xorist | a642995fb7ae9985298e04175c77c11392065e26078152da3d027a07cfa2a6ab

Analysis

max time kernel
93s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Size

36KB
MD5

4f823f471e3d8bf47beae025c4d46985
SHA1

107fa36e5c95af503de06a55563693a6c1ebad64
SHA256

a642995fb7ae9985298e04175c77c11392065e26078152da3d027a07cfa2a6ab
SHA512

503e6299e08fb2823d80369764e6c5ace73f15fd8db06ecebc7b4aa5394e754fb0ea340390cf1c6293c9db07b96979da06035752d949fb373b8651ac4c9337ea
SSDEEP

384:f4eSvefsbbdkJ3eVk6d72/5Y/W9hgELqNEOSMr4JtzZa6bqWk6RBzGkyw:QeSmfsa472xY/0mEGNNAtzdl3yw

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 10 IoCs

resource	yara_rule
behavioral2/memory/1872-7-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-6-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-5815-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-6581-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-6582-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-10988-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-11139-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-11416-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-11421-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/1872-11424-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2208) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\B2tDIq01UDEex3r.exe"	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp.inf_amd64_614ec8e6e63777b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhub.inf_amd64_bd91a147ab4ebf1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1408 set thread context of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1872-3-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-5-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-7-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-6-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-5815-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-6581-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-6582-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-10988-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-11139-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-11416-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-11421-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/1872-11424-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-80_altform-unplated_contrast-white.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\action_poster.jpg	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-standard\AboutBoxLogo.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Java\jre-1.8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\remixCTA_welcome.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\Unipulator.mp4	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_24x24x32.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-150.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-256.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-200.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Microsoft Office\root\Office15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-black_scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48_altform-lightunplated.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\empty.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-125_contrast-white.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\mk-MK\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageLargeTile.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-200.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-150.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jvisualvm.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-150.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.19041.1_de-de_ddeced997a11c3bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-clipboard-userservice_31bf3856ad364e35_10.0.19041.264_none_cd87c4ffc92d7585\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-coreshell_31bf3856ad364e35_10.0.19041.746_none_1fec227dba0c3d6c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.19041.1_none_9aa166e99861c2bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo71x71.scale-100.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_b5e0b6b09fdb563f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_ed4855448241f7e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_dual_monitor.inf_31bf3856ad364e35_10.0.19041.1151_none_3b3b282f3a407044\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..nt-winproviders-ibs_31bf3856ad364e35_10.0.19041.746_none_bfb4eba6b9f575a5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_10.0.19041.1_none_851573dbefae5612\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headermaximize.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_bdc8d849d2bb38a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directx-directinput_31bf3856ad364e35_10.0.19041.1_none_ddddd211df6d063d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msaatext_31bf3856ad364e35_10.0.19041.1_none_0e4767d110f87713\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-syncproviders_31bf3856ad364e35_10.0.19041.746_none_8d92fdc0c1d336bf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\v4.0_1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..t-uev-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_d84a524953f221bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-48_altform-unplated.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.264_none_ebcfd7598566d679\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..kux-rasmediamanager_31bf3856ad364e35_10.0.19041.1_none_2e8ae492dd598f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..sion-netprovisionsp_31bf3856ad364e35_10.0.19041.1_none_61947616f4ee2f61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1266_none_72c6a00123f43c47\Quick Assist.lnk	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ingshandlers-region_31bf3856ad364e35_10.0.19041.1081_none_1830f07005c2525e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_jsc.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_1830c7f301cdd85f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_56221b517ac0f8b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.906_none_f36be4be6840e032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..enter-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_212348cb06495f63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_vhdmp.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_2d0459e0227c66d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..ovider-wlidcredprov_31bf3856ad364e35_10.0.19041.746_none_dc1525e04af5ed8d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-secedit_31bf3856ad364e35_10.0.19041.1_none_6f2ce5f0857cd61a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\22.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_6f7e2100560daf0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-srumon_31bf3856ad364e35_10.0.19041.207_none_c89ea14b7b3e6331\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\WideLogo310x150.scale-400.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b951d0f9879ec306\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\404-2.htm	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\405.htm	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_8f48a1e2598394c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_netl1e64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae3a411481bf6ffb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_netnwifi.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9b80f4f8f366229f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_el-gr_e3e255688e91bf58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-taskkill_31bf3856ad364e35_10.0.19041.1_none_e5c3b6db2fced475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_10.0.19041.1_it-it_8aee78c9c9067008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\StoreLogo.scale-125.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square150x150logo.scale-150_contrast-black.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-davsyncprovider_31bf3856ad364e35_10.0.19041.746_none_b435b427a7cf8b39\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\PasswordExpiry.contrast-black_scale-100.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_10.0.19041.1151_none_ecce4565812c04d6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\needhvsi.html	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..sticstool.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_48d4f8e671462425\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_46891385c02b53d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdvr-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f5957098a81ebd7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ofile-cim.resources_31bf3856ad364e35_10.0.19041.1_it-it_41cc61488b5b73c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioningcore_31bf3856ad364e35_10.0.19041.153_none_9944531a8b9d4c4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_system.io.compression.resources_b77a5c561934e089_4.0.15805.0_it-it_f33e9638c1d4ebda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f366d6612ae30a67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\dom.html	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Splashscreen.contrast-black_scale-80.png	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_dual_prnms002.inf_31bf3856ad364e35_10.0.19041.1023_none_625c42877ea35108\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-devicepro..-provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_1fc09c0bab1495cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..changjieds-binaries_31bf3856ad364e35_10.0.19041.746_none_22f5e946b6a0c359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MJTQGYZADYSMNYB"	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\ = "CRYPTED!"	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\B2tDIq01UDEex3r.exe,0"	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\shell\open	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\B2tDIq01UDEex3r.exe"	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\DefaultIcon	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\shell\open\command	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MJTQGYZADYSMNYB\shell	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84
PID 1408 wrote to memory of 1872	1408	JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe	84

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f823f471e3d8bf47beae025c4d46985.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
697654ffa1af21d5094c496048913575

SHA1
5b5460252d03330227fa445934f335aee7aebb00

SHA256
c4e71d0f16a2cc57650ac2df210f4444d68842924fd86e87ca4ea93d52b99dab

SHA512
486a511049d22c7a83ddb2bbad214884cf7b6f7c3af93c0ad82af449bfb1897149e4f83bc620d0348665ea76bddd27abc0e6e9b84d3ec48514779d7b6d53a8d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
0e1525d0c6762051377093f9cf4ed6a4

SHA1
4012ec5722906cc2a73898bc4bc257169f27c5f8

SHA256
b0e84434101859b4da5bd0609c3af155c95405168e6e9e10f073591221ecd998

SHA512
eff2d0ef05a1f5094823693b05ec12c58bb88d76c52e70aea9df2832a622dbb185b0559bb71fecfc061670aae87b408c5c3a73086af76c97513390257fd0d854

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
d65ae65f0245352212cc58bc276feb46

SHA1
95f274ec5fc3f9d40c91b92601fcd089f1cac601

SHA256
5f471c66277ea042abe1e46d227dfb4f49cf2f6ef239844821823fca760092ea

SHA512
32cec145ae1904bdc92891e8f77f1b00e9da9bccccda27028a7c2a425e341c4ddc542085fcc1f21b4104bad2145c42dc5dd0b50d9a3bb6b331849440408057d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
ea9dc04a32bf5fe5398850cf58b3d238

SHA1
114b9422caf1ed812818f3f4f72f7b3ee6156cc5

SHA256
7c77867395b1ac7acd64ebe6efa877ac5947f56bcbf3795f24b9115484e9d07d

SHA512
a1b7da7ffe6d90af205bce9b79f1ceeab36ad745e736634188f055cbc9f8b578743c7eb16790ba8c555485442b56e5c9463f098946467675598d01d7c8afbd59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
b21f9efd87fd3042ecd083c693b3ac7c

SHA1
d150a47350ee009c1cce1e04428a054f9c5e69ed

SHA256
267fb9f12c369dfb6e137830a9e3dc417fb01efe776c8d95236c99586413747b

SHA512
933e50108ff1410d2d757a91c49bb1a693bb33de470e59e1b8cae61f05e528098fe13c6f566fcbb3a058ab39965f5cb194ef6369a8a68c3c8ae4b0632d7d6c65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
dfd25ed82dd39ae36f03f5ca617d6b7c

SHA1
42a950a644c5593f11c8734e103afd0719c48dbe

SHA256
0ee49b9107bcd36e6ecaafb55a3bd6e917126cac8e752017ee1b1526d39b8317

SHA512
d68660329379d464ce535451c4bfb5d9d9cfed8d11262040eec8d5062109a38c60b6ea4da6c1d5b637f239dfa8fe0c50f806ab66ff3e2bc1acb0c0a2b28f5390

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
c34bebe9074535f2b9d53176e2da96a1

SHA1
5352d535341c47aa86ae46c794b80d4796930557

SHA256
ffd1aff121674f17c4af4d6a08aeee6975f6df82dfe1a6a904f4d67bb34e63d6

SHA512
21587af581ddbed65cf1a46d9326f897b13fbcf8e42c781e1b205e460dcebf5a56fee59fea6e0a9ecc9746b65555338f97e28b917716eb096bdcd2a88ec9d49f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
9dd6f5215d5b4ecfb9efd379e4b7bbf5

SHA1
0e0404226cc1d2bd55ffd3cb96980e7ae852d138

SHA256
03b83f317969b06080dbcc2903f99aa6b391d8d9c346f0e6a5a3e0b85e3b8dfb

SHA512
6eac3f42f4db7673f1c41151a5a40f2e173923347f5fd42d678f6551ff8f1e651eb5b1c5a416f195479c84e65cafb8aea8c7d44ac91ca155fc46febc096064f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
85ed43fd5fa9c2762aa8f71fbfb5870e

SHA1
b61d2c48af8267b6d95b047316f87c04ca192f0c

SHA256
3a2d17c4a24cc0f89bd2d582f80fb2169fa1fbbcb7569b6dcfa1fc20ae145d8f

SHA512
00207a024d5a5f2736b4830d02b48204b6da81360dc8cd08692233487196e586d808906a08132d0d9892d4f88f49407b4fb77f281f44ce7dc1066dc0ec75a81e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
dad0766c5dc0e29b49ba76c09ebd3c2e

SHA1
203508388b595cd8b5d05e66fea15dfc2ffc0f90

SHA256
2bf549ad61fe026677eef58c991936faacc559356cfeee0509a3937b0040a189

SHA512
57411df69944493ced1d391c2b2155f1880660b0db86baeab4811261b592508672c650d1675b78ed8f02dc20fae58701b1272852c8db61bc8c3b740e48ce85ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
c4dd3816c2161a86cfd6f518a187da44

SHA1
9678f845dfd4d8cdb43344cb0142ce64dda0991b

SHA256
b3fe7d067e878db79fdea4d9fa5e63c57065eb8605f50b0ad712f4c3a93537e5

SHA512
3ea0c1c9c5f5382836706ad477d908221d153e7b65e07be6dbce493a09d3ce443c6cd8bb4cf46da75e299d8810813d874f9d401964ecc0f283db221adf9533b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
098eac32f0ba42e6b18a19c12cee6c5b

SHA1
2a084ea4e488628098f914c91943cb6415f02b97

SHA256
da7f6db4b9e1943ae42f2d536cefc38fc82b8d497858e88164352733973d76d1

SHA512
eaae30ff1e1c0a9fcc56667cf6305b47bdd4817c7452b6711615bf10f997795082cbd325cdbfcb45966a435247b5f7cf98513bed87860e6f8e2a67cd467e8c90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
023d6982b91391392f3fdfe8e6d9a15a

SHA1
03573b9b0592d7031c421d3d64edfc9a82c2f581

SHA256
9610767ed1c716d9b08f9204b6b61f062d0ab579f1b90367248e4514f3c06322

SHA512
3d7af3dbf259eb8f01d01126d85327de1995840d6299fbfc411edd02cfce8ef893ed7884f87be70f23245114b09b9b8f89e587d28d22246b6ccd1ce14bf21b78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
7736220a2619416ca9db4bb211e7ffda

SHA1
fccbd3319e2b10441c07b144e53b60345d88fdb9

SHA256
3c0386a7346ebbc871ee67f7bd6a04559861db8e98771672a42ae6f93bc678a0

SHA512
2a33f68d0cfbb91f9d52021727cbad5d929fb2b5937bb888ce2fdbcb335f3117f5197f423c665a398bc7e99881885f47dd416ccfd0a12508c3fca9deaa37d616

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
232ef4fdc1e23952970e3609589a1465

SHA1
bb59556c4ccde6cc5fa43a4573dc04af5ea0f8df

SHA256
a73b83824f701a41547710a95d92d6b3ad804b87a0650cb4d870e356d4ca6060

SHA512
e9c288447c75f39fd3d3c5a588af1cf5099ab5f6778d8ebf51e879a2a16edf359b2050823a7f2cacaea81571cd8a69b9b52c50ba68cb4030e2462e3d8d7f5973

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
3ce3d6c3fad4ad3dd756867fc74f5d26

SHA1
af9659b395127918bced7c85564888d0f3dc2873

SHA256
fe4f976f176eae49997816ee562c2f5f90090b4574db6da674c03b3d9755a7b1

SHA512
84b84e883bce1dcd8f67dfbf6669989e3f756fcd73810631fa3a966ae8b0a16b75775262b7916bd7729bbc98efd40b42b72f1b8619277138fa024b382b2a8c2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
46b460ce1710fe36fda38b4db5cf8848

SHA1
8a0c161fbfb150f99a2d2b86b114dcaa34bd1135

SHA256
d4d41cb896034bd289a39c1e086f4a66e0ed907f17047ab957e80c206a452371

SHA512
87123404a20c349bcc05018ab3195b036cba38f313f8e353c578d8762fd7cdb7f80032c3c34ac01633db0402c385ce1fb6554b85bc93a70343849fd2d5688302

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
40513e9fdeb35c07c11c20cfc6e0f0e6

SHA1
cb8dcf2fb7ef7b6f653d21a9127ff9e4f1cee3e6

SHA256
1e100795bd2263a436b909aa45a424ca926da2451ddfd296b10db281ba1f63ec

SHA512
9c71e3a7e4f27fab6a744c6f5e2a8de84167da5e2304f26e932fc6a4959a484239619ae1860427c70323fca3dfda1afb5f0e22ae7140ae7218ebe254ad85d4b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
1ca68cebc9d12083887d209798073ede

SHA1
c28306adf793df76dd5ccadf065bd1ce68c57eb1

SHA256
3750a443b9d9448ca20331259b114a1cfc757c6df1bcfa670fd85a7fbf777c5b

SHA512
1ff0c269e0716b2da263f38e9132bc3b76900035bf52e065f20765801b490527a2ac77e741081dd98a6a6f98a9570593a8b04e349ddc6e752ec7d85b2c1362b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
948ae41f6cd2201b7fe9de00f493c4f1

SHA1
234be20b563ad497ca8669b18bef65b6bca5e3d1

SHA256
e45a9880197897f0b8129937bb7807de5429e9228739f213f2a798e0bc74f634

SHA512
334afdda948d20a9a21fa4441b51d0b007a6a05cca70cb8297c3ef5d4b8d3addb23568c14e324bf1d7b30f6cf3fe648f79e752879fba283e0a7a6036568ab4ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
429b742fb7ae3b5aeb4bf5e89951688d

SHA1
886467f93859bd33a649f49a61ec0146f48bf71b

SHA256
9e3c764865e2605f37ff35e34a14175320f9044d7192f874090fba9ac014bd35

SHA512
945330eeb9d752242edfc9005d5240a9a360c3a01d414366e0b10ff80a06ff55f177f1cb923e5e6e44bef2de8e6d2f26f925391ac2a35949d390d2ea09afa485

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
8bbd6e87bf2cd122a3fd4ec19d13c78c

SHA1
f585f0734497c07659862116e6a80f6ad157652e

SHA256
f3a954a9670aa88c1773bd36df78a98d69ea6e5c7bfa3ba2654cb9681a48e3fb

SHA512
d87fa40f15d6adb05be56476b564d0708ef801f10dc0bec59a8ca4d62004ebbef2e8db164eb12842d3ba98592cbba8f202a908b29da437b99ca1eb6917e251a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a162f3c63c8831e393dc36b4e3c685d7

SHA1
93430df44d4137bf8ed77d2901fa665312578ff7

SHA256
b98cfd7401dba15a2bf3f4b7c79433fe78d98364dc78a3773e798ab20ba29555

SHA512
b98a1f1e9fa481b578c0ff60d01572feceebe27ba51205bf0f3db54a917b721b940e56d0df4db6c790e49bb00c600f539363b6b1862b3f971c99a13d0de69517

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
bb2819bb89d62fdd2a37e153cdca96c6

SHA1
771224fc634e09f2905322bed9b01f062afecda7

SHA256
58867577877a977a998dc07bca37a9e156ec17750ef65b0dfd3c2557075b3737

SHA512
e7907068d8d2006ce408aea0b63f6bd002bcc62aceafc962c714d2b17f6dbaac2b88416ae9b060c234394ad9e6360813103d353e34779ce7303924a257e13463

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
792d97ef8f2adecafbfdf506c122f853

SHA1
2c884d74a62a80ddfadd61db283ce07c98554f2a

SHA256
544923aa52c96c4c4482c08d9bdefab09615e88423baff82ea3e376aa8447c7a

SHA512
004806aa510ff76dd37d47aeaa0eda89bf5090b6c6a74d0dc05a22d14b52fb81881ed9b82d0548feeaeb99997d0514ab57cb087a1e8eb0d6ba1011014e76aa12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
c4cea59bd43eb85cebbdae989e9e9087

SHA1
9f3f47efd42aa74181520b1c2c508e241078d763

SHA256
cdfe2dafd7c7ea303da163e98f0dc3f1882ceabfd550eec94c5cc92abd9c91ca

SHA512
fd71df8b0c83b766d24e75192c2ae0916d85639867e65bc9dd1a89feb853afce43052db4f9a44e1d326ee0826f6f81ee9a4ad918e6b31e481802880c0cbc5ccb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
356d8720fc3f360c722f90a81f1733df

SHA1
4fa19962be446f97fbaeaea17fbae496dd4fd85d

SHA256
85eab84542909582a75b21b27c6e90daa2fc64256acda2b02b504ba04d300cf2

SHA512
fab6a01d81f699bf562378992ad8492d4275061d2f9da14529da2bbff350a7f496ed2ebae408c35f8114deed51108239ab4e7c97c30e22a63bd2af60d14b8a00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
ce1457cce5f795d49ce31d669545c563

SHA1
e77b76bb154eff585a6987da47243d4e653a5d66

SHA256
606f0bfbc095094c09f89c85921558a3105f371fe180ba21e7f67b9eb3559181

SHA512
7e3fac8e1e6721baae09bd4a0b56bdc21527ca1a0c70138444cd766d86666555f5712df06feb8351d527d3b30284b56e838e01e977129e9d2d1a0ebcd5baaa7b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
69f376d85a4ad1998a2dc3d6a90ac0ba

SHA1
6bb15faf47c017d8a527f3cbac15fb50402b6c9c

SHA256
2daf1d31c513d7528299437e8e06492a89b39fb9b4698aaf2fb1429ebe6bec0e

SHA512
3cc8bc613deada6dfc79978e8233fa4cff6762b45d63ba72ae23d5d82a5c8fdf2a014a91d3c11f36d1b66c17a4eb3dd85815c4b9ec77ef2fadf759a432a30661

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1d454cfc240ce4ba42df449183286ff7

SHA1
98b1c6479d82dd467076a61ad241f895f75808cf

SHA256
aaf56ffb9f50419daded53ea360e337e65c0f36a046c2517842129e034605ca3

SHA512
f6d9a62619f126b955a3a4a20bd5b1490182433791ef5421b261ae918c3a2c61de383f88dd103e98ed9cced9ad49beca0124121ef0729003ac4755d65565b3b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
e41a9986c10066e1f2e5a741b45de3ce

SHA1
86c912b5c6a5a6dd4cef0dfb169cdb94f40886c7

SHA256
5ca31d063e832e280a92b6ce5d40cb772493e19c88d6ef00a897b82a6fb7a775

SHA512
5b71cebd86ed76f808455b42147bab2f3046a99963a5c5fc5f8418eef4f3fe29264e35be37cdcd56b5e3b875a772f42a795bc924fec772c2d669154bf62a1dc6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
76bbb83bd5a7fc8eb3808bc204d835a6

SHA1
1fe76cd8dfcc1547eed14ce97328e2b946d88c18

SHA256
a0d50c23af3819004c0ee67da515f7b1ecf846037783385a339e279c99b7763e

SHA512
57ad75d39c47e0ae0f3e20ef0c8b68f81d0701b3a0465060166b0af1d463d68c260e6560ad57cec869e9a50cee64054a53a106e2ecd246e9fb4df9fd59178ec4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
1d096c740fe0026ae9a5ae7855787b1b

SHA1
2bbedce25213f328b4a14ac847347eb8245111a7

SHA256
92f90a8d505f7c70fff38f6050ba10facb521f14169acd39f5d97c8a207fd8db

SHA512
85b828ef3ef9131ec2be40a5f595f280c908e79038a461c621aa38554adc55e124253a7cf614cf8d3484a2d018adfe03b8a7bc7a92b15871a0e2038208bb0ae8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
d14c407b0eb244c38394c642c15ea406

SHA1
193ddc220572a140f2797c743d776095012e3f69

SHA256
ee795476724cde8903f817f37c7e3ca3cd232c53ba3b410d6a7bf9cb583a1b39

SHA512
a1a0038f3deb24c0486241c4333ddd1eadbe5cec83069a18879311d8d0eae481143241f30986be7b1869e30ddd1fb7fce3c9d3979c53d448b2cd52fa45f7258a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
c9759cb0ab89e35ff43bdb0e33f5fb85

SHA1
6ca143f83568baef10bade8dc415d6cdb664aafd

SHA256
e0c1024735d47b8c107ccf98d2270036952e4b2238a73d8c8724c898cdf9d964

SHA512
1fe6d725ca54f160b99c0368c70dbb8a471ddce2365fbba6b02038615c5cf4f5dcba2e942dad78d1cabfd0715d517f530b0bcf0f74435081274a3960e9647291

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
356d2b33407548895c7030e5176c08a8

SHA1
678093e34cf3d4f612b38e0474e86fa4b4148e0c

SHA256
384d586b2eb6f1baa3e5fc586426e5f517fc45b0062540dc9ac4bd556f2ab35a

SHA512
64da146951cc6f516faf21b2f868c85147907a0faaae8dd8112a6d87baa2ff6278b8b2994f767778af45b892f1daa280e59aed64ad1a9a27c6f225f0a598e56e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
1940d77351c2159f991868b78a90882d

SHA1
53b5e0858bd64ed3f814c17015c81f06f7ebad48

SHA256
02e93fd96234be3c913a1379445d4a13ee7d97383b530df21717823c2af629f1

SHA512
58492e2c77074f1c49245528bc9a072adce641e7d0f442fdf6e4385869bbc5f03bc0688784cb15d0d206a43c41ee23fbee19e0be2ce3c15e5330775ef5dad3f4

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c540c579f0c016d5cc5e6f790321d6a9

SHA1
2f0951a846cdc59acd122ced9a8bdf3c1f1c4ce5

SHA256
429127b254266cd04daccb39e88f0f9033f6edb7df695308a10b01440c7af852

SHA512
10cfd30d1d43f46c1aff07dca77f7fdf58532675223491e20461847ba61f1aa837102de707ac73ddc403a60c4ec5bdb196f418dc38964b33970a22e03d2a82bb

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
93095ff6e2ff79d4b6c92847faba3616

SHA1
a120843b8559b75b8c262230e83131ea85e7efa1

SHA256
e797e51cfe47f1864be3afffe1f54e14884659502ba9205d219491b4835c41a0

SHA512
f97a849ea9285faf3034ce2f519c4550ddac67dcf4914c7cae3ed7d82ebed324a7478bd05c48b8fea1b31338e066538e1deec7c32ece060882b27a986e605a3c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
35f6cb61f369817d5b2ae78ef1d9fabf

SHA1
b85538d9799aaf3f3b9df16a67503e69b5d40059

SHA256
9bc6870ba9d85bb67eb845fa11d47464e7ccc9fee056670b0fbdc83acab9fb94

SHA512
3942125e9e6a57233c82ea9a893a22fa61768b7d1e411c4a9046757a531509dcd1aefa794216dc6fcbaa2ff6c24e5a35e598bb88328754c308e7d03137902f02

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
b948bdffa4f958d2c06f541c68f385a8

SHA1
a33a68e5fbc8b5264216fdb12607d8b2aac73da2

SHA256
df1b27cf9f5da475ccfdf254d55e0e252ac8e91d726fd333ec6d7b1f00baf566

SHA512
953ad917171c32bf0898479c9322b058f369e4fdce38e1d60abcdb6efaa90aaba59a3514ebeb6ca88db45cad7e0bd57ba8398366db33a17cdbd27cc0e5a3fab8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
184aee613ba0972119024a0df143ef51

SHA1
60cf72239ab0c0f4d336a8f3809e911b684b3c80

SHA256
7b2823350786446be29d7ec1b5a120d6e24b2779e82b9c4826e61b2e7f6dd906

SHA512
cbb438abb22db3885a155166e99e665160f3995c1daa5106c910003db8086058f8fd787d18982253c36e93d40c3b1d2026f160453a6faa42ff7bdd6fce4da0ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
34a9829ebc05cf0906fb73574582d682

SHA1
cb9cab18211ce4ca1b0b8c0ec7990d482f85d549

SHA256
d7d7959e00baa0da37ee28d6f30e011d513b837124009712196108a851c7f824

SHA512
1d7461213eaf793dcea04e414af23437b25cdea73c58dcb516cd9c3189696524f776452d9e183889438282cff858caffadf9152f1bca8e84407941c846878391

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
4d510d9a0c33d270ef3af281c2bb5105

SHA1
61590c5f008a1bcd23d8f52439a4643ccb718b3f

SHA256
d3f16d825392187d5c64b8f907fe3d11b2c3e0eafbcbb1de4b34aecd5c96e265

SHA512
d3bac7b7f411a01c978f635d97880cc29dbe755c55d0c2631f987ded7a36a1b2fa0379ec708c3da22376fc0bd85b90ae1d0e7fd5315073cb061591ebc22ffc35

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
45d01661763c2ed14e96c7eb95eda9c7

SHA1
97b90869c4040a525839447b829cab443c481872

SHA256
9a7ebfac790af1856bc5c51e5133c06408144c33fe4baeb281a19d83f07c4426

SHA512
0cf3d622c9493d00340f9a3388521b57218382f81b569df7f877ce2802fe69a5dacf5abc02fd85364d98cd7653698e7cdb2c9dbaf4d9f01dd1f643118306e356

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
f34dab366b76851f05f8902417e096f7

SHA1
46c2b38db3488d31d488aaa71fda883f8b910ffe

SHA256
1ea9a7175b0aa9bc0687daca8cbdf8ece99606cd2bc9bf228dc7d4940d958532

SHA512
0bfe16b70b594a01d4799b246a3f39d7d022ea6e485f0ffd3fff5704f0a065e616d3e1704c81e61b70d32b7596216e634b72091ee60c6640a6bc6e72a2156e87

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
e5ce5b614ef07b3963352e9bf20e7321

SHA1
5011d3987bf90229d8d45087e61808846445274c

SHA256
3d8df6689f9d89590c4f29a0efa4ea907c9435a561384d19173a03920862ffa3

SHA512
b1405852fbd10e772756db23140de87336a87af566c8cfdbbb17d0706c6c11ef47d7a06c218962a9b237e46f9e715aa40f63f768b4d1c40fb400408168c52582

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
6e5549b4db8e8bb70da7fa49791321c0

SHA1
a531db1a3763220763a51950756e344341a57b2f

SHA256
dab3632a21f2f93031a391b07cc0f705307cc778bce023a538ca287e025b5039

SHA512
8b4577663a18de6ccc3969b1bf8c55554b8c1fdd12c5e52fc96f3b1f9ae9a91e5449a6c014a62645ac76b5d43eff8035642cd3f5475229e912140d9e26bf7710

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5bf3c4c140b5b9c796a3bacb7287c2a6

SHA1
5b264db7b7aaa73064e185537dcc0e9797fdad1c

SHA256
46ae8a683ddfd42f13a9918b567526a118e51fc14121f423470ceac1e73896c4

SHA512
0fb92c47ffabb0b0fc6e304eac04bdb01b778257c2cd2013ac66a42f01b6b2ec91c91f615e3a759b432af0da5bff22107a4af9efa782b7d67a4b4c27b830c354

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
818f16ca7e46f070d9f228c2099a0f8a

SHA1
bb1640c566892d246d83b88e864452424377f6dc

SHA256
31d63645a179975b1426a47d54858b0893c5acc0c3ea19dbd8aeaca1a28368c7

SHA512
19d4cc4d0d90b28528cb3aa4283782fec108f2cfaca17f3a70029eb4cb887ae20878273b86b679c675cbe7a8b2ce7c91fe4dbaa83b5ff4d0af515a1c1c5b958b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
98f5da7db0054533fe4311c4e5b70dd4

SHA1
cb119d04bee883c071f7b0408baf410b50abb961

SHA256
febbdc323afc05db408aeded19a7a83345577196033ff8691c9536267712b9fc

SHA512
10dd5e891c7594f492f0addf7cbb4da2177a60c46255b708f934fdebd9dd4cc7917692410e67f91ae4027175bf34388bf839820e04496f0c62e740fa199e26f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3cb77381d3488cdb4bde410af0ed7938

SHA1
bcc1c65165fa7cc1b11a8fddc28b406dd33b9763

SHA256
06eb975d55a3269fd29611ad8b592a3db885c2e1c18c3b2e3c000041ef7c7a0a

SHA512
7f3a1152198893fcfee9c869d14b03b90dc5fa09f1e13f56cb710de2f95cde55c8d19ec1436db2c3bf923ed90e194016a3b5e638fb52253e5148833c4f02107b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
300dfcf70d546ff074793ab53a8f904d

SHA1
592bede057fe79f428aa6efaab5276ad9853b124

SHA256
75fca13672da62dd7cd012aad7c131dd93ba65e5a9ce5e4860e48336a14b1d73

SHA512
3324e095b829379964057d15e76b0a08e34742e5a2e85853c44e5074b13c176045a1494f4ed061693b662749eda5f2b240db5f4a73744183a7bd711283a0e604

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
fd59077fc6064b78b18aa03ad0ab1dc9

SHA1
a6833fa563623e887c7a60dd4e10fe4e4920d0fb

SHA256
5ce12d7c1a4881b417c95c1eeb05b567e6eec37cc9e3f839b48c2d63ecef425c

SHA512
c3c2529d1dc66a28113ef6ffd8e179713487cdacfdca2706065186ff4e117d1bf21e83cbdb930f4b178f868a2eb6f1f10c39f98aff10060f055aa4bd3cef5253

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
6a9c9ca9a6ceefcaf9153d69e37f96e4

SHA1
0ce6c5f8e97b3bd32083dc65ac22a6811419610b

SHA256
4ea413421e997ac6e189416acaccd8b47c1a3af4a1e560d115d159d2d555abfe

SHA512
954522370e077a900a87d8e0f3c9a62b6548fca7d6e8bfc9147d69c143021d1a31172ec6f9f251276fd3ed179c8323cd2c8c35468be030e345ea40f185021bca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
05775f31fd7e7dc47fe190d97683f45b

SHA1
ce6d03dbbad474d15376e5dffe473da15950696b

SHA256
c00ff3bf052b1e5d79ed3fdd83a7d89fa27e967f229a1f019bc0b56c9e7058e0

SHA512
b926bb33176086960ce45e58bdd4503665d958b21ba9d90e9f324eb120a8318f506516131b0afcae126f501166fa053cdd34c8971a76ef296bafc38ca623d90b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3e09d18e23e0a9fd2d93a5a32c090c5d

SHA1
fa9b6c0fdb8b99f259798a4d1c4c1bf473a4a6b6

SHA256
31f9a37742c5d0ce0953640b89f3164391c050ea5b1da93c6f62f0c0317dfb65

SHA512
b8e50440d0622590c74626f0c327f3b4f46218e80b75487c2a082d9dfcc160c4a2f26bb7030d492baabce5bef9d8a942cbb951eb5e948202e38ce1ede85f1e45

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
22b321efb14279c849ee3d0c656b0032

SHA1
847516d564f966b89306242e28e4cbfac6695b79

SHA256
066744ad1e7e2f041de717911c53e264edc5593fc3528b974ea68ac5a6accd54

SHA512
1862829b057d7600a24e5aea3b89b338fe92892a3767afc513f7a276ab9d4bff28ed041c8dd84a158115787f48f0340dc6e755518f8d375286fcaa23f082c896

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
f74ef1fd34f3fa5b3ad7da23e6d36473

SHA1
8dc4415265b8a7b8f6a4a576bb6926fbee429575

SHA256
782dcb8fc4699062e140e43fa7de5c30c17abe5a4bfd68570814b8a26c509576

SHA512
c3b0100faee9c1c6fbc41684503b76729e497d8f639ffb559ade826bf8d9dee5d2692dcbdaed3ee894d0e027c2471c9775a9c66dc00445a77d9033fb43c7316a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
cc4abe490d47f94f3e265db2bc900653

SHA1
8a12157e781087d11527234211583177bddee0ba

SHA256
c587dd3524698c74bc0afaec16a00f1602e40912c4271b47046973f7df90d9d4

SHA512
6352d2907bd23f3a3112482f34e84b20ae34d175e86f519389e863bdf2e22d1a3cb1dd4c7d89083052a8a2b15d897d84c7c43e6d3dd175ace3bf8239f8c02592

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
5678d6b18c446dff2b58f1533e15f5f5

SHA1
9e1b667932e1affbd7ac877e2c39d075d718544d

SHA256
ef97ba673843dce5931b6e39b915d996ebbff2ece5f320c67eff2808e848bf35

SHA512
c55aa30be05c4cdd5828b2d67af9a17bfe77cc7a9b92d4548699de1acbb475e35ec9c0185f4a39d3a73582aa601c64ddf1c96d4096dee577dabe82156ed8722c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
4f64ef7aafbda018a2a6d8f79f83f2a6

SHA1
50944965fe75044ec8e8eeac0a0c7933d672cd0e

SHA256
d14797a569d9312a77af05114e9a176c1c372b43c4803c2b1b3cc3bd98a55ba3

SHA512
8549a78126c440b50dde4ef2364c84fc2001d0ac92c30264fa8f09f60ef6070a80f5eade6bff4a981684134827424e98795a421c9f95a638591b70ab90fc0591

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2e85dcf1ea0df3b37ab8b1a285414991

SHA1
e8d345fb07df4104e0c091bb5d70448bcab0515d

SHA256
a4da413cd20be5338f87b531aff6dc67633348782baa2b897941b18370242720

SHA512
a4e4ad865af4b8794f6032977992e79e9a02ddd02dea9914c7751a460d9a1c8746257506673f4e9f3342690a4aaa76aed0aba053e0eeeae90e99bf65d3512435

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
1ac39980351bd42cbe30e0541721ddac

SHA1
88acc1269f583cf4337e733137d9bf90690bbec7

SHA256
627b20203b8a0defecc274d60a8f90310262202222c0e86084738a8f653d1b3b

SHA512
8443668186b0ba08ecc5b43b5f4feea7c2c2d6aa8457350f6ec735cc105623288a5aab40bc3b0c4050fac88c710dfbd9d6a733b0ee511efc906cc99141ab1acc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
2c2c580d6cc77676a945d05d46ec0016

SHA1
53fe86da883a69ad17fe8be196f0b52807417944

SHA256
f18a913ea7bf792b908187364c83bbcc506423caf16ad17036e5730120e7db2d

SHA512
ec035901c5eae2d82e2aed0a55973e12a73946f669d0f13f7fd095b6f46022f5c084e47871f74faba8f372e5bb30145a96fb415489d4f0634c6e6a5154285955

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
7a7fa1a70a98f133a5403b1e3dcfe8dc

SHA1
864420ee6f594a4060e4a78de6dacbc1f2856a9b

SHA256
8bcbbfb2d4dc34ab47b8324699f9ac1607ba852ca8021b8c617e88237bcd2627

SHA512
c14faeed9080b0ad201eb61d0628431dd12b1229a787f5c73f6782b220944c2491ee2cc032119d89451c3d0aa564dc292a539d0fde965062d291625eb3149315

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
d15a76cfd8cc4de4d560995a5c759996

SHA1
706890a9d53a17ee95d96232cc21511bbaee542f

SHA256
3fed6c850f25fc6ca1315fd1255edffedbf67ed84a23baa56d1e2f995a781ccc

SHA512
bf613c6193f61718468729e563881096f3e6572fae1bc7778a47729c706d11f487504dbf924ba90c750e667ac9398f89d65fb4ca38799f451fe171d6bd246669

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8fb96b28833adf24d86a64d597de2884

SHA1
7ff99b2428a707251d82d4b6244e40d390666eb9

SHA256
f3957d4f696aec5d8936c2c07d403a7e589572ec363737d5c6128865e39e8e46

SHA512
e22997ab08e7d3c91cc9de02149cfba42b19f29c77077b2ab3874378c352f0b8ac0975c8f4bb875ab1e65afb9c80f28799bdd1909b72a57832b077f3a2abcba9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
5a64c71b74639692fd78fb2ae5c54a6a

SHA1
b448a49de77f32a43a65ae0937a35682e41239fe

SHA256
a1d373fe32f6c87046a3e6945bceb85d7fc401174aa684a6a5ab88d0e9481fd3

SHA512
e1436ef3177fb65e08da105cf407e06f2860caaa70012e5c5df468f02248a823e80a98f171af2c9af8c66fb1190009408920a9fc5a8ec60bd38ef5252c7a96bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
a5ea7ee9cde6a6e11e60d113bd7cf6b0

SHA1
56003a7df963776430740efd8f60e72d61153aee

SHA256
9633094e1ec92dadde7091d88aa11f14f4e483e2d296ac9c515dbb871c77a69e

SHA512
1f0d837026837083b4a19a1a0eb2079e08a60c088871450d35a9946426b2b8ec25e52102a1b95f70ae5ea12b6c761ea612c7c52a60e93c4fea5d615abfde1700

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
8d130b29f1097592c1bad8a8ca6d8088

SHA1
94100eb962ab2106531d1b0fe86b399f36a93adf

SHA256
2e306e354d39b61bf0e2e41e43db65262f4566a3b17e33da27b1b7154ebf838e

SHA512
896f577c3e3508d9d3afbb2090531cb4ae4ed2847c169252564ebb73a8f1ca2c065a1a240e8b664a1e5679ac0af215e3adbf5e1a1ecdc24106605d375996bc78

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
6a0b02918d75dd9a66bfecb1faf522f3

SHA1
46fbca3d02a8075b646dd444ce649a765e853b59

SHA256
987fd8c744fac0c7e22738a485a242c893bda813fe3cf596d06358cac22f1aac

SHA512
6725c7eabfe5e6285f10c74a85e5cc3113f83b9928766310e86d1a2ccb0a7278a337f7e27bd4407dd7572911b541568d6e5836f5556f8f5a3644f0d5274245dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
91d467312a7b4dd1457b5307f55608d6

SHA1
66747678211e819c17e278f6bbdf4f1d2d021049

SHA256
1d67489060a4d2404568536066fd23264de8d037f2d0359341d5f75d8b56b347

SHA512
d52279d3a805b7dcfed7f08cf746ca9cb0edfb8c0838c90d7bcca8c5b3605d90c179d8776dc264a9a347be60a2bcc3bddbb736cf806486ba0465aee32984bfa1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
45ff448933b31abf38a418ac30eda2c1

SHA1
934a4d09d2778ed90da8594b830cd65ca17c3f2e

SHA256
90f396f7b74346ecba25669d8828d44809e27fbd4549437bc1b0927327d8de28

SHA512
030b41321876b8a8e6ade9ccddc46eaa0f828852c866eb3cfccc840bd1ba634a1b9a1814877753777e1ff14d6afed7e8839c31b26be38b2793af4728f4857b94

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
4c70424b4521b242a969d6f483a773bd

SHA1
33ced01e8fbb15f357e650099159427b11059b96

SHA256
6135cbc6364fc83d17eb3aaf092d9f748bd8985474cfc59c372796476650ec82

SHA512
f209817b4f585edd42c1eb93274b18785d9de84cc2b1b30b966420f4157c224a09aafbfd40bac9bef035e88007ca8c94946948a210e7b673a8e4198d52659ffe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
846afd30f3d45e2409747852836344f0

SHA1
6d121bbef7f3a7598e30e35e1d1a5d2bb3105234

SHA256
39b5552a0e50ed98507f5b2bc753cc3f583f24cd46dc6de721326c18a0ea8e9d

SHA512
1644e410999cf12bb925c5a3ee23acf5d57c1ab96222ca17dea2ba794ea265357294f659709c52375bc3b6856b98129277c4491c0a41613a0492df976c9018ef

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
5b62f22ffc75945ee6d1b898df0f7f76

SHA1
cacdf8ae9811460ee50c9cffef67767cc0e36870

SHA256
de8b5e7702b93e095aa0b7a8afed78d6cf17ff4e5fe9b64faca815bf0e29a9b1

SHA512
2f4f56101bee5da5367003e845896411b749639c6b173995f91bf83ff3ad7afaaa4b89df97b01133091f44a94cc2e9d172fdbd75b39e99575bee619a63f12275

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
5110384b2e3a6ff15b00a0cf9f76dc3d

SHA1
7381ca1c5e27eb51931814367dcdd2469f69e5d2

SHA256
dd526a3cd5d6fe0a3d2224e0197d5ac51913bc8fe45a1b67081839f65ce2101e

SHA512
40c33e845404d0121700dc5682d9ae52f07009b2fe8234205130911c177527084ae25e79f1dd325a9679ffa1b85b440c3a7e95a36247968453f23c443f12b1b5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
13d2c5b585285c246aad2cf22df48218

SHA1
eaafdf932bb510dd38fe629a65e60181e1fa90d8

SHA256
b679199f530a7df07c76b94d119fed701d345c5f43d58bf1c7f771db91d60299

SHA512
563a1ec6f21dd63dbd3ca5b4a9fd1deb554a024e55d9858630780af6853440c91ef56c01c3bdc981a85a2ac9f8a9007a2277c0db759e34c08dba667d4387e290

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
72fee2089786a0aff675a68f2efdc211

SHA1
ed09b47c89d2c0245c24aa646bef02c46bc841f5

SHA256
72ce5e42a02202b2c75fb91805acbb1382795b993740fde41fbd953e46f79356

SHA512
5d562504213acda07ec5811f072268c941039ab681e5e032bf909e8a592092c2ee03c496127b3e04a471375cc88ab25dec47ad517e4d5b0c1b9f6d8f3001904d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
337b9cf92196217b2f1c1773099f8c62

SHA1
7373a1cbda416d49be7a9566fb855109d6a7095b

SHA256
05645effdf2d854b563a5c57cef72429c7e75274109783135ec61dc2c087ce62

SHA512
64da0b90c9aa9d5a14014f3b7e5be05d7b9bc3acd583e04642b5df38c912c256ab3df585f61d0904f40d242ace14e63f081dfa1019a6d18410ab3559f114783e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
a15acf04bad5e214c3120ef872160c42

SHA1
9a8d0f32849d717dff8792e30d2a606963811880

SHA256
b1f7839d0345d428fd1c1bc210783ef828708895611616eedfe84f6c74b9a038

SHA512
d5a9a084bba7e75bb38a6fd675054cd5a74f6a35e5cab4d47282e019e15c2065256ab5d3b33c307b7d1b9bd5e894f6b74bfa95fafd1acb25c1548d1f2fb5623a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
61c6f57285c1f63449d8bd16ae5b8d98

SHA1
09745d7dd6a24d28425260514e7e3fec9517a5ac

SHA256
3adb0a33f70ddc746610a73a5231e897a90de5d63c6bcc86f726c63edb250330

SHA512
3c36c3cc10c4d9e72c00ba1dcac22fffc83f2362f8e56935c987b0bf7e0569815b49a7ef14419d39c2088c7ef509b55b5770b04c570626b841b6032c0cc55975

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842782446347856.txt

Filesize
77KB

MD5
edd35a59736f6cf7cf55edd7fbf8f989

SHA1
9f937c07b67c70b883bde647b3f4be9f55305ad2

SHA256
df70a6d8f5a81211a12a3cd1c53498b310d5c3663d6327db26124c257aab191f

SHA512
318d5fb8543f0b5fc7b30371d2a394915066eacfadddeefe1a16e3b2c8b770e7b10007f818abb5fa1e99680d05dca3318333aeb84d3f6cd05827980c91750cf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842783615747702.txt

Filesize
47KB

MD5
ea58919f4903dae2c08a3b155472c9d0

SHA1
0828e7601371cd6d553f4176c3aef9835490b803

SHA256
9abe9935d27b52c75cb8262c55dc2575a88fd5250a4494c32d76d66b6fd64c1d

SHA512
c2da5b98484516b98a8ef5edcca56c33683b8045b5f538058a4a2618ae09bf40a28775b7b198bed861efbe0696abf3415331432c1045e72e91ba0e8f45f0feb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842789875041686.txt

Filesize
63KB

MD5
586e39216dd683704bdba9823c7f018f

SHA1
d21ca026d02add471fd2ccc320f792ded20d3a8d

SHA256
0c9c8bbc676b0bf2bdfd83f1c8adc6293d08919d01a82046f70e176f620ef1c5

SHA512
2112e3bcc7d497d508127450bbb5a72fb9dfda8ffd2eeeacfaa261b9a2cadb4507431fd10b1564ba5ff9c1a29dbe9bd2c50cec6b8c5c44dfffc72684b141346d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842792737167497.txt

Filesize
74KB

MD5
0a39beaad27678974d98421d669f2f29

SHA1
ed38f12fb6b750e5c6c34d838247f34f11fd53fd

SHA256
ff06342032b8c5fb6ad95847366ed728f7a68cb95bfa458d566ab1b0c3a9ed35

SHA512
75e09d5e840d8b11db3725f85e64ed190fc37682907c7f6ba18a23f0d340d4aa3fc6d5d80d8063e132571cd81f6c420a5655b5884a05255f30cfbfac772b95d6

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
7c470abfe81368b11abc3cdf6226c306

SHA1
bb5829eecdc9f4b27a1e82348082c63afda6f8e1

SHA256
635497d50f5933eed14b57cd5316aa1643dda7c9c3cce82d7e9be9f374c9069d

SHA512
cb56c0f9a628481935239fc0b4043423fab4e135a2fd93bcb5cb119a708111e3b1674e5d1fa5180709e191d7c7dc9c4dca52da84fabe499e24f58e279e822201

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
a9e3301664ae496d1ebb3b8b9cead3e9

SHA1
802e56cc296e9918179ae06eaf2cdbb23e3ca4e0

SHA256
aa608421cae334022918a2c10ec36c7bbd739e3ac8247fde4587350079a1e10a

SHA512
e6418bfc27a8ce2d2e7b70e80837453c8996f0d9b51729db23b79d37c7e81f794589604a66130dda2d70a589ae356ce134fadff0e1e14b2bc35682fe8f13229c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
924048d8d467ccf3acd886d2956afd1c

SHA1
5737d95520aaa46b1060ca80c998c25acedc041e

SHA256
36eaf48d2108524414459e147ed1212d34589d20aa97a72e2858684b90f625d5

SHA512
81e09d28e17f560f26e9068d0ab9cdb31cb90d765ee4758ea8b0c9407d25e1f01e9cf8ec274db7ad1ad8712d4c23c9261750cb83e8b04d7be8f73d7295395c47

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
aa49658b5a2e8ad127a24a75af0ce9e4

SHA1
d44c0ed0c68d40436b39e1bd57376681fa7b2389

SHA256
980feb78d893eb74e3daa71d2c509f7e5cbb8fdb09352f0356aaf0a64f22b640

SHA512
ff178fd4d321a9005e1f895d3d2c6bc8c37ab61ead05b33c2f57eb1840e6dd5bbb3a85eaa7dd7512dda17751d1cd1185cc7c746b545ea44ab3a67b323f1c3d0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
7bd56cfeda28ecfdc8566d8570556b35

SHA1
57a5e59f215875850182f9296f979abeed7ca629

SHA256
f61940b42a6c710aefcdf8697fa35130f124c703d7e908fd7beafcf3bab6cd41

SHA512
95814f8401e44a91afd139f3e3c5b2de15812f02b2434cdb0ef5f8cf5a9d6eb93207659cbd1c7d29486a0c17d53832620c2a97af1785f9ba6e90e94dde105303

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
86751e5709e5c217b4a50bb9697b4adb

SHA1
943662c5f23ddbe0337da0de7158d7f33dcbaa14

SHA256
b63e9c5d1c27671352e87e2be3392be0ef48624c964f302ef79211924268a271

SHA512
fbfe2200e1500165f164904a88c04d28c4630f06072f474aade92f63602b29c13144fd7a80cf07e687b74c246a9112c1d1cb270ce1d358bc9e8df452439473b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f23ece125bce2f70569e83652689ac2d

SHA1
310725a77ea1e30bf270ae7a4b50235e08723a04

SHA256
9598058699f1e2b042b525b805b1ea0d06b29112f93880f97042fe77c82178a1

SHA512
37cdd6caa54c3724bc55b73cb2e1588b1adbb8b420401fae8662eba3d410a6a831b8ac328ccdb0d5e8e4a69156a54544913df282e87531c4c97a13a7c854a32a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
096f4681925780029c2e42cbd36aba87

SHA1
406e33e9f52e87168bc3b1056095ccaa4d7cf4ae

SHA256
99059973b4d6f81d47a9a1953b09a19b671e79141d2783006fc09007e393c8ed

SHA512
4cf442089a2a840b5be215aa6524841345b9e2019588785025182a651849230b92535755d0adb36b9f32ed6760a10128b58ebb5cb74989af0e1cf6fe7a6c0eee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
83a4d9a931bb46b99e7aec01c192ebab

SHA1
40ad48b547e84c942d0ad3c3c29c985af116c184

SHA256
e90123d8a8cc54b8ea0e438d5d6fe4611dcf5b194e68f034301bcf2bb35bc9cd

SHA512
f14676b9d894c685e43941f88b23cb629ae12b4b62569540caf59957b762ab41bab1c2eef0a2821895382bfaebc39000d018a20c2c9e171dd1193efb97392aa1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
583d94e53487ffd8187dc71e719aeeb0

SHA1
2855204767df9d7fd4fa6925269b6e809af92210

SHA256
8e7ec64cfb60ff3131cc76abc51eb30bd13020a99325f3b2c4f912f20c40d620

SHA512
1dc3b9de11adf8311ffe34c8fac588260e4e50a1bb4058a489953da475686734ec711f4d4dbdaefee27ebf7de09be7546308501141adac1bae3f14a443b51312

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1d1cbe2850df99ae2bec4e302bca9a4c

SHA1
0e0fcdfa235ea1813dbcf1f51e822009eb15c90e

SHA256
19c732c1f5bbe2eb8ed9fd758614f538ebce52cc8b2e78ccb4d6450ce7d46d6d

SHA512
f5ef0e3c48d5cccadb10196452922dca59954a3dada3ad92e8c56d06b404432f87abae7c7cb8efc12da510de62dce6dee02f6cb872ab56ffc97bb0a45117a36c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
6659ff5b159be2027d72e23767c751b2

SHA1
bc8cbb6b85e37e775e6d4d16bee78fac2dbf4432

SHA256
903cd712bc6ee07e95d7ba75f8eb5a800a57277a85673a55c739a84355a14271

SHA512
da74eedf8ac87003100444fc5b4e89bc9d54c4aa65b55a065029406cf61d99f10067dbc83fff8905f63aa2d2e118aafa33acb4b903cd62bd926539f7b9d89f47

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d1fb315b7912a1b3be547f961555964d

SHA1
0d187084885d8d9e8276d0855d7c364d8e2d4ad3

SHA256
f86222c5dbfff5f0887ae5567b23f41f2066b83369e40895fc490a672917540d

SHA512
46283c1a0a5bdfb7e24abf8e453b9c037944d7f81972846bb30971f7b4c7ad6c663ed2b52fd5cb3b43acde3c9df25c6706f0bd29fbe0131ba996d8b921c02f9e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1cadcd214253f9255c5d392a3c14b9c8

SHA1
daf7987256dc751df02f737dffcefc7022111111

SHA256
d0b5ec753455631f66c43d0b4ac6080b97a544a14f3475f5e9eabc851a73f89d

SHA512
1b0af146bb746787c6e1c7cdfa228be54509fd8423172907bf3d22f5fd5d318ae9cedf3efe63f4b75ccd2c672397d3a0ea445a4b55c187b65a8146cfb03278fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
3895e35e2d83d980a350b1b1ce167ae8

SHA1
266e994ff47340055d25c86e5c8977724c34678e

SHA256
d423ecd6bcf1c64d00457c0af5dd4055dcc92ffeb884818c78a6601623c777a7

SHA512
4e06f21cf68cd84d4ae73635566cdbea877eeb55b57fda4c1037fc1b465db2e7396c2966ea69521fc9cde0fa62f9b1355f39857a971c702b793632dcc9585e5e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0b8938a43e262aac32b00ca2d298a1ce

SHA1
284869981150915bb90c2883a30f7f81942df88d

SHA256
a0242a3b303344926a74cf7de74a81b771b87c669a893237cd8591f1eb43432a

SHA512
185dffd31be62cdc0ea8f2574a6ddbbddd3911181be566af1ddc42560476bbda0d86eb3711fdccdfd41d089b6b98ab7085340f2dfa7d4449ed03edc6b2751e79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
e8a730d1185cd6b194944fcfe297e80d

SHA1
a13238eefef318549cde3284b9545876cc6dbc6e

SHA256
fc731c226948631d5e96d50c297b6e264200ec89db12ebd2b1596d2597470e14

SHA512
4e2e88a838261a4b39b43835d9b7e4cb17596b4f07a20218f8105d2076e6d0f0c551e32c1ee9a352f8895d7addbeb6811cae1758fe0372b6049a256fecd2f5dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
22b19c00b7348ab83a474750a2c790ce

SHA1
271e3cfebfe35dd5371c0b64b645358c3c1a62cf

SHA256
1dc20a7e194b4337fa37404691d71e99797161723cf466e2bc079a024ae8a5f5

SHA512
98feb923fcc20b67057a040a025c8fd1d2757531ba97026b297716ade9b1db7170a82c586717f759c7658fb2058df5bad23f161aceff5b92a7d139422fe1c899

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f1285ae6f51de7aced9a26d0b9977e21

SHA1
d0e523053e8dfc5c34005e3afb5ddd9657270573

SHA256
42633c994ea3d6d3af86662326837bd06d3eddaed7f80af401581b80a1243933

SHA512
ca2051e1417004a86256ab474ab2b5e18958ed3ff6b13b1e8ee728c35c9d3c21345b952585e34933a919697757b80ad740722cd100f8fcfae5dbe9fdee333cd1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b1ae5f294ff5d49566b51ae285bf6c5d

SHA1
58a44f32ee08a3d0e382092730c91478c6884697

SHA256
ce45d7377685f7c6d9b00a16d006dfe6d5e5885856fa75606bfd878e5df54ef1

SHA512
4c24fa7e5307f1aa98507fb272f555ab58bad7e2a2589c35089687b48b2ec752675a6bd0fd9d99eba9960e0bfa9dd24e2438a897813c6d8ea903004b7bf0018a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
e7371853ebedc78dffa660de178fe904

SHA1
791b3d3950a4b915ba4b3aac817bac4f27e8d67c

SHA256
4c9981689f91b2bce269a37bbc24a269c9e30e10e0154ea83d737049cc4b53c0

SHA512
aca85bf51a638718372b3d42f7dd7509d6dd7a08d6c271189f074940515b221a7e6d997b4037d240f8405597dd6ffd84a233caf7ae4a3b16aa97b66bfcead2cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
cc00c7927c0bec9932536fa4de5216b6

SHA1
54ac5ba6bac1e6ed2138852b1ac77ac7f5a922d4

SHA256
f8cb5fa7d94d127675418182c0406ebf8af80d1cb758ca4960f09cca95c609cf

SHA512
45c8d6405d3c1b5b23a988dc26d9d6d4c898977706dfa3bf6a5c0d2eb09b9dc174bbd18925d30a7fa6f2f1bbc34a0bbb9d47af33eb23a23d68ce63a046e9a7bc

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
9f9d7c3ba5d3c98c3d926f63b29239da

SHA1
4074ca1b6563d5ee19f0cd4ebe5fd28e1420fd52

SHA256
9139ece6eaae1f2a08374b2f0a4b16ebfc16dfc59b884bc630a210ed1501290b

SHA512
84dd120db602be5ec763d7c63f62be3b4af26318eaba3cd80d3ebbba4da4be7f913da5cb05012250acf45fe0bc83acb9a949a5e3294b9654f2abf95d60d353e3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
75a1b1e46c511847ca366348c2f3dc10

SHA1
d27816b12d9dd85892f4d4790277aeabba14a0da

SHA256
9b3540f1644b65d170b576ba79cc4cc5249de88d46f3a267ebd9bed183a3f6f8

SHA512
39fce5d8b5b6317069ff19d6b933dcac0938543b061be9bd93034eac91e99af024de39a03b4b17c5cff229030aafedfe902097614ba9cf92014ea9e0b72d84e5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
8082fb6c8e83977bee3a1a7d99fc4444

SHA1
ad67e1e7f14aeca1f384d7acf9bf7e2f6b1f762c

SHA256
f07fd4af0afb5b3be56f2437a3ce1449bc67466194f320d294f4fbf4efc1b168

SHA512
23e31501665024639bae5c75b62575f4a1161d219eed52e58f641f556e7e4c9aaf78b9fbe1856000ebba7dab88532009490eba2175dc8a9de9828eb3f7656c6e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
aeb30b35034ea94219bf81abd9457461

SHA1
1632cdfbd47d2fe27ca78687a7c46565b1e93a7e

SHA256
bcaddabef635fb290e525c394659740432ce457712a02ecbb1730707f994d398

SHA512
1668f30dc1eb848a6462f802b6e3793a2928691222c3f846fbb7f2fe4bc02743bace837a904232f4a667671d9d8e955e5ddb49d805c84990c378344c7e2e6ebf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
838d92353695f7e8a9e9a24459d9922e

SHA1
75a8572b31824a7ab7d2132250df302fa4c93b06

SHA256
4272175b04a5c9e10260b5803dfade23f4eee5cc3cd2ff21190d8e2b91c6ff72

SHA512
7e04dee3ac0b7d099ab7292df8e9e15fb7916ea880af7fa04dddbb582865001a6a28f646c53f987a053d3517c3e497b918998d4e4f862fe3e7c6a0d813168a71

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
ad5a6a1e64b32d584e1e1b8a40ddebff

SHA1
ae085eaa4e9538c725f1f4558823d20ff7ae5ba7

SHA256
da6476b1cccf8ce7f42e4247345c2901dde987af4408e99691b08b1e00065af8

SHA512
fe161e201b9060692f33b45322a1f797b8943c0c09a17a720e1e14eb5273b643cc6d9148cbf0b9747de189b862f4f099bceb4501b3b3f42c6880ef905271a875

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
0410dfb3b240ea7fe3488a39775464e4

SHA1
65b40c705bf2542ea9713ea85299c765373a3c7c

SHA256
6734aaf389264d65451b997fb1228f417557b8b47fc8c7a26b93e36388550be7

SHA512
136a0ebc8b2265e861d594437ca4e6fdac76a8539cd65623d1fd1e7ab7a952b3a3d008fcae61fc4c3232ced2ef037cb851c4b35263b79b54f22b6f1a7e376b9f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
5aaf4e54286d2cea66796297722972e8

SHA1
5c7f14db4edef6689fa9f1e4eb08617e716bc3a8

SHA256
b0c2e5549b1f7d560b06a3077a26ee65cb9e64010ef6e42cd5217659ef3ad2dd

SHA512
475f7e5533fbe991cfc5b26a5b3c38ec35eaf1d0bf423b7916de56a75ca3a856ee2ccaa47e911330a6d248cceaa94bac62a6b2a319efcb27efd9eeb83f1f69f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
168cf07af824d4fef943408e1b0258f1

SHA1
f113bdcda060651a2737f01d0531ca28ddc02a9c

SHA256
b3805b78013029702dd67a836a30feff187933584d2a2eea89d6572b6d820192

SHA512
79381e7af1d7c73c4f45d8e8540231697eb9991237b365d074af174e019894ebdca65cfc66544a357d814df95d222c99c8714b2eafc156098f6d7eac617a9cda

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
a70e4e467b8d8b25e3d52a34a6007948

SHA1
47d1c9a97df3b90b5374add87b0d2d6e861fe4b8

SHA256
a7b9795e318c422a825aebb33ad1ad52faca2705df8643181968e999ecdb91f8

SHA512
106632564fcb7eb0a0814aaf8fc1afc481a82a944e0478ea0c482c2a6255c5b6958a1ccb9cd4def0ffd633755d1cb9c786363e880a11df1331f3c955a3214c04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
39e70b5537b7f2c3779ab34fd3dd6587

SHA1
0a1ce64a09b1b27b2b3c70b9e57d891fa508b33c

SHA256
9e3cf81baa0127b9a9a0079e8c5deef21bd58f40e1696c676f9c713d1dc14031

SHA512
5d636d95fb39a1eaf06f8cc7c3d5fc5eeb633eea20d5e92ae7c1937797bd505f3b72edad560fb0c34cdf8e54dbf2c243de5713dafb835dfe73e2e088d4172e6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
6ec2de8c32fc2e6bd7f22f39fe37e5f5

SHA1
a1ae8dedee2013cb67d33eb88df867b7c013e612

SHA256
53ac933b7385b0e2ae0021353e1766d06708e9b0c23e15a32466431e1002d34d

SHA512
ebe636a9d2a280d68429ab70e338887db9179fabc96e13063636182d96cba70fff2ddbff556ff256d73c1634a66c223e8242230727837d5eb4c8f74718cb94d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
5ee7ebda5d455dcf07a8dee4a625f9ab

SHA1
e5a51ad8777cc5ed4dfb68a711e2c7ddd770edf2

SHA256
c9cd0725252f4855fe8deeb17c3ea58b850cc1c7689dfb3a60a5cd58d86b481e

SHA512
99744531c873ab3343882d0af3057cc50318e6b3b934da15d1da62aede49e870b6bab81c620be14bfb05c084e936025f0f6ed698d5e341cb77b363f3115a9d57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
4512cef1627d19277f881f6690bba963

SHA1
e551dd6688cc13d0282b81456e391ba99214966d

SHA256
7a1cbe796af39632d2e702ab70410cc7e0b678cc4dbbbb5b2e3d05b264ebd229

SHA512
f5a3d348394c3d67ef596020eade72d8e5a75331aafb532dc60ac2adc210616b13c98537122757249eed0a6a69d940fa23b94047c65ad5db75c07fc64f8c3918

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
0ba3e9dcf506ca6fd038520b4e177311

SHA1
a3810eff754fa61a15b382e4643e02cb9d06783d

SHA256
a5bc71b540c233dbf295888f7d248ca7e229656de68f00def64b9a2c742268c6

SHA512
92f71f8a78993a365e046b9a3cb5cd297c081bcefa0e491c124a5ee76c7a390d68c4765a61d71887cfd5693450fe8d8fe17022627224665ad8e63b0e3d41930a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
46ec3a1ff7763301156983cc5ac6aa55

SHA1
d5641b04d8ad537ae51ad4e11b017842f3527d9c

SHA256
b652df50cc89fa086c67d58a4eceda22b6687355274ba09c91652c5671fa7cb6

SHA512
14e61203faa64c02e6b390c85804408e11f7f87910dcb5465402ce65064a9e09edf9a20249513da57dfe9d5724533dc00ffa138c6c75f6a650b1388102379fb5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
20aa66b7b93ec5903cf1fccb3857558f

SHA1
15ec86de7db284445613bcc0391238f6fc7e6e3b

SHA256
bbd457f5187f904ca3207b43f317294ecda5940a7d91195f63de542ae54f4be8

SHA512
17bde0d1e12674b819468ad252ee6f1336cba66bc7efd02751cb0d90fbbe1211a7f663b32a36155b15f9f0369c85458a18a7e45e24ec518b67c4eede33b741ac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
9022a489edf1ff2062ac81e04039e7fc

SHA1
423451f0449d8f9cad9d9a6d35956dfecebe6346

SHA256
975899adbc47558c872043cfc3475fc9abc7464cbdb905c9b70f742b6deba891

SHA512
8ac9cd0588f3f8870d3a836b57b14642667bc48cd95bd8fe86468aa4b291fcd8d8018df3a701945514f6267eb86128da5bad71a31b8dafb66576c8de3108c677

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
faa1878056baca7a540a9f1740f0701d

SHA1
2ce3efb2d6aef5a7015ea3c9ac6581af5f59f820

SHA256
f0f04014fd3e4bdf65a8827795be17eb832c2973487e172b2684b218954525f9

SHA512
621e0dbdeb190ffd6e74494f0333009dc04f0c3adf3432cf5c47aa90dd68577e6f0949cf0ea000ea311b20863d003e3285d0b845f72a8e45bb5b764cee2ede37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
d2924f7893e00455076c179844a43d0e

SHA1
3a6a74d849f4fe95745e4726e7ae19beccd6f8f7

SHA256
29573a5af272d93548d69cf90a7ebc58235fe80a4a8db5b11f5d1a74a7c4c472

SHA512
2d0d4bae28df3d7fec3fedc59b39687a1ac12862fc2d164b400a6b84fc554a4a0ed438e7dd971c86626dca1203c7633350c1f748c8991e1bbe9db52548ff05cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
d13b85b0d3f95bcd73c72ad55ef7da71

SHA1
6f347f482ab3c2be5d211486782dead151142398

SHA256
ce38ec859eca4176b3166ddbd5595b7ca6599c6d2c840a7bd04d082d4c6febe7

SHA512
d68de2334b0ef2a52ea24a909b7c0f3266c61d76221fdba30a4b71355bf879029fda274253206370e183abbdec67e5cecdcf92e3f77deadf94af06b6a71de27d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
afabdd7a64fc556c882d72796ee4db56

SHA1
3a284d4670b3ff0eec1393f22650a8a4eee2d6f5

SHA256
1fbfa78baebaef48fdb4b51a1631e93c929b223253c8143e682b854329f7bc01

SHA512
a4dd8d04c671f9175eca91d972ed1a1cb0e926d760c3a0aac9a61cbade6ee7c53e5d8d23f5967e111ab78e3bfd73fac5b1b70aade79d454807260b91efab608f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
0fbf2dc6df796f5cee1634152d0b2bf8

SHA1
15bfe9b9e566a42757e0a3887446d587fbe14927

SHA256
4f8e96d18da55aaa6776b862e1f5cdc1f95435832e239a48ab88da4e43a2d6d2

SHA512
9721c5da69bdd42a69ffbb3984ce6460d4c2455c60cde66b1b0f2969c9c35721af3ce621878d0f2fc13313a2b63703dcbca40502dfeab47ba040e54355803c39

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
3caa04336279a44e40eb4b10df9e4d2c

SHA1
e3110cd135fe2af843f1d2228e4198427a9efb26

SHA256
15de1e367666e10ef80a065e4d2ad7924c042de83c726bc38925f3104e1db5a7

SHA512
2822077fe0d3f9ad70a098d2d41e017ca26c4146a33336af12a3af5e8fef27d11991283b7a087da4bf215a283907fb5575ad0b996b93a4d8fbb6a3078080c1e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
6e3d92b909ce79180d218a7098e8cada

SHA1
fed1f7c2966dc7e62b6c730d07f9e640ee8de405

SHA256
6d88c30cb13ffd8668ed8e8748c5387752f54593771488c7d9343ca5cda452fe

SHA512
d9c7a29a830a21b2f3b39d8d4ed7148149777ae8f7fe59e4d49e958cf27efe116af5a88f667fde0d22ce7c89cb4bc8e9aff0dc3306ad72ac538b6d3963b85970

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
8ed1b7b349055cb1522c10115e0140e7

SHA1
802080b21777e35399cf66e5d394d7c7e695d628

SHA256
ab0a452027464c5f0fb1e2d33a90f271b762d875e42f58ffe1b8c8293f490e5a

SHA512
4ac953dcf8d192f8d856d32cd780b70e862d2a390276b36c58ca000cdc577fe03cf10fcf1dfdf29e301c6238426b66a70b45f1f33d602ba06f289b0859e55802

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
20daad882554b26571c0b2c08148e19e

SHA1
15409d443cd903d24313a6b2f637bb5eb39fe0a7

SHA256
0ea7a8412ca34899331ebb05de6158ef44ef7df4b6b55f5e3b96adb832cf7d90

SHA512
a2b6e2aa964cd2e1ebfac00b1c60d9a5ac2ba34a6124276efdbf09be0f434ee54287dddf03fcfbd426bcc58bc9683b4a35dc68a7f2adaad3611eac26305f2ea8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
24b53683326bfb201740c04ede2e3518

SHA1
921ef3b85fcc5c1ec6cda3130c5b65779b5d339b

SHA256
3f48ebc3ab2fc1a6dd2065684e84c66d52b2b9c7b9303a4fa73b86c8c13b57e6

SHA512
5bc025133d51a07d7f3becf257cdb9372ae269223a5e24f84fdb7aab667d4e59afc13ac9d43ce5dc9cab329414493e7154cccdfdafa54220b9f75beeb86dd555

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c5aed697ac6cbf6ef8d90dcc96c40fbe

SHA1
f4dfa5ccd9e1bf30e229c63f88fa776f52b3dc4c

SHA256
0e162d863607a611e93b1b4dee9c8ea40fdbd1f8aabbf8bee356a2ad2cf54ae6

SHA512
7dc1ac1fc9bdd2e657221001967ef32ad2bd5794f4a518502cfb389ff49f02724b929815195444822bd27d9cd94952f8bfe97675b1934d0b4fc66ecfe39bb606

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
de5a55963cd2e2e9102b3f069a9cea28

SHA1
49773f01b5b08ae30bed2895f94ed074e2c693cf

SHA256
76d20ef283d8483ce9f310682a62120e5fbfe223d7fb9d86ffd3695c850aa6d3

SHA512
5879e5b7aebfa85f7e07608468362546d5335b66f5246f303239e381d972757ff6f236ccfbbca5e84c33128bda2a57029927cd700c33d46035e5f938bde13940

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
b7f91d5f5c1e32c9e6cca10e6c650895

SHA1
5e79170c0520274db549c340fbed161a684969f9

SHA256
952b19f4ce4ab083bdbd474bf5e8fe1b4c9e746ebfc49332a83faac5736b93a0

SHA512
1637114ef7b43c5890369d082f788fbe6516d1f8a5fb1fadfa21438fa649c5f5d0547a98cb430dc2e37593088321472b6e5315af2e56f84c17676f44577a4e8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
204dcaf27f8907eefadfea264fc70882

SHA1
7b15ff4261ff3b770da7fb99593b2792043ebf11

SHA256
46b35678655cf184e3d4f64887a0ca8bc15de0dda855b11769c5596c0f36dff6

SHA512
d392873b36dd4b589e87328fb7157c9020bd072735a44dc33488ab18cb12d58c1e458934df79d2fd16751cb5d41a384fb72258f00faa740521af49393510e8a7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
949fe3d43405942a0c5218b6cb9c8f56

SHA1
12925fbc80ed50be3b69a7098b5aeb2897403beb

SHA256
cc30b0d8dd12c2c1e72d42bb9db01ff9ba7bc7b0ae5d1ca220cc794c878b757b

SHA512
fd8788d8e84a3f4268b559991149316f928a45f25635c1b58ffff8514bc38e1d7a1a2ed675a76dd9e833fc48bade6b655475a1c7dda50cf94aa2c24e9f1178b4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ff4408f8a6c073d9d13b6d69c4905e44

SHA1
473f32d949eba26ccea7dc0cb1b962e984b1d602

SHA256
bfdbded886e645b6887efeda1719047531d33f8c9850632943febd55219c27cd

SHA512
931452410f387c5dbcf154a0ddad5de28e4c7e98efa10122285b2ae235678c20e7577f554ce9014b14627bd7b09ff1f1b41e3fcc3c8e431bb1e6ddbdce395c71

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
95472b69137119bf43ee21d35d410d3f

SHA1
53a9211093453cc4056c4d60e5054bfa05314941

SHA256
d017aaceb1bf90f80913f7c1e99422a41bd95e38fbdfb06308ab10e1007f00dc

SHA512
b8c9fe26beffb87ad5ef1663a3893679f88534832ec1b030d33f922eb177b906e0d7f0dd8fc57b0ba2d0a3c4a6955c77a14253a603a855d784f8b8af55bf7054

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
943f46b286f7e65928c5657b6c7b97a4

SHA1
6e0bc09745131b8ae3eb7676afcb4a03644600b7

SHA256
ab037845d29971e2673ac1458c354fcdfc6a8d968c3b6de24462960f5fb3c3b8

SHA512
02bf2cea2f2cf839e44a2a50780517becf1309b65cb3cfc0a220a229dd4cf85ca603c30b9f36b6f29c9bb247de49ac8a08f60036db395c4aef52284075cb0714

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
b63369a3d7a1e3fca943217ada6df29c

SHA1
f6d05ba6abdbe213dbd052b790577dc2176dd64b

SHA256
6933332cd7ff8725364962eb08849edae5dd8ae50ec25648947e1bb0a66188f2

SHA512
b6d33adf00acc9b807c6d45dd8bc540aa18f3c43daf647b8108409c50b250dd58d559d50d4f36a170a4d266cc9a432d15634362b1dfa6e63d7541c5924365835

Download Submit
memory/1872-6581-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-6582-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-10988-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-11139-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-7-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-3-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-6-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-5815-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-11416-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-5-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-11421-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1872-11424-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads