11fda94

SHA512
ceeedda1e624a815a18cd5f6045c56211fd2ebada4bdb6d9d77d9900aa564ae7ad36ea3f491e9a544d1287d2a5fa9268cf04abc0c27133aa06d2486269513acf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3474ee4973a1f5f986af50cb6716cd0a

SHA1
5e62d497a01e8f80b0e114a6ef5c344892716120

SHA256
cae3beaecf733b7c8db4203437c991c1ab7d427c0d51760c9ba0a1650c478764

SHA512
dca31ab528854713939760047be752bfb1f99ff40d61432d3e7a287a0320d93e2742e97c1bef65b375e73ba840baccdb032529837ab8b00e87db28bd3d2a6ad6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
f3e45ac225d203138bc28c3141e833fd

SHA1
f8bb6c318b25b001b5531bb900939b23ec2d04eb

SHA256
45a4eaaf06a2d944808934aa0628cc07e1ba15826b068e81cc91cd030de44046

SHA512
72660320efe8e1f12011a0a3230d46812d6a3be0c1367165749d0d1fce0da41ec9b517e9cd759f1ce687bc9807824aeae19c510cdceeb38dcd14969751f31bab

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
40f2acb22ce31fd701a55b4ac516032e

SHA1
4d6a10fe6e40cb83ba2488636feccd111c24a7cf

SHA256
396790c89f6aa30f9179bf8971b87c3c4fa472ffd9f77f72635852c73966d3e8

SHA512
c698f9503a4d2e923d0c161df484e10f6a3b4db9a04a33174189ebf45a187dc9df85cacb1bdc27c2d88ecff18ee7e1a608ef588ade69af6407942a52070fc173

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
9f09b6d166a29ecede86f9ba80083cc0

SHA1
d2b76f02b88c0ff09d356741b9844ae93e754a1f

SHA256
fc3d2d62f5e54e2a841a5b604b4ff82af059196e50d4c08accbd1b721d296563

SHA512
301b5d6584ade0913b97d38462f318bf09d79bb7601fa30af3a1355170117241aa16ed852584d9285f9e52bc1b9b73e51727130e0bd77b227472a9bd6faf3796

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
f697b858ba49adc373836dc4e623c26d

SHA1
357d41253c8604c86d46c8a2803c6c3a0d168bab

SHA256
a9fb5f073dae60af08c2d606b380760bd04f7faff70bb46b6959fca3773a9cbc

SHA512
d33a4b840ca6910c171a328086a336d083d41089887f6be6e9d02b75d79cf8b06cda0616180c2b5ba8b0a0c0f1b2b7b2132a027b6a8069d23fee030f89b839e2

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
7720b9d01daf6b86c7026b5a7efaf2b6

SHA1
91b9ae9e922e5996f27b400b1bd20b9882dae27e

SHA256
e2731dc866236d788cad98da5432a6a5c7693b359c7bc7df40a1f4b9c33fd462

SHA512
f1b2665cc914ef2fe4abef2ccc610a2e15efaa41c4d21390fb5f838db4f1a54e4ef9d6b25a9cc68688e02af42c6c7068721de8b3544b47f73058c2e7690aa995

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e5099b427ca7e3e68d7945a4aeaa7214

SHA1
67670a80b6e2d417051ef035f13872635249fcaf

SHA256
7e99ef5c2dd492761546b634d9052b164318ab344093a4814598a65748607c4e

SHA512
5a8eb581c0c1d4ef1011194509d70bb0ac64401a6578c9c1c3d7757cc75cbaead856916e836555e62e4a05ac5696febc4c34dfa089f7ec2714243bb77fbfc14b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
9c29db5c5d4310564c2be9142937dfc7

SHA1
bc36782b8fe6a528bc6f1cf2527c62a35670e9b0

SHA256
0333b1b5b5e8236cc6f1e2bb992fcd34002649fd3e8089f889b05e90fb9b4b54

SHA512
96912a2c7751faeb3995f48963abdc77fd838a85f1e4212444d8debe3c88281c5c02fc1e2d41bbbcd329a2a51f54518b8933273fa701870dc402c4ea9d0d453f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8318a47d31cd3d6a521bc965976ad74b

SHA1
7e86ae0710484c8058ab4b1b00f912836f088851

SHA256
fa17411e1f49ffa1521ebfaa3eab6202068fd06bb8282447aa4fac564f6aa917

SHA512
2ce71efb64978c4a831662f247940708dbc9f4299eb0bd6080c72279129b5d6f705dc6a31d2ebafa2a9b6c9f9c26341528c64f8ac8dcabfc40d88715c3194586

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
634004640d62ffc6d4e7d35faf90d2ed

SHA1
3523f379fd9bf0eb2221fb086937bf1a55a24382

SHA256
2f1816351636138acd195857a9d866ea2fb99c30393231e7f7226735324186a9

SHA512
aca2038362e69316dc934ca4a124087f3a55ac0eae13ce1baffc47ea4d8b2ad49f11df2f90e74c44fa1fb766ea8a6c84b0c6b1d67626868378088b885b8920d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
0ae7f716659e0f0e5ea4053b60a82b85

SHA1
4f4ed47b3bbf3723f350893f50c9c99ebbd0bcc2

SHA256
35dbee574855678a4f8d22e73380d4152d5e7e047d70d73ce5f6b4c3ee073bcc

SHA512
8979907ccfe7f8cd8670c1277d622ab98d22f96091b153398cccc86ec4d3764c183dc69f3b0b04ab124c801d7f90178a338171b87784ff9e49fcd08ed371c3d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
36cc89c0d0077fe733a93d51903e9095

SHA1
f8e70bf1cb3ba4d678e73090bd711b62d328b2b0

SHA256
88943d811e6016a496837f941eac812afa17e433006f3356e52e10a8fb9e646e

SHA512
b1ac33bbd86d67309fb86e8d16069249567ea8df5e06bf4803dd2250f773421756a80c217a3b22a268cbddcbd0064f89d58bf4b7353a1aebcbf11fabf16022c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
c78d042f2979cab8ec0da00ea8dbe903

SHA1
8a6c209a624801c3c4bf6f0556d5bb92fbe64890

SHA256
a811375c4233cd52bf882c44f9815be759220ca1c0f6df87e11ad301652f36e7

SHA512
22a06f54ebdd5ec899ebab1b09c2749b7a04423a06e2ea99b7df5f03585e83c421687295038c3f985b025a3a8f0e77e3c25eddd7df0cd2b9366e77d455bbd497

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
1e019427e5b7957cee078a5796e39993

SHA1
dddd1904e93555c33d3b4f0fdd3aaba512b652ae

SHA256
defc3ad996d49d65c53afb385d3c08d012a2cc5b2e1cdf0f8cbdc0cab19e37eb

SHA512
cef912078627d2282b654827c27e8ea271d70f8bfd4e65b7e3774871d591a5f190c22068eb530c666c3ad852b70aed47d6181a614fb9a570644cc5fa6eaf52b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
0008744af271c8a26a094c9353b74511

SHA1
09601b53df65285376afe72c83ce362dc14c253a

SHA256
9cd9b41e9a7d06dfb5a9eab34a43e26931f5491b63fbd94c28c96dbcaa0a1aaa

SHA512
26c58e962cfbcc3e626f23671342b38bc44aa73339d90d9748dbc10b759e0e32d55880f22defd31a1acad106bd1e82009f5f980bd46d94df502fcfe7d2d5914b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
5e3b5c67ee096c49f359bd2870405a82

SHA1
841b988806b65d520cbbc65ebe7640756d1ca75e

SHA256
74dcaca3431d7acebea8b3de4773bff5970e8a72fb2c8ff1ffd61d2c783f945c

SHA512
d936a6da140876132c38c322857a08cc07b13e318d25e7e4048c296f952a2c130acb3e5aa505b721dedb7cda3246aaf5986f279d2983c70b43d615b041c99bd9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
df57606ceae4e14495d46e36dc746e73

SHA1
3e6c774a3bc68a4131326dab8be7886455cc964f

SHA256
f3f4095c55a3a6bd28350ef4a8c59d2bf48466fbdf3e4f1231425c7f5a3b4863

SHA512
df5922115f70822c8b6c7c761e501347bd1e3f092098e0ddd3fa4b71371785d5b09b57887de37486e600272262abf6cc31469342670006832c11a31fdf439129

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
76b97238d2db7fbfd4e305c895e92da5

SHA1
8c5fdd34d23ae26cf6f50f6aea7382026f2cf8ab

SHA256
4f80f8a7aee8fd36059faa0c7350d93b665f6547857136206ae533e13e6bee16

SHA512
92de48b965056a13a3ac9d3fc3e7f3df46bd4efbe01d31c9f5f1b00324bcef63d919765d1afcd5519b2d7058f35be4d8613620c94dc8457035b76dce5ecbbc1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
ed3629d5bb2fdac824a79b8b3ea31fe3

SHA1
a8352cbacd36d1c22daaeed44cf5209a6fa4c612

SHA256
f36a769734be97441535760628f24f734b9b4489aaaa7282f9566ecd62a74f15

SHA512
7437cf7cede8310f7c90c9e54f39823e278c62a27dd0df93364728b59aa0d0eeddb68c593e004dd35fe1782a558f7ef26c813f548dc3ed1ceb2c4c7d5a609b15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
7adc5f86d22e1ae9ec852c1c9c2b34b8

SHA1
aff307e1f2fceb7f28fbd42460782cf74db41136

SHA256
961c2cb8ca60708f1f1d6fad7193ee2004a9091d71a65a2f9b8abbd94ab3197c

SHA512
e3115baa1cd0b551c0a7660a827e7801181dd4a4cee16fc9af50190fab1f6be39abfe030c9c599cef8bd29b2bee4d1d038fa343fe717d832e26ce417ec8e5ae5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
a86f2a56551ff80e6c9ba2d02ca48272

SHA1
f2343b9ea2d98e8ec3f07b0a6a06f5060a111671

SHA256
7f38f86e25378cbb95244f4cd7040ba37d35eb5d4c45f1d4c7497d4449137950

SHA512
283fda893449b8c6db3dc09a366ea5170f92184ce74fbecb751baf296dff9df8ee7254bb783b9a24551fa991a05d121c0f2078273ce7aae61d26a245304b3d42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
92e15175dd4eee9f376ac765c4ecd789

SHA1
d875f4eabf8733ff29888fda4cfead0763079509

SHA256
fdb5832b0ef09853f627ac8cde19d15319e575d78f354444e7776f85c025930a

SHA512
c16c5e34f492aea3165313cbecd65b2e9b44524b0361b3bda4a0c8bdf58b6493cf4d231a55f690cb150a907276f6cca3536427a412e80b3f0a57feb1298a7ffc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
a421d86cf5f06f859fcf0ae8e3ce81f6

SHA1
b87aca55cf034aab757f516d4d7469d3eb872d95

SHA256
cfaa21cb338b3240c9e3283f9e5e58aef74d926f323ea90ab2bc2a90cd4ac9dd

SHA512
bea8a33d5b344eeaffcd6010c339c84b98dffcb2736cda7d1a28c97821f034868bd7607f215258be637313cfb2ceb3a7acf6653d38d9323fbe1a1618c1e65c37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
f3d154ad0310ca8ebf85bf68fa685bbc

SHA1
88ebb60ad1fe7061a951d702043805ca64e85eca

SHA256
dd5044ec69d1a6a88f6516f7b59d766afedb256245e4280044f90f899ba7a2b4

SHA512
54fbbe9a4f17b91d0bfe5cfe56a5ab60ec71740cb8bbb714dc5eecdbd6219a2a4d0082450fa87e07093e29f4a46b9cd0f78b77f63090727dca0087ac3bdc16f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
1f0f71eb1614736397325f1349087d78

SHA1
08b058431dd8ec4ee727aad855e9192c875d491c

SHA256
be0697249275da99dda27a24a797bc56558d2330c5602df85ced5c783fbed1d4

SHA512
22dca1f8eb2c82db94a96b2cd4a6ce45698e63aa0d6e53e3356fbebe559b1d466795e9a60cea9dd81d4096b0ccc83979a461d91c7fe76bdac039565f8183a38a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
faff23ec59e3ce2536778b124b3dbdfa

SHA1
874531124ecdeb3bf88c224633afa4a1571c5252

SHA256
1d4c45a00886195a4373e2d4e274f29eae015c91dd356742c5268007f4240623

SHA512
58a7fe2229b843996407af56746dd58c8a4662f77d7e61782e370b3914375cf9f420c8b6d432959b64d7804e8fef6e813cf2308db38461016807edd85e702e4f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
2e0410d9b96998ac2b07e728dd22b049

SHA1
644d35e47e64cdf4f634dea59ffdcd8ba9aa9937

SHA256
47c503af0b94bca192ded4c24a0c8bfe327a9b4d69e1a4c5d8665d4b88ef2561

SHA512
3d57a6bcdb5a6bcbc53dfb87e406ac5d87bfb945e6ac3ef43c5258ba8d964ed3e49b82b8552ecd3fdf6364ce6f2b15c94c17711dec5ea791f52cde8711b937e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
21245261e11f2052cb1bd9e9c89d3e94

SHA1
0e6783cc73447e41afcb4898a6d27892e44d6799

SHA256
7dd9989ee69851d9ff4d427e8bd37ad42e3277f2fbd9fc0d88e31c146bee7284

SHA512
886fcd9bcc4b1a5b77d067a848718c8cc3cd262b01546c76d8f229ec63613208724a659c3d1fa56f11cf20ff582c29d5ebad04223a3501259b54cc97cc35f96d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
cbaf9b0e573559ab414a2430d1fe8ef1

SHA1
48d23a77767097df8fbf6a6df4e0cf40062db2a4

SHA256
5bcfe23ce827da707feec1aa5e329b8eddb5fdc0867d5c7db78f3838278805cf

SHA512
4a1e70b71a7290a23af0f3940bf1e37be80c2124361cad7089bc146dcf47a6618fb896aa264630386f78be25915f37bfb5bc7c7ffd371a9f77460b49d4aaa762

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
4a7ad1d4a606019816b3dd5df5e1f156

SHA1
a1a2546ddec88c3ad907285ce2400f0f3b246a36

SHA256
0c6bfb92084b5c698fe2ca34def9236aa6ca7fc8903888bd3be7f909bbbef25d

SHA512
222fd64365ce27ff45689153222e89d1b0c2c18332deb7edf07e7acdd84f4471f8c209ad9ed50b85544c5d42c6e0e3dfa6c22a4d38825de9e3af08a2ccd97708

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8393a0a4e9b479677cd867ac9d6278a4

SHA1
667e8718bb4558a4a47467b7741556dc68b4f10c

SHA256
e056450dad87fb29c5303a9915a0e0296d443930f5a39ea43e742ec0ae7f20bd

SHA512
5e5613b1c812bb1de573bb7f4e0346d8faf5bb911f5061246a4a22b1f3377301b53cf194cd3ee9199a9f5738778bdce4c1bd54207b1f1802e9d28621ab6e351c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
a8c95105b50829db88582163444efbe5

SHA1
8b3293e98797bc7da5669866cfb654c37c89ed78

SHA256
c98b11518d72d645d8bffe022d184861819b3465642c70d3370fe93c1119b68f

SHA512
3fcdceb052e71ccd2750eeaba058f2d7db09570312fc583624cd2a0aa0bf3a325daa618b35a618d18242cc609019f600774baa070cdaf4a2afbbeb8c128050df

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
f73152fb5d563908370b424cbe01a154

SHA1
7416f3b92825352cfbf12af4c5ec2e183b684640

SHA256
6d8ff639d40f4e023496326da2479716791f719bcd4560b0aa51f9433c8d859f

SHA512
dcf7b879d4eae7d9515b0dfb3646c427c21934f69c55d69fd039cfb64256b85340445b4272886ff79c914544517273d26f3516cac6f3993499f24906e8aae8f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
7a9c545a0a1a264a563169c56a963825

SHA1
b457eb809a4fcd339151757979b2fab0b6cdd0c1

SHA256
1176d12d5acff97b8f936122f07af9852e325243de3ca73796daf9537b3fbbf5

SHA512
3fc3f62a1325fb2574114824955073c769b54e6a858c86db12f99bf4bf1eb8de407b6ec503cf8f627054ff1d20a453100ea22b146ac22ceb4be38f62e9c328a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c62dd1ee73ed4a9cf67dfeef856b1665

SHA1
c64d2be3856484ea4aded7053fe240fdfb15d5ec

SHA256
f17b75e47612b3e468a35f17b71d041b027caa2fd77948e5366a332770b992fb

SHA512
7bfef2f71e33a982a869c294bddf3e10a2adea59bd5986b6f6e508ecd104b4e3893e70b87af5b1f4eabbcb5da904128113356a10fad4c3fd651cd2e47583f64a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
c7e55ba2966418b261421daa363ec6a4

SHA1
6faca3cc4c37fc02587e821f9300fa79a9c411a1

SHA256
8111eb30a49b0d66c3d8797eb6efa388599133dd60ebd20e803c1831301bdd9e

SHA512
2fad1af4895527d80d45a0ea618ce6acf5e477de77b0f4df5b084670b22873d87322213b0f5859071b0a38d1c63d89a1d39f312ee80d91a87a762845acc1ee8a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
51eb0f85dd5384b1fb3f7ee3d49fbdba

SHA1
794bb80c85106a02199769faa19e7265daf3c02a

SHA256
6a1e730a45bfb8a5315afb103703d3ff9c41572b0fddad1812a6541b574398ca

SHA512
0565c2cdda82ee098c1a12d6c4b27bc0d9ef0ab5bf96da27f9f7eac6a0132d570d9d1e32580e5495657ac8a501f68b5f7120b281c12cc3fed93dbbe058b0ac56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
ea3e2b2fe073eb98d57b4c992ad1e1db

SHA1
fe1396f8a5604d51dd9bd1833c78a05aebcac3f6

SHA256
14748517a4ff9945ce821cd48b52d64ec353eba2b8df4f23b8a1a90573b19d3a

SHA512
a72a2eada39858a9dc6759b1c25256a998dcc87fa548b5fe323b3d5b4558b9dbaa863827e29e492cf1ebda30ee96929f2a32f5fd2f596f4e2fbaa33de111b7a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
80ae56c1c0321934b7d96e5b103a8659

SHA1
ee9863ab6ffdb179427851cccdf326ab224bb004

SHA256
ce291e21f184b9d833e56c615b73be2bbba775987b9da8f40399b3b7ad9d5287

SHA512
9045ca94d65f1511202ee02f52790b49887a6978322256507d40a2a3fb95edac57a91160b2bb0105f83eb39895b6083ebc9054fa94afad5c86c4553c22c0749a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
f6deba46a6ee863c8fcef1044b41e724

SHA1
c278595d080d6a70593ace5d8d87e980e9fcc01b

SHA256
e1314dd239acdba5fecb1c6c3bbcd8a14b32f509e0fff5cb54970fc3a4997c44

SHA512
490c24283e6c64d87370d03c0a62e93814b262a1d43ae90d0a40b20b6331882be72b620a58a563f53918904d1f1e2734c6aa070a1c5b9666cd5aff81f603f0c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
c1aab1e8b7fff650830a5864c35f1be1

SHA1
b698b585b245932a2179d5754ee365f83d1a2298

SHA256
71da16b7c84ff690e725fd7ecff73dc2fbd5c51768e791c88b9b625893bf689e

SHA512
e9413259807bc8a24ea2ad3297bd3ebaa8c001202ffc7df7d83875541c6119b4a6e8d8878d622f7b69d6f0c7be25a091ad5c7e812a772cc4ae3fd2e869704102

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
693190f3b0d69fadd726907b48a49767

SHA1
3c6cdb35a3b5280b95617486d1fe42afc3dd67d7

SHA256
6f720c2e800d0aceea87782314ab1d94e2aeef40092f87e9381055f0df09f963

SHA512
0d1ec57a75871b92db7b718e14bf354b4e9049fa9010b1a9953b934c9d4d1d2038420eee186710506aaf4d8296c87ea3aa736d2537a733fcff306579c5e69f0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
572c0494170e68e2534cadba3ee5748b

SHA1
1f78f64a358bf16268be44cd3130510874be5d29

SHA256
557718a5fe97196e47872acbc691f71c4a04c13e3224191a07859008eec60f60

SHA512
07ec83ea060302fb893c7a15ad4d6827db640f2cef88d4ca573c03d73af2ffbf7a0fdb1495eccc6ca260312d757fcf7f711a18654b3db3df2d9af56ee414663d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2092a723084085c3ff977bdd1671e673

SHA1
ebec70e3df76c7ac1cbf0557cb76569e451de4f0

SHA256
0b0f19ec6b89fa84b638084b4284bb4947f951f53409db9bdb62d3e7fe9a6f9f

SHA512
8954564716cecade86058de88623455a01522107ef7455ddef633fa7cf525a0d8f8ee18d48da858a951189a31df09791d2bd671c73c34519dcf5b3c7604e8efc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ff8729ad2e53679d71e0e7e9a1df1951

SHA1
fed12bf7ec222a1ffbecf0141d4cbbe5c4eb60aa

SHA256
288875947cbebb7a1b345c0debfda084141bd1c82a56f16f65b0ca7be7d7b94a

SHA512
1f224794ce2659e979ad5705d86d84bd8a9d64ee1ce32aef3d327a45ad453488314c6b28af1301daf4fea32af620ba02c85ae2ce57a33e8cda8e663f0216cc3c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a8592de764892fecaafdb2c61d87f3d3

SHA1
fe78b773f98115625277fe2cf863c7cc34c4b38e

SHA256
92a5167c43856f70b2088cd3632f24c02df19e896c976eaba2bd8aa37461e952

SHA512
7192d0ace8d4dffb63d15c387e5d0eaeeb207dc69019f88a2ff66259e72c3c0101e4389e05d0778eb056df4387d1f4be4c727d7698fba74d17b419ac20e5c2a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
d34e2013c335d6c74289eec8fb0fb973

SHA1
ae8f9e31fc97737654fa45af2bb5509bbede579f

SHA256
c746d08e2d36beb827d4afa331fefcd8c4a7efa3372e9ffaff0a134d69606c12

SHA512
e97873426003fdc6a951c2833a4114ec89e1fbe898ea9405173aa39e6dff3e47cbb831037e70c0d58e0e91da378c9eef26e2bcb4a2ca89e27db414004ed97c72

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.EnCiPhErEd

Filesize
42B

MD5
4ab0b8b9cdb4fa15d4644988a8a9e92b

SHA1
3e8840ccf233fe523e5b15b94f5ede534542b552

SHA256
04e568bc2ade18653b7f1aa9bad39b288d9a7e0fc5311266a49f59ae94dba8b3

SHA512
ee79ce801c28b60577ebde5d479709385c865c4f39a6c643eb0fd6cc26f3ca0ebe0ce9515398b7bf5393bcf3c29c04a0a4510ef70ca30a8f8b13cd58ee49f193

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
fa76e05c29d4713e8a39829de1d6f4fa

SHA1
5781c24b3fd8b491073c29b8d707b45b3c163768

SHA256
3f73d553d277b89a22b5538a416dbfbfc126f081bb78bc495889a1016caf60e6

SHA512
da31f5ccda047c4d0b64440619497c7218fec5e0fc2be98308a9faa574a69abe6ac08042475588665d9a6e180d9e6a1a11de2457bc0debb325acb0e96d30c66d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
21b71219effa66d896b07aca7aa3be58

SHA1
8644d327ba7c28f9a7193f2df8b2eb16fb438406

SHA256
ca2193e6e9039b91040eb33351979994f7063df27e625adcad20632846424370

SHA512
1f8a3377410e85800c2933e347e33d0f887335dbc919b7a7982da08e8b628b33b57cd72d54fce4b2f20d2fb7633ed5398bf6ce6483ada14b5523bf0269db5aec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668203261904.txt.EnCiPhErEd

Filesize
53KB

MD5
8fd0e2570bfaeb6ae43c1aa20d94ee31

SHA1
3e292e04206aeab6ce53e0f844e55923829014ea

SHA256
d35225ab6177284aeb86fc39a3e033cc616f061d4129cbe5557ed59335d5854e

SHA512
3052ae0515d8493b265419e16f4a7e4c0c9393f7a463ba527b78c9356e8532e878107b8c0ca5799fa957c4cfaf7fe8a48278211b06a197ad5e176ebda2bb5f5d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
41fe619f6f1b4eee23ccd31b044da270

SHA1
f40178f001c70da4af69f9361534a24f58808c69

SHA256
7198bc9368702c9a695b53cdb242ac2d850175c5542b751dd5441734c0fe4e49

SHA512
e3ba0b867063959c7d7f02ffa691c267dd7076a2bbdedbabdb47c687d0e1ef33a165bc5f7bfb02cd190218e35bc7699aa8971cc2bcdba612be739cf7d2e1a61e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
060f58bff657afe47b39cced1f51c782

SHA1
0fdc88843d54bc16fc83d3438dc34dd7563eb238

SHA256
9c3e825a8e9ab80d5253aff9bbb9e0cee363f5d0937f0d202f0833a3761d3cc4

SHA512
99336d36a9497b2ef68bee18626580adf79fb4c0fb3fbaac13c4f91925f7efbfeaabb418af571bf9c81e51c386c10eeff3d2a5031d20a8e531efb3ba0febd02e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3f24262ca8ddee3883f81f4c4aabdeea

SHA1
9dc0b51abc16f284d502fe9ec78a59b7337bdefd

SHA256
5c84c4d45841164c872ea0aec6b1f4b48fce4f79ae24ec5234165dc6416bb862

SHA512
74a2558a4234555ba172d9f465cddaa463bda439e24aebf76ae756369e6a9a80c93d089af7e331046967b5076ecc1d5221eb06f7ebefafc15178b3251c3e69ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
c9d0194a676209a01f1c1704fe2341e0

SHA1
fd74738b6b79e58a57892d43e866caced6486eea

SHA256
f8d6187bfd999cfa754d9dfc4c2d605fd709eb4b73f32b167fe301fbe2bb3d10

SHA512
939edd047afea6a1ac2f9b6e5a96b0e41da6e6a25a3db188de79b5fdc6a8779dfc11c46cef00925da1e886a658b96b508059966d5eaa8a87abede8ec89aa96b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
34587bc90464ecd08c3b6235929b88dc

SHA1
5528705c8982fc96eaf65c867708f25c9d7042b0

SHA256
ac80905f9ff5ebe4325db2ebd9c87f8e960cc490c3b700798942e06863551492

SHA512
2993ee10b94794031e4bd12ce801a10f34de3e9d365abf976881ddd49bd59afaed00265ae291fd8d420a7d8d0131e549591aaeab46fc5a2756a48db3c7ccbe7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
227c4f134d5bbf77cee8e0d5d2444d7a

SHA1
5b9e86ad41d936bacb5ef11ae484cdc9c43756b4

SHA256
b529300a3b34f09f2d563efe1caf105abcdac9b0d810b9b9121f93973b978b6e

SHA512
7943c6a615e0a0509a10e6d5b0d8d41d58144d27d89b4a7bdeb134952d3037703c243f89977867e871bfdd03d4ad07d49504e156a7a3433b426c77af338ae0e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
4713f1e4c9e4ee9b617ba02cf4410e92

SHA1
9ab0e1239cdddbd3e44bfc8363e1900a890152bf

SHA256
897d4fe57b1586c3b425c2c8baf13bb25188f529c9deea2871ccc4b83c86068e

SHA512
7285e0a5afbec2a1e1ba7dc6727a91c9bfe063bd3d130f8856fa8212b009b8490c74f50a891ff2280260d4df096b07df9084aeb01b380fd45700e0eada1802bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
093fa11007ceb5f2f29883ac5cc02dec

SHA1
1cf1aff3e24f4ed34f60ffd9daa9fe8299b71451

SHA256
ca1d39bc42dbf20f57d630da6e3632039279b2e8de4638e57c64f3a3bc5a106a

SHA512
d0c61b1e06394bcd080c1c7542192959dda0859c72d24ba4320a1fcef0e2cb82e5b1234146349916c5f676031b45b132f669e6e78bb900c6dce0894bdd8c6235

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
6fa802bfde2985901fcaba4a22b962c7

SHA1
cbf1cad6d2d29f4159aaa5695eb5f102601b5bc4

SHA256
d148c239edfae63deedd85081789104e6503bcdeeb6751c4fc6a2ff9df358555

SHA512
884e83bea426f120e3d1254a0a853f30e865cfd66c701b0a59f81ead453b6e7253c1bfee84527dd52c5abb2746fe746bbf77aef61858eb8ba1cb6f96ab82b438

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f4e7cce015586213ae252ccefa83d75a

SHA1
1a37487cb53826d65e85fe989ef2d2fdb40c8bba

SHA256
1252568a3c4166129871ff99464746252f5f2a1f2a10d12edbc88db077a07fed

SHA512
dadb624740ceb43e0c5775304b39b34803549c9f4928e3e9cda04842d099759a1318e84666fdb5150e8f07cbfe524ed0c3dde75e1aa7ea18075efa24897e5ec6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
15a1c4f08413f2965af8f19715eea8e8

SHA1
d6bc5d1fa3e14b47f4263e6415b29e9365f57e8d

SHA256
52108c1001d6efc54861c23b9899b5ff8c59574754dc42e27997172ae002a737

SHA512
2f77ea172aa53296ac1117c93f31559416b03fa38cdc9a10895a395dc3ae5d03610be6233f1148733d94bb25b77f4fa52d09cb87e098431291ac31f0a0c19318

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
e0b11c77c19000be6d39dff6f07320d5

SHA1
fb9088e7c3d868b1b890148157f1446575001031

SHA256
0f1835d8c27e3ffc97849391c0af80051189954d6003f5b8b394bd335b05cba8

SHA512
b34bda203a30664becb4581906f9f29767083e9c5943976b8006bbe119e474f0123e492b105fba555c83b19856708ffd43c04a24eabee670fe299d6506a7f327

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4e2247e8aad9799554d53d0f70a5a1e0

SHA1
6f645d9142af5a198d5f5cc039c7c7e3d2e981a1

SHA256
6e214c7297098dff7770143a985e65239173382ad055d24f9e02894fd2dba037

SHA512
36cb53dcd5d056f028b63aa1b762e97ab870576e4c51c135345c718e9aca99d440885357c0c8686fc2613087df84814507eecf6059652a5cfb2117d367279e40

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c510ec173c655cb54682dcd2cfaffc74

SHA1
605a0c1452b3eb7904befb43aa3d47579c9fcc86

SHA256
3a7dbc045a57af1d12dcae93a24a0022e61cf85139967bafc483627db3f6cd1c

SHA512
2fb3a9fd493f71b5da998f920baf0747257a211b0a87436ad682264dc870f1102d11b80c326d189e39e308b6be7b5ec62fdc371eacfdfb5f51a03f6ddeece0ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
0b24dd757dcda13d7074533330cf85cd

SHA1
939137735d3e552276273c49efddffbfb96ee9c0

SHA256
fe4bbde06891baf820409a01d81b347dc4edcee0f229cb1c07e6905fa37cf495

SHA512
5024500a865588e79970d11c170ccc911cfcb4e9991bb3c3b8dcffc1c5f0662c31c0233eea091a0d4c41dbca23220476f0dfaf6dfe4c6ede9074d874dd531d09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
1c37c1f663e83afeda86612658b8848a

SHA1
615fcafe2ce8059178351fe45c35e8eb150e7cbd

SHA256
ba2ada9168ae979657629fb5050e9e9aed2d4f35b46e423a755b1c0f45f0fb5b

SHA512
274f1c43ad0719d1e5f8d47af5cc5a82e26ab4a68a3bc3c62fba05e346d840d366acd2dd21263f6c54aea353c08365db2e0a58a8e89d9131643f01ef54803418

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c7ce26eb050bbc99c3dc21be2e4c1f5b

SHA1
ffe1979d12bdd334b743c05f4b47dd76ce056735

SHA256
29a975e146f28749a7dc28f134f242d546763be37984e63c9ffd3680b92738a0

SHA512
d586777c02b77199486116a0d797dc85c22b836c1b60000c0cf661e0e66d6ff877e98214c4df330a50db43bd40a85b1b5ab2f2730a0427e9634dc8e3eabcceea

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
3a354575e757be2b9915747f7ed615de

SHA1
16372e342d7f6cdab76b9d57e322c00eb8c73683

SHA256
15b828e42ecf68571e7006a347822d76f1021b37ca83885167d8577bea5cca46

SHA512
f47131bf35b3b73154d9d4056db238bd63869a9c86766c567facc51e379879afa388f5dbf42e3a89f0b832493db45f5683544e93fa35b7201e0cfed83eff149e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
57d0efa2b19aa2f238cbce9b667ecbef

SHA1
289c92824f2f4493abd20a1faf69c7cfc2b3b5fe

SHA256
386818a374c7b1d5729ee2151d954bc9e46b9d97924b4ee66855c92c9df6c54b

SHA512
872c392bd6a756a0ed5985d9a7a2f445b7851251c47253f7ba4971be8ef4542cd70ca976a10194d370368e980e92928ec516596ce38e349fa673deed3e045134

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
fe96e7175b1aad45a823cf5671721cba

SHA1
8713f76d307a13571b2c8a623896963327cd57bc

SHA256
f6a02e700bba7858118d821bb205afa303dfab29e45bd1727893c27578d146a0

SHA512
e03f7c04b28ba2a4afcd7c91e31466a523ac8c1a89d647916158600eac882e65eeafdb681d428315d100267f523a746a7512722c238ab7f10ffdecaa985fa413

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
09a6ae85c2d7df71ec78c590915e32cb

SHA1
76972c8b0c88b6cbf24e72283670438ac940e1a0

SHA256
ccbb169f05cd1c29fe3b68034351afeda3a9b4ed99bdc64505ed9247e42cf8bd

SHA512
175d0cc1aa34d60f19ee715887022b52572d261034604935ee165ee39ae3372f4d1cc9a84eb8d36f15cb95dc3128997a56883fa83f375e183c7a95661d04de08

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
5797ac0a5e6a1abfba899efbc1f052ed

SHA1
bacfae6482383834b7b182e37680c00470ab2532

SHA256
cd69d4e7171917d1f26a85041d8b6e35eb42331e078d63db6751cd16cd307c02

SHA512
05bed8601e4643b37fc975c334d233c8bed7fb34ffb7c1f1dfc2f3fbbf0ba84eb54c5edc1f4ec38ba579352d164b6981965631e9ed5634fc9ae4865b89dce972

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e86e6008232457bd7610515da783385d

SHA1
c9f237ba03ae72daeaed303021ec9c77a52f35c2

SHA256
c2ac0d7a730ef56071ce8b5bd28556dcfbd23d07be78369ada2b754d1f73486a

SHA512
b9473aa5f2cea3fbcce967ef56b13f49d6f22befab0611a3b7c4dfd041ba6c265c5da349b16951a9eb5fb27d6bc4793ccfb5220926d0873ae6c8e19f97076342

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
acffff2fc981468736703be53ae1c00c

SHA1
f0ebbe92604986aab89e319d967a104f53638c1b

SHA256
7e7b16e583f7826b703c53e5250e33c70d86c344a229eda44767218f76f8c12a

SHA512
48e084ac10ded5dff51ab8f381dc08326456ad1bf3e10a7c1634a585e3ee981f750895a65a37087f12a31213d3316d76a99b889330794f7e914a81586054fdfc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
78dce5155e34daa874fbbc9bdcd44c69

SHA1
92cb4cf796ed5c87f5e2945d9f3e6bb4d2d772b0

SHA256
d49491bd5265dc7080ae768a012d5bd0d62ab7c6152e6d9506d4911a38d5f7bd

SHA512
da8262163e683694e881b4402848bb9f36a3d549e26961efab7f22a50f2b35f87728af31f9d7d5f6eb39dda2003519ca40c7bee0e080314ce70b2251229a068c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
db96d318c213a55c84223ad1e2ac2555

SHA1
0985e2b12fcbf8ef1505529ae88f0b2b84929885

SHA256
8d7d142b40067d123a47f99641b4725bdaadd4929c8e99f0c1bd3da8a91b3424

SHA512
a249e07f32fc6500fddd722b676b1fe67c95804ae9ad0899cc192868985038f7c7f1188cf383b6e8ca591e242aad7d7a669202e05152c212d04bb4652c66d0d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
a3e8fc668dc71753bf0c22004bbbd66d

SHA1
717d34e951560889d914fd75a26d60650404431c

SHA256
c810e4becd6ca86a8ef60c5eeca44bba5b40d3b02efe4ddc49584deee698d889

SHA512
85473277a7eb50212a53d4f90bdc762efd7da05bf61639983c902799706f06009d57578259bdad0b75018b0c74d90519986389e4416415f30691eb5d9671dfeb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
4757ff7b39eb21697234b49abd3fa378

SHA1
e13f8e611d23e107cca365cb4a73bd806e1749ef

SHA256
eb6bcd8ea35112f12adb2866eb0a9a442608cea541e2abf5a6d304086907ea98

SHA512
0cd0cfb5c951771b2500723355155d926bd2fed6c0405a121c1e7c7c70427950d035aba19e787b10046c8762716be743856c8204638a060a859da12850b511d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
601893fc412e43d0194f7a686e87aded

SHA1
220f036cee134b95bc02f1d5d024486d99156798

SHA256
095eeac285ca7e24dcd00d7128348d331d351a4b1c4b554811df1aec101ee2e4

SHA512
60f0e57bad66eb743d9eea7dc58d637501eb8d78a8b88177d90f8f5253574732679d615811b1db957c4cbd2ccdd5fd7fe56798d4cdc20dc614af8e0619c50224

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a294b5b15b1d0cb221dca2b261f53bd0

SHA1
ea4e14e0f175516e423507304fea4c7adbbc2bcd

SHA256
d64e203a06343caa5559e65bf1722ad7c77e414cdeb55702b830943ef0b851d5

SHA512
6bbba3e784f1dc4cbd25df519cd9c6ca96c629b3a677c6adb1a9c5d1e4844f232a3ab29a9fa9542fdd88fceb4633c3cd6df4869188d0d07ea32ba7bc76cc6ab3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
05b95290d4542862b7bdf9ef296a2a09

SHA1
c1257cf9ea1a6e173385b1d9a8cc8c64c4e7d7f3

SHA256
3628923d77e56379e3978098dcbc18b42e0cac43bcdf463cb2d8c01191b473f0

SHA512
a024696d15b8816d0ffea752eac9c605104dde400d5ade2720bec769e62310f9fd7804634ad0ea803b6a43aab64b67ac60499e79a19a04907c333ec85dee97af

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
c6a63a6c1d109250de4b0443d42707e8

SHA1
02154960f8cd9d7067fc6610fef865750d5263b6

SHA256
cc30f9b33d4b5d25a5c0d291b0ea8d9e6ec4e63c54a3bd4d75c029b6eb135aef

SHA512
b4d6115d04cec9632ceaadb57703fecb1c7a8a77d640eb3978816dc3988d26f8c3c0d51ab4dd8a7b5c8aa6656b6b9e30b4eabb76d0002f2148afe3e4ac2fb358

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
797dd2daade0a85640f5b12c0b786a4c

SHA1
8accfe79580c71b6ee45698adfbc1fb999f829b3

SHA256
ed75f8e9aff7b42e5f158acc4211ff923485ba89f50f5ddf0009bc0a5d9ff851

SHA512
62d7f1572325773ea0a5f19e4e06097d68014b27155bff8cd7689093c0816f9743e08818dfed4905af5401fe67bd170caa3de9a8dcaecd606aff9ec0ddeea35a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
01bc3c4bfc60e2d9bf4ef1cfed214589

SHA1
ac3135666e4cea5e659b3d19823a480f3cbac68d

SHA256
c04e3addc59703aa7ad827905a42eea1d57f64592f0780890545124d478d049e

SHA512
84081dc5bd550bbd8f20b58e0812e4d0ef81a474eea90f7df9cb52e1aea2f98c7a87d3345c8ceedc49537ed44e524962505554bc78b78975ef97501555066ac9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
81b20e399a15a09f57ac3aa575bbc4f0

SHA1
49be831e057244257bd4b4d6e150657ec8eba457

SHA256
2f7449e30e8f37788c5a76acd9ff504f2a33b21841ca8aa94169c1c90bc68ad7

SHA512
949d1d0742271c394c99a6e8163f4047298b0c31178a5633b8572e01beaacefd5afc0260809c1074c056b85b96f34a90ab9711359c058cb3f61b84900ca8c1fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
20ced8e96962f21fab5fb56273a1fc27

SHA1
d647f250fc1ac8da1b4962461c641eb2e7bea6a1

SHA256
87dd7de4ce69c925559956d7f7f0d47fac5a246ca3b4ddc9077ddb5d943f88b3

SHA512
b0e782a1a7adabbeace06fc1db7c82e08bd9c71fad5d48554a4d4372a471878c1ec69e7e1463758c7dbe68dd6fee4e431eb060b2a1c94533b5bca408c0964d8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
ec48ebb21d70abcdd0d217d65a2a6c48

SHA1
2e7f1e147fbc6d38744e4d62202e333c0ed3c72f

SHA256
a1f567124800acec574f29f6f42c6fa042489dc1f1a4b4b65e618f93d6d8fe46

SHA512
b4237e241dc3d710f9f0cf45f98f786d21e55a570dbcd39fd4464fe1213deee25e58c27ee2a5e9be9f4127fd3ae6a4dd315b08de2dd7af8b5b36c6bbe24f8e45

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
1352b4217f4803a2c776ea6ce8e6985f

SHA1
b1195adbf7e354188e399ce1657f178abe1725a6

SHA256
54ee2af28597a3fd0a89446fe4df2d376c61d922bca6c0cd41b31fc9cb3880cc

SHA512
8a42fbc3d020bf5998ab1a9f5f024b857e89606e0d979f79811efd233b1e30dda8ccb0450b323b54484149c1ce86c2f2e248e793a84a0e9fb10fae3e15863bd8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
0f8c54e0b54a7e9f6c7961ec8ffad0e3

SHA1
a2fef3b77bfd17ee20eb8c85dc9f1b605aa82b10

SHA256
f788956fdcd6da5dc04f6cda4e124ed2a9b35c3367333101fb49af0a4738df55

SHA512
e22915dbb877bec9ed630b761dfd870402fa0e5a7485aaff6aa68561fa5acbf7ea28027b8ae2aab2dac6e846281c360db33c8cf1530642731dce1b0867cdbfd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
cf3bff33419c31a3bd1fb8c38a78b8ee

SHA1
3ffdb0bf4a172aa436138955b44a1c2beeee5137

SHA256
0176443b7343b9676b2a3b3148190cae80981f9662ab85f69a6048c617d14fda

SHA512
4f86ce54ac2270ed17478e1fa7b900982172bb19bf67297ab7dcfe177d35d69b78b0f1610fd439a2b70d52de2d83c7bf9840c8c43a89c43d133287c363aac2e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
c5864aff57def513c088ab83dad94c0b

SHA1
99582d36add402dc1924313f24cd783f5ed1805a

SHA256
cd89d10b83a87e499f2079b86c480b7db8e825bc21c29ff7e0ff00adf38bf223

SHA512
f9ae03e66d5f419f9be34f690f70712e07f7574c26cc3a7e4825a0d60464ec9fdecd70a550013966b46a29daf4f2525979c5e616e94a1d0e5dda141c48a0b6a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
8753e3b8b2258481ed7512f1134b2f2e

SHA1
ca0b69d95b65cea2bf696659f0b061d175d2ca4a

SHA256
4f1950e53b85d14dd16c10d013122ac256dfb4f63020afdde90e8066c4a9abe2

SHA512
b03d7258de8499a01633593fdf0046703f1a2fc6912ba8ddb9a1c01a3c74b45a9bfe38fda9da37514785b927fa5b33d13f19f523bb6639fcb76b09bae415c983

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
7c577cbaecb5bbce3896eebd432ab5aa

SHA1
85bb4e13b433d44d62d0464852e2e3eb9ef242fb

SHA256
d0f5810b84871c449a0b08f0eebebbd471729aa35a67177918162200db970d7f

SHA512
b316640f0e971d5ed4ba9627f496e3f5cb05184a8f2ef02326e6e96338665bd32b8a939b4342cb26ecb4d0b273797352da3a4943993fc9c64ad03f1285e97916

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
d32e45017799932d7ad9590fc69f5f49

SHA1
2e10f6fac1e197d6591e63178835752d92f2dcf2

SHA256
d700aaf2a17c583abe87105b025aa0dd735a5cc405bb4a2036e641477db01e01

SHA512
2047e5a5200b201eec1b6b2536aac22fce10ec48b99448f737521aa7cc5caf2361a7f9292a018d60af1d22f276bada5aecb38cfa1ce9d82ce98be6fcd34d94b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
832ac72bbb3127f60857467ac6d4a263

SHA1
3237761b0fcb4b0a2cfae0b496474c8120403841

SHA256
3f347ba2505f331fa6d44630a52f1126d2f15f517531c3a47d7dd7161472fbcc

SHA512
67f9828d64b74e2548b1a3b720ea2f52cc583ff9a928862c4cc47016e591a55a6ba38ce46026bbdff59c9b8fe1523cb79467db5a44819916709999ce67d6973b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
046737d03c910f5ed546748789a0e698

SHA1
61f6b49cbb00795090554ad573aa5124596272f8

SHA256
eb9ac7ba0f1d7a4550892e0c485eef8492c5fc9f0d4455e30720fb80364a0dd4

SHA512
2798e06bcefd1abf65e363e99a77d1648124f3c7bf3f890338a507e54968fde899ac8acf3f5083e457d296b19c30e8e5ec64692216391c0a6914bcd6e1cef570

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
1ec89cd9091ec7d649b6ef93b080ffaa

SHA1
91f736e8a84eec61527e1ab942f113a539cfe8ae

SHA256
c83f9b1af5c27fb35bfc5cddb8b5d348757e54241443c8722b73f98d9739650b

SHA512
5ea5c93e798a641c0f009b15a15c9e203fdf0aa30ce1edfbe07ef5111a86c0342f179c75d8b60c680cbc9d4133867521e9944a7f6ce4ec49aa22dfd285ccbf7d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cf70b873de290cf46cabc7327094b4bb

SHA1
9d0c7d66db8a9887a0e096b3b45c36042ad7ef88

SHA256
9dfa78d2439490e3100e1c9c2f423d731f7acdf70ecc2d1a12efb867b71ccd75

SHA512
6d6074d007a9f01ae543228ee10e879e8e27814cc507db15b9abf28aa2ec696645edb381b7eb99e618a08cc2e8534ab328346b7dec5aef25deac8412bd0db890

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
994c8a03a51b2f4de33ed429ac064f1d

SHA1
3d729da07a761de04445e5a5a7f216f6d4615670

SHA256
9af596633cd228fe99633f89d45d90fc5d87f8a7c9f972fb033a30e11701c2bb

SHA512
3771615d4740e3977e997c47d3ffcd816cda962a7e7422e180a988076bf44b287cec73bcc5a519e4a0ebe3b65083fbb5ab62266e9dcabccbbe41fa200535f120

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
7132c9ab6226d83605ebdcd4f655a747

SHA1
d63a344d931fb371dc59b273ba22789c6154af04

SHA256
38a03dcc4fc7821e76546c7bd8ee00fda09072ce27d41d96c15eb2409ca08b47

SHA512
41b7b9cc919ed8dcf052b02f906b09740ca97ad9be4b9dc7abca45e67d6a0d80c8c2249a6b0969e0b7a9f72e306d631885668ebc834842422e75757eada7ea1c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
e5ad6a7e07623766ce55214eee78c87b

SHA1
3ad58bd6c9f42d05fe45468f363f83d2ae08e99c

SHA256
520f0a323dc84913ac91644b778281beb59642fc3479e838b4a35f61654c7727

SHA512
636b1bca7c5d25c8b0ada6e4fdbea7d84efb9b3da8c2d585fc9509e49ea518cea5ebf15d49cac5853c7fec83acbd95ba2534e36ba5cc3a2f3d667108098b39cc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c8cfa7b8c719d886b7b9070d41b92f4e

SHA1
c7c6b8f5afb50a12dd27e3a0bd3202b8adc52622

SHA256
a44f5f06d27e744996de9885fe93d63fa98c0773f97140a1f98172c63b6f3eb3

SHA512
2af2addb80ffafded1ee2ad934192bdc66dd4bc293f912dbde730f5f3de9bfdd4fbadbc4f0d361ae35bd8262c952763d861da979c8469e5baabaf44fba39af70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
93f94863f77d00358003b452940b0612

SHA1
c02bbe998e668b2e7d77973da2a82974d7e498b0

SHA256
ee4fe8924ddbed220afe4141bfbe83061f0b7d15591efffe06373156bccdcb35

SHA512
7f74a445e13168a2e0d1c246ef334684e5ffe1950bc2816bca49307f9dd3f2f4465eecca6dc186c708db47770a4192fa0fe6c6b079fb6d9a22719f16eb6b9646

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
255cfacf86d3f934cd4e2d2a92a6131e

SHA1
205f214ce1da0272c183fcf8655185edc482d8c4

SHA256
f4ffa7081bd2649362961435813c735e60c3e502740edf8ce59feab58aabf274

SHA512
091ec752a95de35d69e925149ef2f98c082798cf22f838873ba846ad3494c34fad9ee28d20f62c52730cf9be0756ce145d330395ba56d0bcebf63439a696d62a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
3681e3db465d9d811565676ff04c894c

SHA1
34c6e5304b4c99b60c122f5e7dd73897b4cf21cb

SHA256
8774abc1c30f1086fe11d692cddefc7a483b2d4e27005f90e44363d6bcc33d5c

SHA512
1b292dd80a59bd227329ebb226e43aa2d18e48fdb9713548123d6b672f1b3c774fd78c3af352952441cb47a060eeb451647bca3f9f9a5376752e596be6c195e1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
639426d367cafb9c0351dec0ec7624b2

SHA1
8eb2d7837d4608aa6bdff6ecade9f9621189f880

SHA256
7d9ba277f8c9927edfd8c8a4b79a977905fe18ceb71e56d479e6ea0c2b82fd1e

SHA512
db91fec61314152e0dc25550d6ff72bf8cd894076e01c5eb3e9c0366aa5a4f485a1aa3735c92630a90e008300827a950f4d6e7fd8476a593628661bf375e0fac

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
0bdbe9f030c7e251e5a496bc9434b54d

SHA1
a1102c10e0c1161ad4b7d1e159489d15098b713b

SHA256
55cf946c4fd975a3b9cfcaf23149700bcc9f19fd09c6a46cc8ccb2be2c1194e2

SHA512
995f0afc72d71e41b787e3ecd9d15790f2dee5fb2c40b9a76fa8494e53ab39f796d6658920f84de179d4ca824b6996e41d12ee71ba5161eba905c51b5962dcd7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
cc744de7b022394a1ee260f418fa2e27

SHA1
b8c8c4270711234b16e49beaec59809cebb11d9e

SHA256
d0fd93d78b7ddfded24d8b6e8911e0d6ad485f5b9d5610df2b68ccf247e8d4c1

SHA512
beac90c908b10cde7eb01b3b8fc2679f8b513ce48cabdb0ef7180171cbc5cfe308ce4e37e3af527c1cd8298941d853df2a0090bb6675d51efe2f2058bb5571a4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
7138e371d80783fa96deb23545d7d17f

SHA1
d50d6c039f599d6f346951913f9435453f7fd6e7

SHA256
bd1b7bd34b9e41fda80f1e6183e34d8de2e38324c298fa222338e3772225f6d9

SHA512
85ebee5b51486059934cf648e0c3e47d32c90dcde23a0cfff980735e2e1f97a4f7a4e815f538e504cfbcf98a300487c3fa805463a0bde58c0c9f54902cbb342b

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
fb94160545e68c0d6a0f01846f8aa2f7

SHA1
38bd297d39acfdcdac2dff1a2f447b9c10734f40

SHA256
a1896cef9d5e72e63cf669af22aa0c44f3bcdf11e6da3dcb06a65ec3f1cbc22b

SHA512
2e227e9c6520b74a18535d023c283d277331ade4bc19445d4cfffccdb804e4d1dea4d808fab60750b2566d0f8534efeb26b3de8a04f433471a04e5e8b9b8aeac

Download Submit
memory/808-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-6482-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-10905-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-11028-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-6481-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-11333-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-11338-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/808-11339-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads