xorist | 0c0ff95514551f553178466a65b8ddbd23455bd2d275b35fb66004b124bf1280

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Size

7KB
MD5

fa9b0ea2a95994db670cbc48ad8950f0
SHA1

7e3f8508ec67f803cd1f9e15bc8c8c279b21f390
SHA256

0c0ff95514551f553178466a65b8ddbd23455bd2d275b35fb66004b124bf1280
SHA512

481ec204b6bf790dc6b712538927fb4c630a9363b1b989cbbdcc0e6c19ed6cf6f4fa097d6e897c14814762775591746e7522b81660d0c33607843f01e4a847db
SSDEEP

192:+zdrr1FG1WDCgmjPZCdIDFSxKgV9JaMUA:+prr1gkDCgShp7gV90MB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4676-5347-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-5351-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-9793-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-10798-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-11165-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-11196-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-11201-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4676-11202-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe"	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wceusbs.inf_amd64_1ba398d9da634d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_6360d736a6f64e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pnpxinternetgatewaydevices.inf_amd64_82b90e51473d48ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpep.inf_amd64_2e156c5dc4231642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\setup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsynth3dvsc.inf_amd64_1a08a3b6cd493e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_8375a9378e7227d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4676-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-5347-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-5351-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-9793-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-10798-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-11165-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-11196-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-11201-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4676-11202-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-16.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-400.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-125.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsBadgeLogo.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Fur.jpg	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-140.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-200.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\SearchEmail.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileSmallSquare.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\15.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-125.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-24_altform-unplated.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-125_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-white_scale-125.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-125_contrast-white.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-200.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\172.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\LargeTile.scale-200.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\file_icons.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-60_altform-unplated_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\uz-Latn-UZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-125.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-100_contrast-white.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-unplated.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_altform-unplated_contrast-black.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\SmallTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-400.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-lightunplated.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomSetupDisambig_DeskScale.jpg	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxMediumTile.scale-400.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-white.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.altform-unplated.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0c09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.746_none_50bbaff9fead3fc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\previewTabIcon.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_nb-no_862dd322fb07020b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appwiz_31bf3856ad364e35_10.0.19041.746_none_e9bf834985b56b0a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..eexplorer.appxsetup_31bf3856ad364e35_10.0.19041.1_none_44f101066df07ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..yphenation.binaries_31bf3856ad364e35_10.0.19041.1_none_0ca775d63799757e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..ne-dsmgmt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7800bb080e70b2ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-32_contrast-white.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershell.commands.utility_31bf3856ad364e35_10.0.19041.804_none_6d5737ac26c17a81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dataclen_31bf3856ad364e35_10.0.19041.1_none_b6ebed4767340264\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..atson-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aa975c3d2829d813\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-cryptngc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1131de8bb2fd5de7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..lers-maps.resources_31bf3856ad364e35_10.0.19041.1_en-us_07bfca500cebcbcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-isoburn.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_54c9cb784a579539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-wmpeffects_31bf3856ad364e35_10.0.19041.1266_none_6e13bacd44a30951\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx35linq-system.core_31bf3856ad364e35_10.0.19041.1_none_154b9fce2e2ed392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-powershell-windows_31bf3856ad364e35_10.0.19041.964_none_99f2a7ff7df51d85\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Deployment.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..stack-termsrv-extra_31bf3856ad364e35_10.0.19041.262_none_f0b072cd9e9696c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_672b000908967c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicepropertymanager_31bf3856ad364e35_10.0.19041.746_none_9ae154761e6a5add\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_10.0.19041.1_de-de_0d58f8a4a709bea1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0019_31bf3856ad364e35_10.0.19041.1_none_a444f6a54f879c40\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..grityscan.resources_31bf3856ad364e35_10.0.19041.1_es-es_652d65b7c6f860cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_ar-sa_4e6481bdd604b5f0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.662_none_ab9d8e21d144461c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winsrv-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_a6c561a9bd08ff47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_ehstorpwddrv.inf_31bf3856ad364e35_10.0.19041.746_none_ab98b2f63bbc626b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..imeserver.resources_31bf3856ad364e35_10.0.19041.844_en-us_1d267af587f56b9c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000428_31bf3856ad364e35_10.0.19041.1_none_a04db681019692f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7279d4dd23c502a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_10.0.19041.1_none_31adc3294a6929da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_10.0.19041.746_none_bd7cc408a2f67fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.0.19041.1_en-us_325c76f7e26dc12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_10.0.19041.746_none_3fa22ede0412c9dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_datasvcutil_b77a5c561934e089_4.0.15805.0_none_5b1ada239e3b0505\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_presentationframework_31bf3856ad364e35_10.0.19041.1_none_d08a0804dafcd0bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client.Resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.84_none_2d21e26a18d595c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c51_31bf3856ad364e35_10.0.19041.1_none_9d61cd7d036b6723\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_061aa71fcbc02ff7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rascmdial_31bf3856ad364e35_10.0.19041.1_none_899828cff4b69c6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_f57e08b2e5fa6e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_625affb3843f1608\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_sisraid2.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_75157d32dd35ff44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-embeddedmodeclient_31bf3856ad364e35_10.0.19041.746_none_4fb34254813d8ad0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..s-display.resources_31bf3856ad364e35_10.0.19041.1_it-it_48c65e67c507c2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sud_31bf3856ad364e35_10.0.19041.1_none_5d970245fb47b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..ayingsessionmanager_31bf3856ad364e35_10.0.19041.746_none_6d98aef11474b413\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-v..d-manager-psfactory_31bf3856ad364e35_10.0.19041.1_none_300ff322703281f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.WebRequest.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hgattest-catrustlet.resources_31bf3856ad364e35_10.0.19041.1_de-de_f1be2b03c2089169\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..derninjectionbroker_31bf3856ad364e35_10.0.19041.746_none_1e15455ff63524d9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare150x150.scale-150.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-networkprofile_31bf3856ad364e35_10.0.19041.746_none_60e946790955ce95\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..rationmanagement-ui_31bf3856ad364e35_10.0.19041.153_none_4a47e47159ed1ada\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sysprep-spbcd_31bf3856ad364e35_10.0.19041.1237_none_918aca913a4eeec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-100.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_10.0.19041.746_none_f94e98ddb29e2541\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.messaging.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_85f04a882a620954\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars46.contrast-white_scale-200.png	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD\ = "CDYFHILIYTPKOAP"	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\ = "CRYPTED!"	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe"	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CrIpTeD	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2Ob0pY00oQ009gJ.exe,0"	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDYFHILIYTPKOAP\shell\open	fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa9b0ea2a95994db670cbc48ad8950f0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
61eae5da0a9b4e3a7261ade8fa32cc9d

SHA1
512592259b2d7c081c9d707f9cbb53c16b95f088

SHA256
5ba03633ba28d23c5139a47667a04be91d62ff4851c15af211b6f74e973d3131

SHA512
6bab71a098d24468e3be934d3889cdd14e1bf6d18184391c02c2e9ced0cdce066cc5c05e5027a921d2dc9aa983f679a982379de1c187cb7f6b26aacb181e225a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
0395bf57459e7c48c9c845ffeb0ad8c5

SHA1
1f9fad46dc80fce262b00d52156b47fa5eabc59d

SHA256
12aa9d94e5fa54baddf0ad84877e943b3a2a9caaea6218428534b4fcae44f808

SHA512
b5c0d33513938b55a8639df5c7cd7705f8b94ccc86a333d85887350919a462ac92eb8ef14c2c474d4dcca2187b1aced855f09509fda90dbcb459b8b54d7ac3b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
5c972a89baf53c6a0738aca3273693ee

SHA1
68da582a0b88cba10dfabde3f7a9c7816d538fbb

SHA256
da6e07995d8db7d2020657ff50bc632f9256a4db59f043b5fba1a681e864760b

SHA512
bd52a26322ec5cb59ee116cbd42c334cabebaf5de6f2b6b98e9e309a1c2379da2a6779e3f6b3f7eb20393d81a520e38aa018e49a1e553c0fc79583d64a33d999

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
539d6232bcaf14b2d995bfaed8020414

SHA1
c1652c5f2f2b70f52dce595be063e5d555668012

SHA256
e577b4e6a192bb8c3a038005ccd30b81ac0cbbae6705edffcd999b3372938134

SHA512
a96e09c8521e4d01433f2f281af62426543139d40a48ec320c55d73e229e685319a0acf96c21a6652316e11770ce39c4a2111f8a6d1eb310bd5ae496551b2b30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
c025b419615fca1e503b8e54b9cff3bc

SHA1
a033ac037ff9bd6679717ff7dc3b6a85693ea9a9

SHA256
92d198ab1a042378d56b8fb7d250908647f6098d3dcf061bedc5b2f2471795b3

SHA512
636c48d27b5db1c642e1829263e420c2a0b523419fb58c0990cda34c115baf3276bc7a10f025306142ecdcbd811a41b8864b04a0ca66923ad3fe700dc22e84d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
d88794aa0039f49c999e855c3a70591f

SHA1
34ce446746ca5979062621eab2828e9b721a1a1c

SHA256
d1489e8dd68335f71e25e49870a92d2f0eaef91f749e74bbc6cf8b4f56e60edd

SHA512
b78ee115a5d61aa50f7d7e6b044357381ff30f61bd4fc8bf27189ec10f5446802b024d44bfbb58a5ff904abd83836dac27c83cdb5c20a61a3c044719642429b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8b521601050ed3c09696d6e5181c201f

SHA1
a6447609d33c39eddf71047402c8fc36dcad21a7

SHA256
1762461e932dbe705152feb7e39ee8543bcfabf0bd7272da387023afbe98b61d

SHA512
333c083284a5ed5f0491519dbf5d1e110a248f0049b0f23ed0e89b5797ea7cb5c2213c161fc746aad8ca79c9237821f21a5addfc2ac06e275de06f6deece2560

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
e3066e8675b78962ebb5ceeed97f3790

SHA1
2ce1af28fe06c5e94294309c38421d837a795e0c

SHA256
809f3b1b81b896ca344ebe02a7b25ca3a9a148a61736dd0ee49efdaf7f6439bd

SHA512
18e865909fe9c14eb47f96d8e52e9290e2420094c48bc2bd70b3786979cbf96da8edd22190e294bf0bebd4de54e73c6b462972528416713cf4f18430d507da5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3fba1bd61368e3e478627c347cdecaeb

SHA1
cb4fa1de138f151ace37f5cdce78bc257b4b23be

SHA256
d478ea6ee470e4a1ca73c7518233099c64eb3a47335fe520e486f154b2b6c029

SHA512
c60b2e0785f0827a00c813fee9d7e2437fe8653a10141f44349d5331191d2470708f2357d0d8a1727ff3a9d68d48dde32fd7db414af4711e056fca7e2327a475

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
0d3e18fdd48433ea1c8d8d5dbcbd3bf6

SHA1
2f453a9883a6e65630d03684c1b4d8ac01d3e2e9

SHA256
aa647939a1d9647d70a51945cdb7a160b69e2d077f2c5fbc7183a6ee992b3a9f

SHA512
61a503b2c47413c6d0f64dd0ac822ccc9c215c613509fbcd501d5f22295e9f799d9674b99cb90a408e6bac8e1adb7c3a563420ac1357dbf371441ddb8c2b9339

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
8f456e16dd413814ac9b9b650632bfd8

SHA1
cfa237de8c54dd3c756fb97e06a4e7cf3db74bec

SHA256
9bb38904088696408cb946caee5ba00656cf0b1d3bcdb53262a772dce7e90739

SHA512
4a68bdd42cd49955119ee62e238dd79c45c8042d8f0590ebdbed28ffd0d4440cd7f1c172fecbc6bb220b554078da250cffb33d4706e36ee08ed200d033366c52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b7ea3c61a09c4b0b50c19ade899642b9

SHA1
45ef3c57490d67a2bd11d4884ac07dcc45ebff03

SHA256
0fe559d9170bc6105a1d8ed913c98da643361515cb186838bd53583161ae4cc8

SHA512
66b87c55c98c10cc1822ff01607cae185c3773e951cf08ff3b78712ebcebaafe506e5b59059bf16c008c453eade80bcfbfab4b6821d65437e373e20ad42b55bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9f04eb4ef031dd6ade6b92c5e3abc7b9

SHA1
fd34ad4bfb6a524a7cce058e5c1cf1c3f4d36a9b

SHA256
404fd1be3d163f0857a52b211979cf0d0dba565c5cb9b45b2de7bdc80d81f8af

SHA512
20d0ed2e278ec9c98bad63d998b75ad2c26af02ac18f7e6abb8e92092cc45d3a43c5fba3dd2c0fe4695863b0f33f359d2da6c9938d61bc19bacb38bef8b42aa8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
b35c3338dc5914dae1f661a74317a641

SHA1
b5abe6cbd0b6092cbd7b5b25722c4d34d3cb8386

SHA256
429780ea9f9a66e4dcbc64b955a180680d39fddf2c975cf8c40a58be2ae6c6bd

SHA512
272722663be6225fd48809d22e06f24ce370a78cd804a9f1e70bb305ac0cc212cb3e9f017b39d62b4f221a3acdd727f3e7663e26348047e7a0172fcc664d586c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
5e5d5b895f6489ff6cbb9095abb6161f

SHA1
5016329483de3d037fd6c8e201d82496528d94ec

SHA256
120ffc3d1140cdb1b56ea1a034e622b6fb278035808708013c1b8e77621c2718

SHA512
941e329252a82a1fe22278708b1e407f929a7b6181030dab377dbff74d4b47929a39bbfc930f0161eb33f517c3dca8aea651e33fd3a1cd2b68a9a47cab452a0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
bbb1df185ebd617dae6815d0422792b0

SHA1
fca159aefc7353cee2cfc75abdb1eb8cc43aaea4

SHA256
6e2ccd127c9b350ef4a15d0c5afffb673447ddcb31b3e4d6aba54621d0b5fe8e

SHA512
5555a7dd69ee39262399c9890fdd25d0170f6d1d930be54d9f53d947e98c779b5c7f1c43fc18d57070d1e8df93f6c11736b48174b005088de069012f7c84ef66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
d3919a0e345c802206e4c99ea717b727

SHA1
c482a04aa5927d49816daf2ced47aaaece3dd1bc

SHA256
fc14d94e9be529ef676186b9dd831d3db8ceba83cf0903bff7044f4a1ecf1b00

SHA512
4cd6944493f4f2230e3b539392f7cda5a241bab3007825908fd8bd0a54f96ada05c5600a9ce1494ab7f01173da26c985fc01c3f3e1da867c087c43c6e5b2edef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
3e7220409646929fdff371bf27b77f6d

SHA1
1f3ae99389d4902a7fb2a7d1f77f7bfa36b5fd5c

SHA256
7ef70886dad33f3c8eace4fc52544e877e638a87994f27280ac391ac9f6f1e0c

SHA512
398af6da16bf49b2e80be4e7c17fa74fcc2f904d3044ab92f74e7d883f7026889e249fcb18a7c4abc5c04ad06a04ade60693204c4a2c963cc0a2251589492fbe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
637cbe0022b0f90819c6857cbf119875

SHA1
04a1736f999ebf040462a688e9821d01c3709998

SHA256
d6b8d8ef33ecf6a3bd0bd97ac76f90ccf62ca12784a9e5ac02c60e698021b6b6

SHA512
f90f1db892e4d7dfc0749e8a5262405a0b53d8455251adf2d6cedbb40ab90d6b2a6641c440c82b0e0ab885abfb2456514295c3d6cc77510d3d4fe84559fc3fb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
73e0cc42538e67719bb981c564b23c66

SHA1
d0e9b774c9670d4f06e82418ea1eeaa033e388e7

SHA256
01d43e8b120bf6cc4319f7e951ee1e411f32e179e96ec91961766a4e80eacec8

SHA512
e23a6b08e01104356b990046ef5b5c7986a720ffca1645f892e73afa4d9b2a419f6c8941d950f9d5337981c156fcc417040c8ca48cd08ac4c18c6ab88fff5dfd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
4850cbaeb2561b4a37b2848c72f4bdba

SHA1
96623b238638d2f2196d1ad8a0d829f98f605171

SHA256
52b69a27ba168bd94be2d379ad62d8baea9f63971ce1e6ae5d118c925a76f4c8

SHA512
0911a1a66311797e01f36f7ab27b9b9e9646fb67eb536d52aa57e6556df98b9abf4378745bb4d904efa51348aeee79cf34555389be4bd4e527f56d411a9d53f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
e929eb85658394bbe5ec85cb85528a02

SHA1
b9b8e182006ba9c24b73de55fbe06d4e944d89cc

SHA256
d52138c23764ed8232ead08667ebc2135e15d2181b4367c34f3e86f771cb448a

SHA512
4ef5b010f1d4ad2a277aacbcbee3508e962ce0b489fd58856ec4c200747a6d2bd239da3522325d31a3b30f2f6436d4f7b9fb5baf1c6d95e0fa62ce8fbcbab497

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
366e84642032787dd1165c98320c2b24

SHA1
580372dd8ef6d0ab3a7d8da506f865663f91bb99

SHA256
631ee2bf504d61d455a84497ed56a74d97cf23a9fbd84d158e613494ef804538

SHA512
0668ede5544fdfda0de6aafa5f90ffc1161291918f85b33b5b11a8a60f0bb442f6a407ad2d600d374739c3eebba80f7d8909f28d94a572978d7a6e389e572309

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
2aad4c88f6a4b9dbb62b48913add0997

SHA1
db24f1605f6acf89ede971d572af6f88543beed9

SHA256
11e553670525854319554d0982a7b8de5588e956c0bcac913c733ae3e65dcc23

SHA512
fe007a67956d9e2fb10dbb73ea170c9d045239c5e298c3225817696b9afa9ef5cd6191d82c4ab0d387daa936fec3ac79561361b6ce0e285a98d9e3a9793fb5b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
90ef027e36ea5466af4de90ae8d32ffc

SHA1
7128bb715556b4dbcc43416c5382c77fc7b893ed

SHA256
dafb6ffb95910e0e78bc9716ea85c304927b472b6ecba6c54c54e897ca98eca9

SHA512
d55dfd98403a63c67e65a9534832e811a377cce4777257a8fc19657f06a3267546fcc7963da0bd12c35fe29cf45d06766d6fe1666414531a2b7f7b56154818c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e1869f6ea3af812b874545c099cd7f6e

SHA1
b3bdacd824cea2f855b28166ddaecfa709255b1b

SHA256
9ed01331708c11982da0ed8cb818bc27cbe3d8f74335713bb7aabe45ef9e2733

SHA512
3fdae5e7667b62db3db1a59ec91888e40f18a75aacf49dbf93765aee0b97fd612b496ecde43e1656d71b934bfb4c3d597ce252f677f9b1446d13722d72f94491

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4ea964e9825ad4d64af07fc4c94fd533

SHA1
e4fab6089b12c613befa4f8955f232eff4ec06cc

SHA256
a5134547378ec0df59e6a908ac84a8925fa09b11ebfd96706fa03806133a74ec

SHA512
7a6da67cfd22f51bee653969f6a95fceec395bd96e2587fed56e22ece5a88832cde10640fdf06eddea418592c6f3777279a39fec39b5b160c6f708baac4c9017

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
baaf02a650f58aee46223981831801e4

SHA1
9dd24f1c10a394a378a7ea1f86f4fff132329925

SHA256
888f7182f10f08b16ca6c24035f41ecb41aff12d6a4d0fe41055ff6f1c3f145d

SHA512
7522743fd80bc2c9ead063327e0044b9a7702ca806cb7abde7667004afc9253a4bbb586f6b3623cfda59749bfb8c9515c3b4e462a4c73e5eb9ca68f9bb8053fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
eabda7ac007d6100abbd89e52f758c44

SHA1
5c0d548eb36c1b0d91b1c4dcd4408238791f0431

SHA256
05020902992e0e5c969ad367bd4e199e81c6ad4c4efd58b207c77b5dbd2ce81b

SHA512
76dbf2e2ba9d2f3c39af530a53965fc3b08c82075d9b0bfc36acec7d71c084ce2aad04c85442d1795d56fa18d505eb9092a8d519b4870e88c83a4d3e32e85edb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
2a7ccbb4b67f664305ef03f7dfcd9332

SHA1
6909e9025ec766e048b1dae005cfea44a426dfaa

SHA256
929a882b817b8ef0cd72426b738eac02522e312ecd09b55a180a44dfcab5a95c

SHA512
4fa362d1893cda10ab32b8a344575ea94a58eb515837d359441f2a5645d1c49ada19544ee164a40283220e0a0b10e17147e765b762e0d0e94cdc821393099eb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
a0e0dafeba83b4b9b814958970287809

SHA1
970715add7ab26e7d7a2a8b1faedbb07e4a74680

SHA256
fccaa8eda46f6997cf85bdc52bff169e4c3ac86fb25ddc0e34554300e4f68f52

SHA512
3f220194a6bcb7aaee1809a2f5e727cd4ca8af8d529b65dd0193f322d2101234a99d887a63c99b8892e4fa99ecbc735760b169075b72d708afb43ee57a0ba70f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
057ffd5a9135544affc335bb11f20032

SHA1
3caefd2c69644cd102a448d7a52aee4019de3d1e

SHA256
78e6358171bbda82f3a51dd9cd52feac97960b4ab8fbc2331f4baf4fdb0b04c6

SHA512
6899f0c75d4cd80bba452c2ae79a8d2cc1216bac847fd82541b2bba74df0ddbb95311971f9c5ecad1638306c6daafe89c043f738fc023b2834a1ec422cd21d73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
42e7a627c41ee54c10f8834b2b28205c

SHA1
f04fc144736a01c1b97963783163da35459510f4

SHA256
954abaa5c72a70dd53be35d16e1dad535c9477767d4cb82e172b8580d24317f1

SHA512
76ed4b33ac3a9ba8e65ed50fa5ba05814fa8f71fdaa0f81442ec04389bbc2427e28fb53dd2967a06dd5b26e12a0ca82b2bda602979ed8a0a19fd719419c5564a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
86cf2445b40142080f60d36f114115a3

SHA1
4e9ac2964f829493c7705f64596d28a0bfacf302

SHA256
d1c5f73f78ff5125651e40bce03c0f691b4141fb0a2040e7cf3c00769d11ba71

SHA512
71a56bac2bf8d797b60971c1ce5ba6db28950253ee59df1e3e994677d280c64529746f73bd8fbf190764a42722b0f4f8e7e024570726673103dce807593a60e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
7db8435a0d944a267428015ad58ba050

SHA1
6935a53b2d4acbfd9440d806ac939996200b0e62

SHA256
f814aabb5cc6b570ef158960aad25b75c3ab7085a14e5cf07b913fffcbd2f57b

SHA512
1d93d3fe605092e7dde180c4091f8284180ffdc732208fe45b04201e03c80935c4299d10c11a629128b57b010d8cb0e7c9635fcdb1c74637520f9d94e8cc7a83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
2b88d863c84859d52e5d9aab723b8860

SHA1
c0ec27b6172ebf098c816fecbc4ce23c2e55353b

SHA256
fa78a73ed3a32d4b79f413c4a9f6f6b618fc0b2b290440ac4717c39df2d32869

SHA512
9046f02fe2a7c068dbe579ae24ece26606ce3d72b8188e9b7a0818f96c8515f3595b5065b1e984b69b40002ac89e9ae9edbb609a41ea2ab5fda0c55f0fafecc7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
29d3e0f74755cfc16c463e23ebdbf35d

SHA1
6b4068b44d7deba03385122e247779611b9a5b32

SHA256
ef8d381c9f027bd5fb602d4222eb06d33a06feb97a32ffa4e8645efb13567e0a

SHA512
85ff76f65c929a9f063ef6c2f95ae1a34fb1af97e9890d107eab0110d7f4be543c08247e3c1a0a342745827ae4638a93e2d71d880f3926a44114e8dd19bf6259

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
f60b273b5f44881d21f76ff9e3803640

SHA1
a381306e4d4b8cd3c9d44de097589fc31f209e49

SHA256
ffa1d0cc2db3d9f6bf9d743945b874b6946f05cfdcae8eb6119ba382cd5a69e1

SHA512
abe508b51eb6afe4b8c0ac0292c91db64e7438079693fc865969820d94b3bb08e1c1924b8d479886ce8a260de03588426d646668926ca291d8c3b193c0598183

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
902B

MD5
49ef217a4be1764efc6de2d27431d098

SHA1
878acc2b9424c33f3eb9be4b29f0035d96cabc52

SHA256
212a56ae6b6fc3d2a283e21e4c8c3b4278c0cf62737825fa531eda9e282ad721

SHA512
7f7b9c42a1c7373749cc603a42b61e3dea8e45082dca6c5ee122ddb067b2613fb5be214a50e83713197194b94a0ca4b67dcec5b0c772fc32b2665a18f76ec697

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
be1dc028d2f035bedcce7cd8a122aea9

SHA1
3d75379e53f9d171d54397b39fb60647c909d4e7

SHA256
e7f7c475888528ab972d3cc869b1525d5357e8dc98dab7bacbe80fae6067c545

SHA512
7fa586bd16ac488d022c83ca64a1a3eba0d5b5afbdb1990c84a038112d645a5d8acd3950fea1b37c93d7824ddf9cb0e6d77c6e3a9ca2659313432a047c4614aa

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
f6a2396839158b01fa8c5c2e4072db41

SHA1
b65edfa0031b018b5b7ef055568a1d8e8de379c5

SHA256
58dd5a8cbcfc7e4357271efbdd59d5d3349f2f345be299a1e4ffbe5abf6432e8

SHA512
2bc4c64c1bb96797998ea7f14e22a01033e2536fc5fffb18e5aaf55cd98fca1ac00a1e137b58c31c3188cee30f8b4e215990098a46a74eadf8dd82b441186e8c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
f8bf46c77f093538829def1c34cc3007

SHA1
5ab2d949ebfc99c061a0d5dbd567e232f201ac25

SHA256
d4ef6d66e41df23b3f1cb4ff42b9fb466dd83cf36f6d2f26c7008410cac34a53

SHA512
6c3f8b368759c364f453a52cfd27cbdd953ec28adfffe5047ebed854be09cddc7bcac3e580e4b36702bb3be5df799e99abef7ecab1d9666a8cc5daec7224e3e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
c3c052dc0948d1a1c15667284607602d

SHA1
2bba396a1fad0227c696b910589e5a338571e7ea

SHA256
d043c458fb7ae8e345d659f70183e7ceac97bc8635eef955f199504ffcd4ebff

SHA512
ab94918904439e2b52562981431246b6460d2d2c2cd72d7ee1556411e434e3a2e2e37b4dfb8c44d93ab177f5c279f109d8a599b5a12a5755b9bbf2c603f45a96

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
e22e22db010e9f4a830df8ea2471718b

SHA1
2521b3bb7ee06ca6a3d4d6d4beb158cb95911db1

SHA256
59083415787c1a433457a0a79536018f10433c7532a5f5009d2f108fb0724228

SHA512
fa01b14426ee6f4a8b75a2df41bce160f4070f3a1c51d1292c64901b35fb87824c0cc94a28177c66a9d16e55ffeb2f3b5bc8e8c44fdfb41af51579b9620062db

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e69c423968b5c3fb39b4f55e9681d790

SHA1
22d4353bf8056993e96472b10cfe099c053fa3cf

SHA256
ff12df7416e996181bcb177ad2a63c3c3b750f3ddde360f4520783d2ab6863db

SHA512
886bdacd25404e8b3b3fa4ddc0efe6648d73ae224c68f765949d39e7f245d426088c6224a4fcd57adc11dfb878a32cc4ecff596ec2e6dd949001ceac8cf0b841

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
e27a7f8b87a412ea2ff225f22daab29a

SHA1
6d75474b0ab80ec2bfca5a41ba017277d13cec46

SHA256
5b4296f029df0ed362a241b3b9682f1318aed3aeee2f27ce8addd7cc3e138fdf

SHA512
6d7cfc254885210e7f4c82bf21c92defac7c23eecc581d876f5e6d588b64fed9b26f4397c72a6d0efffae696ed7c40e4df9b4f862b6ca881d08a72ce35030375

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
0991adc4d5f3f49ee13e910ed864a9c2

SHA1
fb8f82054193e7dd5aefd176d48a01dcf484c737

SHA256
eb2dd7d116a7a7bbbd7a9a4039649147e6bee3d72a14e2a769919eacb6a66e1b

SHA512
19bc6f65c27c40b38733ae00956a995eaf28fc54aa9d36649a3528cccef94c7592b87f29d052d1d58452b8dcbd4cfacf3df495207100cb5f39987a3af9d350b5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
076087874b435d7b475e53958eb90314

SHA1
722e1506cfe524f6311db3b639bcecc79835bfa0

SHA256
f47b7c23eb87c3d7e4f21dd47dee61d83e8c14f54c68e152808dd3f1438fd0bc

SHA512
aa9181033762d8f97f2b11c8acc2ff3a6635158e85e00354b3024b6434681ea94c2bd632f242370f6ee4789d944f35230e52e5beb23245e2c3144e7272fbc77b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
e9662fb44fe5044c4a973a54e46ebb1b

SHA1
dceb73a9a42b68d0f7521775fc1d39db77a5b68d

SHA256
8811ab69d74c987e18f517628aa68242ffe9e89b8875390e765e49e982cd7841

SHA512
e9f19e32b87561a8e0597e04c8562dee648813eb9c1eec677518239e2480641174971ec4d646422337bcc46e555afcaa97e6c939c1a88ee8f8dbc1229380efff

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
a155ef1760863c1ce7cb36900fd5d050

SHA1
6083a6f6e2814c19012c0903efd4962eb4177bc6

SHA256
fce2b3f5b9e5bfd22a2f8020c7a734bc1890fdf9c3a26c347959d2e8e29a3ca1

SHA512
143823e274773a2655e3497b04a77c0e0914e9d6c4182f4e653f210e5bb1fc67e5d048b76f4612afe4ac5c11e1da38c01242753ee33e27819e68ae486ab52dd1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
9c5a8fb435e88360d5981fb53141a251

SHA1
3ad02e6010f0ae9db9542e1341e1cab6e0577270

SHA256
310490d62f1c6b39df7f4a1e65628159e9644bd965909fdbc3501f9bb31123f6

SHA512
4e6156a591787c7b74d8903c09d08ffb04f655f8b9901bcdb355f36270a1f4ec1a04e3254f8daab87300f5100c1dd709dab0598320363c9ed00aae500922f1a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
cafdd71299cb01e319ee8125d086dcdf

SHA1
17446f7349e5552b6aaf8f8b3cbe09c3a4621e7e

SHA256
5f91f8ac30c4de825288b97838630768f18f4102640c2b802eb266d5fe4b1a3c

SHA512
7fd0150b34549e24e942d105b17bfc1f19ef089cfd82e9e555c78caf5d2a8c49567d9021f94c1c1c15edd93509f61ad10ac78496dfda3b6831a317ba053c61c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
d5689bd365c04d98802f85c3058b5da9

SHA1
8f5f2cb957fcc4a30680b75d71f4d2b415d44f80

SHA256
6f8ecd53d22b449ab91792eda99537348997086d623004facdc729c21d52847b

SHA512
6e9392ece107110f6bd59bd84f912c5ae73fb356fac23c14abec34a22b3cfca00237b6a29e2018c549bec64051d642b277b9967bb0cc7e5b776aaad8dc19d999

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
aa492e03ce2a2511dd2e819c0d1678de

SHA1
58d8dd31429bcd88c03da01fcff86a2b79d2de67

SHA256
b4ce7d6eb173047cd10f6930134a6cba816b6ff374a2fe719fec77981b564e8f

SHA512
8e5298fbf1a0d35ccac8b174fe4569af8dff22ecbb9aa017a19dcadd602d506b934dd1e37944be3f0d7ce27d6c80a615fe7f13682b3ad3965a4eb0f66a440993

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
7a501683964192dcba778472e0e02435

SHA1
d1307bc97f72e17c814a20dd6149fc735411bf37

SHA256
4608b3cb57dc1403e9a4b70b39db61b57142732b11d6ba0573c9cda180a522b2

SHA512
5eb400ce8c0886f5dd28d45335571ca86371fb52a345fc02fee5fee238ffc892c68972cc2d5d76bd1269dad47c1a88345d840a99b06c7e2e8a37a03cfb93b612

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
dfa8378adc0b6e7cec8d2c79b9c7f098

SHA1
d70d1e509c78ac7513156e6a899e1d9e005aa24c

SHA256
27d7dfc4f48bcc40827bd094597cb1197609ec0de28f257d3adc5cfbe29c4c07

SHA512
a1fc3ce036b8eb109e57e8d0380c1811d1dac1e6eb84d154975e3de156968ae666c0ed5c120ad8eb3d32b7c39791fa48022351545684b75fdaaffa131b893934

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
2cf9bc5136eacf74f7e038c3f457948f

SHA1
946455b2edd5c70b28cb216b759452ca6efe144b

SHA256
67ef0dd92f55db4413a905513abae7a79770f9481e35e5cd646646f58f30fe8b

SHA512
ce4ef8fd0407354d2316b5f20451bac41c0ef846ae15935092bf59217701bb0a2b3112a34b83a9a06f4af186aa8c2131eb22b88175b13880ba8b87015ac68c67

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
89d49618b7effdb06566aab6815b551e

SHA1
7a4a9b81287a9862ae65b18ad498394457ff6577

SHA256
7b67a499e2c8aa5ba4d2812c5bc436142ff9b9eeb674d094d22a870953abefa0

SHA512
4e97a7da7c1f77928d95739f0c9826b82b01065d506f6d2dcbd9d84eca4ecd990c706c536af42a2a559eb45fa21da3c357cb16772af8f80c07da10af5ad4788c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
9f3498b1c62a0fdf854f0a3307e73257

SHA1
1a3d9aa53482024ed1082900bf8d7dcce8944ebd

SHA256
1875170b02e54eedd1f9493563541e468e9c908f4853f77bbdc598cf899ce436

SHA512
4e7b5ce279b2ed95734811811477ba29b79fc03de91d38cd306db05530c6c958bf31d5d5c16beffa1a277e2d4d8b293b33ec4702dd1756c01affd3db1cc97671

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
83aa6dcf6b65c805d5571d125412c416

SHA1
5e1ade0d6efb347a36f509e8228cc6918907c907

SHA256
6923aded35fbff3d3ef55f4ce1d4a956530cba4a95b8498cf591f21c6a3fdc59

SHA512
ad1585c26e938d68e5f83dc0574ed9a74c7f82b44d09c0e5feb938e0b656a57496b4848fc2974b2486c9af06f250e2a0c101075e37fac96e98fef35cca65bee8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
4b83a1cde686875f5a4312d7969c5557

SHA1
164793c28e872cbdcc5ba8cf8714a75ea582c15f

SHA256
75c890e7559f93fad5b801decf81f53e192a469481d790f26a91c0336732bbde

SHA512
6e66d39222ca34462c4e2742115e2ac3551343d46a457d0a0e46d34508e37cdd5a984d3020f5728bacbf27ad92993aac7b2a5339d238fb3af6fb9d11c2da136b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
5e9361bd102ff597aa7d45fee6a0c11a

SHA1
eac6a85ce1a603ed067d716e2e8db3977af564bf

SHA256
48fa86087511918b24ba8010f0fc0c02c89e06e99c9a0d2dfdddb519537b4f4d

SHA512
f9387849bcdd2b188642b902337ac958cb9925c77c63efaffcac3d4d78eadba98310e2dd9fe5bc747b06b6e9bc96466b5f14edc2cb0b96fe56033a8bade3ddbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
07b52513ec47e40a910d1c17a9cc90ae

SHA1
f9fd9cbc4780731627326b513a6e955d040d8bef

SHA256
2fb541c94fc128cbb01f1530a12a1ddc45aca800a40155ea45a6391bea87621c

SHA512
668e794e5a99684272d92967406e756a88d22d11401854ca8c6f7059b19c478577ae8a0bf64fee72571d0779c0dbe508696ee4518f850afa594bd6e024b9dee0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
eb15af8ade385ca8fd2977e849157c4c

SHA1
b8a2422745fbde638c2475f3c967415b3831fd1c

SHA256
40b859933b6834012911b5be81aee3cf5ae318c3eb15f77182dcec341af80848

SHA512
f737ed027d23942d36b965526c52cbffaf242705fb882a9903a2b77a630c4d87a30d8e52ad045faab55bc387f66f5615ee40b07d37795d6023b4a360beb44d23

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
93c9c04cf949fd03d4f40534632b12bc

SHA1
3e5942a3e651703e0768746dc8d59feaffbba52d

SHA256
3b6b3cef8643bad952451c32205cdb3aff3031e819730545d10f55bde7e81ec2

SHA512
22b733a434d59cea1f6e5dafff0b2cbfa56b5d9ce9e37bce6d06e3008c3dfe07c9b28c0689046e1a460e8edf03cff26c05b71ce5414bdffc9596d2ae8086f74b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
3aec389e2fbb62fa93477ff5351b8a82

SHA1
c9954df2819fbc19a17bb60c6ae4d345f590a236

SHA256
0bcd4c8a2ec9d7914562f0498b21f2ae48fd1ebeb59e93438e80b394764c99e3

SHA512
9951bed7f4378a0618694c1f3a866a4b04a64486fd98179f07ab2a1d5d5b8599fe3cbb6dd76f0fd752c43cb67c777962d0a4f183c139c5649231dd12793b247b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
753418bd400ab019e3ef6fa32b2ca7a0

SHA1
4c57e0f420a19d3c9491dbe42fe08946d24f61a1

SHA256
67bc6e573fe6bf49df6004a8139a6418d853271d29eeb8068d37c39ab43ce8b3

SHA512
1b5dafa587756d4532b1d226b063c17fbe7e241e16538c8722227eae7ce19240d05843d37e9b95a1bf0d37f3ebe3e038a2e74b7cca392f8a39e02bd013424914

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
16f5ca929b18d04973096435f4a439d5

SHA1
1c6c76892ccef450b06a7de057bd17bdcfc69aa0

SHA256
a9e9fcb20143bd5064c34595ec6fbae0ba3a59084da2f442fe72f67daae068ef

SHA512
a105a33381ec7690e2d25b5eb86055353f3ba3c147686b100a8dfd4554919d192ea3a6dba3f2a79288ea40a9cd15c786b2cc6cec093217834de8bb7aa0ebd492

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8ea6d42b18321800c7cf5d12adf73521

SHA1
08456c989850869293836b514239ea3bd2456b1d

SHA256
702b945a4156df1b5806a7c22a5deb96c071f26cb3d13ee46ef2c5734aff8adc

SHA512
e67dc7691c6ae7fc92a19f96c33e172c0f8963d9ee0e1d39db02f0a0827f2fce1f3bf5c768854f9980f3f7ce6247a1fed62dfa03c3bc6f1d56fcc4cf6881135e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
de9168fdedf82945cb2bd1133c160f9e

SHA1
ec3ec1f0c27911ac1f6e3ba8fce90ea5b84c8478

SHA256
8cc1aeee8e301c8046412a97888943abe11235d60274bbb0d6edb617353acdbf

SHA512
f0ff506429a1240b5fca402974244a339ca81bc2695b3ae597eac886d7b583ff04591b0ed733c6eb7dfd712fad1ee10afcf9c334e3a9927cc1b73def7ed1873e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
542a44168be1587acec354b02805e187

SHA1
b4861d13d35192e25c490f998d6d5ef8ffab8f19

SHA256
55fb0e84e9cc2a27bdea16387e118cf9e97106c6bfcbd8752c709a6303a36ef3

SHA512
38c22eb86951df239edb43fa1d40c46a66346c1e44326e05c17370ef7d5b1391023788964ff7cc426a1a54204b33e4c1e97047814eabbd82def2b41bf78d0735

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
5bf1b79baa48e8fcd6d70b8381c2d14e

SHA1
ca49460a97d0dae7d56d0a2b2b5ba20c4cb0072d

SHA256
0e35f3d90891619ac2b7e5315a23216f3a44eaaa21a30d5a334e3a07b7acaf45

SHA512
2f3c99876b6424627c8cba1b44a9477b139058a0787001cf994fdede7b279fed317e9cc7946af1a45a587b05f362df30bde8c61ae44fcf7bf41eee48e3129355

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
3647a1a85c4dff756ace78fcb0281236

SHA1
03fda8c6a5fca6b2db075dad4aabb22f8597153c

SHA256
8e384bef41b980c6c6d9ce4204691648aae2466647949789559cc5cb60304bff

SHA512
fecb8df05349bbe0e84c18a884ff4cc27ebdedff5f14e5bf911d9f93ea81bebf543133fdd648f4255e05bff868d259765562eef541838547ef2d09ef2da18642

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
b78be9a727ef13f70d90aaff4351995e

SHA1
f5c086bf1285f65794617efd63e8dad3063bbd84

SHA256
ed62057c4428f26c922c773af59732167c3c2c451098f0bef5e66b9b2685ac8a

SHA512
7b070ab4b7f07d80fcb0bea5bfb275faf5c67cf3510ded4d6d2832600de6484a0a67eb56c2bb7ae0b3cc06b19243fd886268c66b06f5c4822a65f0ae8e3b6f7f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e8cc1fbe062bb6cf732db76ba6a8dc63

SHA1
7e16b1cb004ad5a2b737904909b0de369706c676

SHA256
cd5ed555bbaa186cd46310e78e06f170a00217aa3d39e7b963b3599c7982495c

SHA512
1a6c901c8d6db75783073e5e2bb75e77269112cc3c1f18205844e4a4095c04bb40dc68676bb8bf2fcc1e5b08341b7160ab2463e952134af2ffddb561795f06e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1ad64dfc3c827a3bdac670f6117d900e

SHA1
94e9002ba82c959a5b514ff1ec65d8d6a19b2413

SHA256
93994901f75024cc7fc54502ff8221001f3f847ec91d3eaf68d176297cd0edf0

SHA512
2fee786356de3c6c13b5766ecf82933774bc95114f04bc58f9ca73fdbc0bce0f4529d446eaaa13a4957843ae1202b99726cbe6548a345ac4be4cb5518c4e8a64

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
598f94e46fae38a149b108b647591fa0

SHA1
433ddfcb8eef2eada3ec77ad8bd74e9fea39cb71

SHA256
d726381b9e411b164b8d8d157377d976bc9c70d03f4acbc86351138a2e571c13

SHA512
8645726ef7bd67a1f5fc4a69dd277297b2613adfb3b563c51da7097fda7d446af184c1253dc95b5dfcc5ca13c982bf1b49ee2665c867c020d8a2374c3db337bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
6e3ed5be7320cb035811ca4b838993e8

SHA1
e3cd960b3de600884b24b887ca525981b717bdbc

SHA256
242c12d70e2421de8bc457820591355205593515fd760e7197d8f7818377b657

SHA512
b977706057101ef8a707d8d71bc89c19febe1d93d07d794870ab08f214c14377250620fd7a535e886ba031470a3d4690261ae6e7c655dad39f6d8145a0dfa70a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
fe8e9ad7cf729fb4e8dfe6324e80d9b5

SHA1
86677bf7dcaf7c8391238ec764816f9ee0f0f45c

SHA256
9059897a85c39dbd1861e8a188589b53222bb3dd700e5d9a2b5bd705549cbde6

SHA512
bb0d168b3bfc71f15024643a8e9e262530e19bd30c66b8ae7cbe7b624db4ba5bc18b8e9bc70c53c2f78951febaa91c5f349c45512a12b967ce914411e83a052e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
1eb10a620fa4ade5b454dadff09a59db

SHA1
47bc241708b6ef06641ece3260e1f3d2f8d8da0a

SHA256
08ed67a546a946091265414e6a79d6a79209ba1bb082b2c1a829a49f35066310

SHA512
da2c041325e3167fb8e2e362db3edfee9d4f149cb0e2fb727b994df510190a5e728b0dbc02ad9fc9b312d0ba2d15b1b72b3a51d8d041b527f5aad9c8f433ffef

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
b12c779e88c48baab1c483b0389a2a97

SHA1
a8b98bfbb24863d498106b60bb549124fbbd2c62

SHA256
5555c6ee09bbc9b0805b5d08c32e19c7945b4ccb5813fdaa6ba0c51536813e42

SHA512
02869a17724bbbc8ac732c00509fc46a2fb45496108625fc6d2bfadef09bd0ba0cd4c86ec871095024171656a08e208ef8a6b3576cb9809881e0e61ade542929

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
dbccd272c704d9a4874d8f8f1b74920d

SHA1
6189f0c3014df32a01ee2b00808185a4d64e4765

SHA256
0e0e1394fd567126a59b72153b6ccf8c9f42cd70b8c51e4416560e4b958c3b26

SHA512
bd5d2605e4eac36f80c5b6636299ecd38a7bf74455ffaf9f0de12b765cb954e65a7bec285d634f8e5b910f31a2c81c977e0d10c5698a498f4bcf39f1221c0bec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
b48e0651f7e7b61366fe529b14a903b2

SHA1
1f51a5fca32c7f41d1acaf8ebdee43e63423ba85

SHA256
63a74387379a9bd5e49bc3bdcd143d627ee8fa78474662ef2ecd026677ceb67b

SHA512
8525f6b6aeeffbbf69801f70a650dfd787eae4307d482e4e24f50374ace2d90bd114fdb77e08ec5416cdcf770482f056e8cf0cc235bcff67043f62356e718128

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

Filesize
77KB

MD5
75807db5fb49481db86af7627c0d8fbc

SHA1
2a008f8d8817314d8eb08c456efc3523a90328f2

SHA256
50f0787803ceb8423dbb43d9cf15aededf3fc8a52d2c24cf0d4435647e454ff9

SHA512
3ba8392defc2731406329ba9b4eb4ee3995ac0267a41bc5d603673ec66e112590940bbc4804e3679b2d5718569456b28ea76f3596895b596fbf4f965de52f661

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
f95242d764c38fadf2012d63ee904b84

SHA1
2c180aedb77396e05f210bd98944285925239353

SHA256
12aa5991df1f8d9d86a756247195216b38a97f0e6054abcb5b21419a999dfa22

SHA512
b1bec91f00831902dec301c61b913c3db02c2a8e5ed60acd8c0597bdaf6b51d4de19c7dfae4bddfa189dd9b17b01d1fcd114b9d5532da275dfaaac9521b9717d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
cc62392a2fe90cee152c2afdaac16ca0

SHA1
6b627440178364c24aaf748d4e020d93db25861b

SHA256
841b94351c476064f9b2066f32f6aad8f41d6d171f6245a6aa5e8073b22afac9

SHA512
95c3d233988588e24b6477a2e5bedbb9e483d1f37faa7af4b7e4612cde40a47893fcaca04bb68ade8e1ed460735bc0eab180d7cd38891a4ba37c8b33d9837096

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
b7ae67e69714b59de1a22f99b8ced6fd

SHA1
6cb22beea9e05cf636830c0979e3a1f46276fe1e

SHA256
73d9dc5ec8206240ed49b8cbea272bc14ed51d3730ee16e081984b6d62d67f84

SHA512
601350e163e74e2b9849da328c5f20ed3573c33ac6c02e378ee97eb273c7ebd370e7789c9826e56ab479b98f52fba3d131af6f3511059edfd61b82e110a9ecb3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
95ebc438a4e487cc6461347900af0466

SHA1
5a235d1ee5d413212f03963bf462ed8602d986d0

SHA256
8a48e40968beb737b16ab4108ae4cdece9defc37ecdf8c439306e1e0e9917a91

SHA512
69fbbec2718447bd79b49ad0f179d5c545a25824fa2c12434ecfd6db1fbc01c65c01c7267bfd01f9b0aa423fa2807cbcda7ca4e6f09134f26a38708dbeee78c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
2d19236928565d01b9a1b20e9a0adbd4

SHA1
88e4d988dee7945401b62da51d79c845090d9ab1

SHA256
8820c4cd7e340dce9d3885f13f396aeff733bec68e942fca5185841079e77481

SHA512
f4133b02429cd457cf2e491f2a2ec758b178a72e2b5e153f8ff2e5413bfa48f871736789d0ff47b4c5013a160890c888c71960d2932996b882673fb91d54e876

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
bbb786b5a24fa371b09af71a083e1e6e

SHA1
553a81c3ab6f33397595345a201788fb5865e076

SHA256
17af19fa63d41d361f4d001076d7906b7761accff74c2abf20ee927b770df9d3

SHA512
31d92a83a07421e51faea225aced077e34cff2f6a9d54f9052fda08e051d2b801241d276892e0ca197b9a649641f5399674d52fdb19a32855a3e760517b38843

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
5c770c08a4f3a6aebb49fb212477eb0b

SHA1
ccd05102a660eaf331bacdbbcd7d1dab80f7d484

SHA256
fc7fb7d975fbe285d11f9110fcdfd929eea983276f4d10011a8c87402c612f2a

SHA512
3ab6b5ffd3de6681a385e14a8e0b5e45dee33c810c36884d31ee05a0f00b6ff32adba2ed0535b4963574c575e5d295553c8b3513da03dd9ec24f49e2d8d1245c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
eaf30806ad1a78f96812de54d930b6f5

SHA1
6a79ce8ae2b1acfe611611b91f522fb0af015596

SHA256
7ed54632b8dd43a684e5ea64b2ed406c17545b83e1b7e07616baa1ae636e3173

SHA512
fc428cecac111f449212d7e6b2798929a3f6a94a1e9e68c51b50c89d0684f5cbeb2ae646d103bf570b61b403f0cc46d719f5a6f6d129f44e658b3c2a84c74c4e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e7516c66ea50a66f0fafc0655b2c2a53

SHA1
5bf95db5b9b2b89f9df541e7e08e1b13de9cdf39

SHA256
85e66f44369c3671552d2524aa614b94736c1f665635733f5d0ea87152cfd111

SHA512
ad2f564dd43fdab12cb92e7a9b53a4285147d800c878d3bb432791ca4249c9c722a99e209cc8d7ae0f2d2087bc34eddd6a034dedb0da48b33281cd11a64a6380

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
14db8b707e4127a16c2bee0ae6613cec

SHA1
09c282e19916d522940131ce0230f7ed8b6ca15d

SHA256
8bccf2ed6bab6e896138c99795bb1b34283550ae7b1fb884400615065bfd76fe

SHA512
2ab863128e5e54471cc135bef93ada8b4acad9c8eb5c99bdd2257641feaa1cdeefc4d9704ee345e8e53f7468eae9caaaeaac3fffa4d624521843808e5d4a5af9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
8a2b7aa1dcb3f78d68dc47007e7c1e9f

SHA1
c19f40cdecb1d02de72d76e4e28ad5264f130462

SHA256
d2da634e6d0d0d55e81df55ca460d184fa0b0e26765691dfcbe6331da70a88db

SHA512
a974a73d6c1efa2f6e1e7013e041e358e20d89582c8f6dfaea9d3fa765dcd072d0f738e013ffb35429ee3b7f0760e0bee1a4964f61eb662b8e44378cf6faf500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
4028b4900333a1dadcb1be07470d6ffa

SHA1
38bb6c1051c1fc6caa96bee83d9fcf3db359c6e5

SHA256
fa5226ed3dcc9032f82638db376f62dbf25c238672444227c74bc1db80b490c3

SHA512
e322234bb1c43c6832e4fbe0dc6b5cffbf7d6d2f481933618031a5795040fca03936405c98e2edef3f4ef9fd2df91abb7a6a5990def55b6cb3333a4fea5c0f53

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8d7561b1ed0c1ec3da731827a4908525

SHA1
1a6f7733a912eb6f6ad6565d043405b3f6ef248c

SHA256
5236ac5db42408f5989d146b6a376ca2b51a60f514b384242a2ee910731552a4

SHA512
8b5096c43e9fce48ff4240518629d0733717d371641105743a95fb3fee8eb8d858426938c77d7392b81815d44a075a39beef5011ad4ece6c6d59563cfdaf8f41

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
75f9d66295630e128c09148d8b7e6a40

SHA1
422063e2ebbc639a23585896f818c27072da6f00

SHA256
2a7f2c91209cbfd08bbf1c6d6633203cb02cb049c23375adc7b1a98f63c9b4d7

SHA512
37cf2510c01fedca9d394a22c1ede24c7eb75da5d9029703deaf7ad709eee17478dd2eabff9c1edd876ad73361f20d4e9db2efec863ee1582c4076ac6b6b5333

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f024875bbd7f3f4b26a1310d6f01a9d0

SHA1
a71825bed22fc70a1ca44715d8ba24983ff476f6

SHA256
bc37fece17c6a209724291ea97231ca0dbe70a8d78895571775be89c4db110e6

SHA512
b2a181580ea714d9804ad2a75754703edb5fe99e7ef859cde779cebe1e405cd251c7e3c3569eeb847c91ab387620052e45cdb3be02bc7e9246688ee0ae71c772

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
9606daa754a8e9563b8f7a51b77af113

SHA1
124baa0f0b13c70214395b9b5df2d0233e556660

SHA256
c916aec122122af4ebdac136341e9bacaaae7f9ded6e108cc5659472b64dedf2

SHA512
b0cab7d5992c84d3e5bed65e225d5277d780493200963137118b46345221d99640b929305c7a86a0fd5a475c4fff961b0471ef65b51f7c60a55fb3a177899bcd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d1d477d0c373e08a45df5340f842abc1

SHA1
deb234d4ae44e261dfd30bf2d19aeb8c7d1f312b

SHA256
1fe543d8e9454a985c2a5701997997899bfbe5eeaa63e62183d87e947de4d9e7

SHA512
1265b0e8fc0accffd1e426bfdb68188888c821fa40149a7125d94b8ca9cd248c52678af91c75188b415e03d6893a981dd164cb34f003fd997668bcb0c1cb8f8e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8a49ad9aff95fcf5a4355322a7967122

SHA1
ec1773671e831c0dacd8e966c2b24747a89856a4

SHA256
a0d74e8409c01f862412cf9629b1b975e657832ffe304b69361e0d594eb9f2a1

SHA512
64ca52a741380879cf8bb3a44ac588a2b2fcdd9daeb3cc840e92619dd87dddb2e6c7d34ea15e60a4871d2a43623e5f0c43c60a6e96274ba627504ceee036beaf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
62c8d28aad17ac101e75c9ffe2ae9f4a

SHA1
008c550b9af4e27a695d9b74f60de9cafce73986

SHA256
6f7be5b5d596a61c60691cb4df79a8041222008903bf8ab49eec8d5a923668b6

SHA512
d68888be735355d09e6879c4de3bf2de72ff77a1b367185f8f30bf3b92d7c9f57a7fbaab910cd264852d541646f647bcf0a575c759f6ab25a411c8246e6eb05c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
6717dbcd7ae7feb4663af312d1706dc1

SHA1
1657d71dc96b8ba6d0db3b2d003871f095726b2c

SHA256
4ff4917b9ddd3e4bee7efd1c7989131a30ba23eea3a9b3e77cec29ef6c360994

SHA512
f2519d65cd14f05a73eddabde49006a08c4e1eed1b78e489f7e777a9071aad07a55f86d28d619699659c1a736319ed2e1e4d983f24327d4e9a2d53ff66108872

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
096c0e7ac5fed7efd8803c572c0e870c

SHA1
6d9c5e04c11dc7e6df28dd6198efb707b6fccd16

SHA256
da171459d72f7ed309af750c4f4856ff48709f9c598d0e6fb475f7b76dce0fdb

SHA512
09d6ee1e98bedb59f5b93ebc108a7645ef7cc0e9a83f91753a6d6a14ba91bf64db9839ddd38fd9f2a0ab0a105b6db38b45b6742a2bcbb9b1019d86ee0b94dcc3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
330294bcb2e3b38248429c13a2129c6d

SHA1
108deedb800df5a8f6baaf18425625fef790d160

SHA256
a62b9f636a839be3614cdbb3cb23227389cb6b1c62b1829815d8607ccf29aa2e

SHA512
9615206f1eadade472d097f107580671236533f7c79ecc5de19bd9153532e41bb9c54f33844c6db9eb28096182a946b34456c45e972e122c75714acb954dece9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
0e8b696de756b70fa73cb7c34a8350f6

SHA1
7b27717dacc0b35f2171aa3be898879930ba1d62

SHA256
8e3271961163420e567ba8dc8f5941b150b943af3a1fc39bebb2f1278619d11b

SHA512
be5bdec3968157a3cfdcd5cde17def7011041926e7c0c71720942f0c422fed6b37d6815eac4b3e9066ec249746cdf9d6a29aa9ddbce6b403b6bc894ebb5aadaf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
bc2caf5908ff5d4f22387317d751e88a

SHA1
f80ee545405288b26c4516f8f0a428e280b0db20

SHA256
9d3580ea2b23a9648c9551a8456591f5b9e8f33a45d7b5b3c99fc240619a6597

SHA512
c83cc8733c3a19a87c27711adeef93f203e9e3fcd71963879721d6c37b527819d292b050c41399ebb75eb5520a55f59c9882158dff6e8a897a667be8e55a626c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
ded9658d06db8f03d1fdc1b65be0ab11

SHA1
2edcc72560308c714ede12fc99132d9ef02e7cd5

SHA256
370a90559716369344f5e0db3c2593a6978c3635cba7405a54cc186521473952

SHA512
b68ebd3fd134136c2149e358d81fd5b5fcb097e5e0d3180493520ba807c00ad2f72be6bf84803e2af032c2ebcae5501a4b5e2d833906b9057e266fe6e69d8e29

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
d95c93fb72b6eb7b356640a01ff7c923

SHA1
949ec9b26e505f71fe1b9634ec2ea626b94a99cf

SHA256
c407ba73f987d36fc5afffaa358fba6f8be906a08646b50e8202b5cb836f0397

SHA512
fe078bd2537111d79ecede28083e176544c41d39c7fd54f4abd03abb56683f2a108d8b1dbd930c13eb8939a91a3529a83d82059317048706a42d8f59d39aa8eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
0ac6de9a317475650196a51c5e1b4f23

SHA1
650bd5db4643c4b2cba652ad88334ba29cd55c49

SHA256
0499d56a7da07da41165fd83f3e88d37b454da37ba5e24ed0fb35fd8077a89cb

SHA512
b625b446969f79d5e01b9d6f5dbe2be0d9b30fe929a66fb94618eb3e8fc7a97509730628124e788c185b167ce8c24237b10e2259c458b0e907b0c69dc0c6deea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
4e23558c30f59d8f690dcbf9a40a0ab8

SHA1
86f027274a92ee05747b5161139d435f08575d6c

SHA256
0be34216d0c0329ec2e583a3cd41cb74bf8dab9fc7f90475477c4ec34affc666

SHA512
95fddd1d2a5153d07850945068a697ef9bfe9cf0a5f66d5c9f064370b1ca2d386a9081cd1a541aa1935549f68d934f56e229331f8948844ee546564500d7baf3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
2ad50f363a201013d6b3cdedbdb0effb

SHA1
7861249eaca00adccf2f7b3f8d62236c7a409bac

SHA256
fa74129f4719627daf004acce9200bcb8f721bbad246129b8f7b337c600a334f

SHA512
15e3aa291059671985bfad7a68d97570edad712263f05c6e67b85ae23cf1eff5a2e6d3b8eef12f154a2821a0a2de25934a156bf80b8bc5d531b5fe64de59e5fe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
251fc6d21d2c0c36373a806d11e1659f

SHA1
64413c055bd05432a43725ad3316dab13fe0110e

SHA256
47c16db867b0077185bb9ee51536a517e6105de092754c0710f38bbab6e08bee

SHA512
12a9f254e0be1b89e39103482524d0f6519f28cf1085e87f21b2bf62d9c2bd025ebb20e185709b10475102cd43d1ad4b9da6a13a0f6e32d2be8fab3fa694656c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
948ee47e54c68e597b0df0aec7c537cc

SHA1
970c880a079abd45e91165e556ff98caccf41e5b

SHA256
612f76c9b05063861a699a8a0527fc954aa76602951b19e6584ba9233cae2969

SHA512
6ea53f7b537c21bb18ec40af267a918fc1fb5488f2442404a1362b3ff7e4702caae65aa48ff26a16136b3dae8fdfbd7e2dba89893264bbdbb673703694c0e5eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
b13363d9dfe842be0349ac9b33319bcd

SHA1
c04a0122a2ab7995c6ae8d416579e2901cb37461

SHA256
f41b15dee3f4c383a42087516716fdf6831cdb2c4703a31e3a8f1851ba3c63f8

SHA512
be5f451551c34312a1aa4d9464de34bd56eddf196b323754125ba554b07411a42e690f0691f4553391166d60b2363477b82295691ae1aa1606c7169e2d9bbfee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
9e76d13c394cb8f83802d4451465ff26

SHA1
bf3525dbd6feee2ce1c6ec24d6cd1662d7e6cdda

SHA256
c1e279f084aadf729fde824405c78d194f4f8bb0126fbe5aa05b2a579bfed8b6

SHA512
9e1fc7c0d359219a3f063401d784665fa860433a4435dbb7d1c830f855b538e6f0c0587e9ad1c78b5fa32c195029c797f9517ee1e363521a45b3882f7f1e5f3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
f6ab23cd41270e0ca0e0495313499f85

SHA1
c0c668f0c47b9b395a4a3534dc8ddfb1625d51ea

SHA256
ba294cc276383a194415e2f0ee045eef4c3a531a40e6672d3851b74190533cd1

SHA512
886089c7bb95fe6c30781da0be4fcc66a27c5da9961eed2eba0b77ab3bc0853d2c79d3d0326eff34859d1b82d2a34173f745aaf9945effb0050b69a025ae4053

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
ad4dae990acbfa5775e56a85987b016e

SHA1
0d3d5058305ecc2832a7209e47d0e16e1cff1ae7

SHA256
25767357a078182d6b03d7e38ce5dbda341f4842d96089510c8e7a0c91dc07df

SHA512
c20e253561553b966b36067209661bc1559251e30c78d4f7c6e6decef536bae3af1e97c6a3de3a00026b3ca843d694dd6eedca79d7cab08b090708283cdb06a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
f448a84c71be176102e08e8194b80157

SHA1
d4700983423f0f75996572ab9e364098ecb519fa

SHA256
77c138d4452cec24926dc795d4c9ac0c6f60d4e24e54d1fed9c66c0ba6ee23d1

SHA512
3814d02f10c95abc74f56f8f37e2aeb88f1541c0b7bbff482378e85b5d13f02467fde8066c364869bf623ba5972dccdf3b43340e1818627f8924a502c660fc22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
bd1f4f606b08cc2937be23679413d752

SHA1
4f82bd07ba88c8e9c259e6e974b17b3395659554

SHA256
b001cebccc4554d7217bc2d4827154ab45b4b3b88803c8c08333dab5b9885f26

SHA512
f93bd4dafb4179562c6683c4d809e8fd354718f8ec3de16378f1bccabda87d6aa915f67e45156ac59d2c24fe90d7a2612440231bb632e5a81cf81dee20073f09

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
7a7bc633acab2f32278593c37859eb22

SHA1
5b830b68b275d0b96abb0f0ef1660bbbc428348f

SHA256
76b002fcd9497f4826699b51e7bf94fb4913837aeb8cf83e9bea03ecccb062fd

SHA512
5c41c37d2df26263509f9c889e6430359100723578255f698ce82ca955b2920c6510a7af52c32d6fc6afb1ffe44b022ae320db070141179946c7656f7e94f3ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
aed6bfa13eda3465a4684f73141f6e16

SHA1
e8368ea0ba97c039c0b6aa702c1053d3dc7cd3cf

SHA256
686c237de9005b6a56609fb8602ffdd161becad41f67439f35a27acd709747b0

SHA512
e32d3c2af82348e569a249ff6fac888f702385a7e600d9e24e98547fcefea8249243499a98a05f67c40d4e946d399ae8f4a5720b28caaa525832be0368918c10

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
159fcb2684d528d7ca9d9362a84aa4fb

SHA1
047295c726fd028ac1b6c80763366ccd3204afd4

SHA256
f34e2c59e95dd317a9083b0d1d19bf3d61bc63e46993cf443cf6ec8aca6adae6

SHA512
e62b8cff817dc83e0abae20de20b25e90bfa8fbc6b079275ecf319ee5f927eda81aa433500fe1d8d38379e7df922d9b4b6ea57437afea57f830dabe3792d696f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
17d2e928339005bd097f596316062bb6

SHA1
a69b25ed14a6d115e08a4843d453eafe8009e266

SHA256
6613403191e695d205230b432c623b371b1f2e105cd9d42dfb64f57dc4ec4f0c

SHA512
350f3f1375ed35f38f499e4b0cd882796d3c1fd7a0b6613101538bf39373cfa93ce371d604d6956dcc4c9c865263985ad53dca1fdf0d47290dffb7d98072776c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
9795f1cdce48d8fa9c1404544f8e233f

SHA1
a7ee9f52656afeed9c1e5744399637bc01b939c7

SHA256
6faedd6f1d244c154bd4e6f121e1df5ddd31688468b817fe88f3abae1de5019f

SHA512
f3ebc6ddb6d86f0d581dc2d0126c11e126d01e8e0d67c2cde6cbb7d536e3cb77d2c41523975e6a6b32a9795af51685a72b843ebfcf95ccea8c3aa4bd30fd99ae

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c965bba607ec2233cb36f4c5a52f5c02

SHA1
f8fe3cb00fb435d37af05e967ad169a219a2d7bb

SHA256
be53ed1b07e928148126805fdd5ff9ba9d2ab0bdfa143ec8b90f2b5eddd6ad37

SHA512
5fdd628456f3d07b2fabdae0e16c2a4253941a57b950d691ef8ea7e5c15eda974d6caa2183c23a967d2fd412616cd049f86e446ed20696ce3ff2a1e72fbeb107

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
a5e66eff3f34fafc11fbc983bc15355d

SHA1
206bae0d903d2428ddcbb02ac081b6a448d721fa

SHA256
34829597a2fb0ca4b6c6dda5d0bb4f19bcc3fd3d6503fd77eae194cc16d96ced

SHA512
a4327ab6d129dac9063f4068b087ebe765511e9d95f5c55313892ff93f4227593897182e51a69d8e5057ae0345de5aca2d30badbc057320c9ba15029a3026733

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
55878f0db8120410363f8fc72d5c60ae

SHA1
30e7b957ad052b4cfb95ea2fa8cbd2464f73c4c5

SHA256
fc3c1377c22698c28f20eb85443d7485292c6a30271c3d5e7f353eb54a5ec26a

SHA512
e118f1986090d634b06bd3f6e40d25243d061d05b4082d2b0e5ba85b7f911647a850446e39cfe6d086b712a227bf1de4aa6f83195c112cc9091ca0a46a65a22c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.CrIpTeD

Filesize
409B

MD5
d202afeb1a2fc9f89eb1f04ba80201a4

SHA1
a6a65a7823bab6d42128b15d7b78e04940a76e90

SHA256
0c786251616901f0a43b3b0ffda1815a27178f7a476446747a2560177b94562d

SHA512
e2768830b235406df50988d57bca48a01f0457efea8a2b668fc53cdf61585cf28627b5ef935068aaf454fc634f723746e47446b115741a485265dbe70006f70c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
e165dea56cc6ca5db58815a0caf16e8a

SHA1
821fc12e529f850bb27f2fb4fe12169b1f9cf13a

SHA256
7cfd98dd23792d66d6cb4883701bd496914cb06612fa80c63ca2df21d9be25c3

SHA512
dcc1ff85b09a6474200712c7b87cf5a6ab3d0e9f147bc8ec7cd0a072ede2de9d20737900bef1b7fb882b0f8af4503fcb57a5e881af27f6746c094985399d0b8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
dcfbfd95c485c94806e9d59979463168

SHA1
7d63e5ee98c546d6cbc448fbfd68eced56b70af5

SHA256
9b375ec1f2eeec1b46a656cd06f7d8c465482d154d9072bb721ec894ed1aabe9

SHA512
9bfe77d0e7e8365f3065f09231f89317c610ad8561f19473464a3a0a10e3154b2249ab49d7c2f3a703f0c0968679df8adccafba435ddcedab1d6ac1a673ca1a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
cc70eeedbc3c22d826371c683c28923b

SHA1
e2760b728d858d1c3405d9164bb2474e39fb02f8

SHA256
f9e70d71a0bd6669f4d01fffe3e88efe0f61e50e388bdc9e9691c199de801e98

SHA512
c56438795ce91475d6dd31089e2c563888bf29d3d5e113b84ccc24f69aeb8bfddaeac4ce39d35afdbcbdaa41a1bfd88afc598852b550665c3f71edbd7027ff36

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
be53d7b86e50166f03c8e9311846660a

SHA1
67a6ec7637997f016d3c8e3f286e69e259cb3cd6

SHA256
485e3a11a02389132b89f60dd93c71129d3b844e5824b2e411bae99b30e09f71

SHA512
9c01a1a2896517de8b29ec93b3d91d274c4c2971529e539f6a02471472bf66bec126d01331ea991be361b2918cca61543efb7791be008df9f023f58e13015f6b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
e12d8a0ffe04ae04e7ce88d85c35f030

SHA1
5bea1518785c137f773ccff0ba767fd0b5eda662

SHA256
f2c15e9e546e8d4e41a5b9c73116842cf8f928cb66a72280fff975d49e6a085e

SHA512
da6b1b7330cf68cce6d41c11175219cbb39acd93353bab1733622c45ff50151f8577699b3a659d5d435ce2c3aae296e70274cfa47e4c93dddeb8f8916ab0e912

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
9fb903a8252408c4c1a3c3ade6ddd04e

SHA1
2b0c4e1b599ddc54c7a6b00c068031d2d3ab637f

SHA256
c97484dd0ac0b11880bb2a0e0fe787e18a13080752f566eba7d050620df72cb1

SHA512
30c97ee7241f268581588d1035bb15e664f476f7177f937f22709b65607ce7adf3d403daf3213748c8b49cb62e351ee56dd127e6f6566d9f7d9b2215df5e3f75

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
a0c863f79a60280d9ffddc488ac7e025

SHA1
bb22a269da365dd8db327a16326ccc6b038b2a76

SHA256
15c6f64062730b01938ce1ef91b7da957d7697268f7d2f98eec9f77f79d43306

SHA512
624cad122ec104395b2e488e28465f51cdd661babc46474dc91be390270f8f92763d5468c0a289b52df0894f7f503ea02ecb12d0953747bffc1530fa0dd92c98

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
efee1c8c248e559bc65d3d08f55e8cf3

SHA1
a1addc0a931e2432ad518fa51433aaf031d07e75

SHA256
9eaa273e653eca0430b098c93e0c34883a0126ed6815f89a80783b68c6e08340

SHA512
f4740a5c9de51fd0322b0a35ded44d8706f8b08f22b1d77d256b4014f8c779fb58d519faaeac379df4b9356186ccd82af5c04959221fa560acbf86c45a19dc8a

Download Submit
memory/4676-10798-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-9793-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-5347-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-5351-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-11165-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-11196-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-11201-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4676-11202-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads