Analysis
-
max time kernel
95s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01-10-2024 02:31
Behavioral task
behavioral1
Sample
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe
-
Size
7KB
-
MD5
040d31fee8dc69b4c0585494696d4a50
-
SHA1
9434a9b4f3e17a66de0ca3f7c1fd4d5e88ddc188
-
SHA256
dfac10c147ca8ab81e46a81fe46e874f13894cf121a9cc67e2df4f3b64614ab3
-
SHA512
ee18c862771ce6ca126bf33e701fac2a2281e17fe550f31f8352ac20137a9744ee9e96007007d8a5f1dccb034e61b17b83a015752c2da0a16635f24f974125ca
-
SSDEEP
96:FpLZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx1TaCy4oTQeINBXlqfi:zzdrr1FG1WDCgmjPZ1kANVl05MUA
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
Processes:
resource yara_rule behavioral2/memory/4396-7225-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-7227-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-10719-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-10868-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-11145-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-11150-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4396-11151-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_battery.inf_amd64_5637e58e54fb24bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_2f8cc39571965376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_5a503c811e650e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\DiagSvcs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral2/memory/4396-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-7225-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-7227-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-10719-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-10868-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-11145-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-11150-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4396-11151-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-336.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-24.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-125.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\MedTile.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-48_altform-unplated_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-200.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-400.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-400.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\MedTile.scale-200.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_DogEar.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplay_white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-150.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\file_icons.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-unplated.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageAppList.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\THMBNAIL.PNG 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsLargeTile.scale-200.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-72_altform-unplated.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-200_contrast-black.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\Internet Explorer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-unplated_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner.gif 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\10.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notificationsUI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-250.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\placeholder.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Moonlight.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-16_altform-unplated.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-200_contrast-white.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TinyTile.scale-100_contrast-black.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\MilitaryRight.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-250.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process File created C:\Windows\WinSxS\amd64_microsoft-windows-stobject_31bf3856ad364e35_10.0.19041.964_none_2804a3f5b45d48ed\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_10.0.19041.1_de-de_78a372d236c34738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntmarta_31bf3856ad364e35_10.0.19041.1_none_3bcc397d635fe6c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_10.0.19041.1_none_5306d8ad3dea0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smbdirect.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1e61db814d7f62d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\Ninja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_10.0.19041.1_es-es_e6712cc01d2a66e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_c_scmdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_313e5e6c100d92bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_wvmic_timesync.inf_31bf3856ad364e35_10.0.19041.1_none_b52ce7d46916fc90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_multimedia-voiceactivationmanager_31bf3856ad364e35_10.0.19041.746_none_bf2a1e28223c5f57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.19041.1_none_db3463b66241962d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.746_none_f62e5d000d9f4bd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_11.0.19041.1_it-it_5132185597bb0029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\view\common-button-template.html 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..gging-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e4a9b7d0fbc78c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wslclient_31bf3856ad364e35_10.0.19041.1202_none_581ccd420e497fcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_10.0.19041.1_es-es_b149b1243bf625df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-aadauthhelper_31bf3856ad364e35_10.0.19041.1_none_6e0250ab539cac5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx-mscordacwks_b03f5f7f11d50a3a_10.0.19041.1_none_a45cdddd8367bd60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-o..ore-systeminputhost_31bf3856ad364e35_10.0.19041.1288_none_5eff413fe8f86642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.19041.1023_none_9583d52fd3076014\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_c_scmvolume.inf_31bf3856ad364e35_10.0.19041.1_none_d0c1bf27eeef5898\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-l..se-oem-professional_31bf3856ad364e35_10.0.19041.1288_none_def92cfd289b607e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_699a0ca245158f14\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1288_none_dbd2bd89b002cded\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_10.0.19041.746_none_4f7f48245db60e36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.scale-125.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.contrast-white_scale-125.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.enterpriseservices.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_0e05a98339411321\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.Resources\3.5.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_it-it_f6afee75dc41ae01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncutil_31bf3856ad364e35_10.0.19041.746_none_a4807aed01fa99a1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-antimalware-scan-interface_31bf3856ad364e35_10.0.19041.746_none_3f024f186a43ff17\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.0.19041.1_none_320b71c34d9c2946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1288_none_64cb20c6329bf2bd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.identitymodel.services.resources_b77a5c561934e089_4.0.15805.0_fr-fr_4b90b9fe626a1321\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_10.0.19200.110_none_43ef36ddb083d4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-httpproxyhelper_31bf3856ad364e35_10.0.19041.746_none_eac0e620e65e67d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-shmig.resources_31bf3856ad364e35_10.0.19041.1_es-es_3fed9722db667c00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_aspnet_regsql.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_38f56f4908397035\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.contrast-white_scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..erymanager.appxmain_31bf3856ad364e35_10.0.19041.1_none_61ab84439fac4697\Logo.scale-100.png 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-protocolproviders_31bf3856ad364e35_10.0.19041.1_none_a9463f49797ba834\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_c_apo.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_61520af78d59ee2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wcmsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_aca374f1c343dd01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Globalization.Calendars\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.DriveInfo\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.19041.1_none_b6d8bfc73f89cc96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup.resources_31bf3856ad364e35_11.0.19041.1_es-es_3adb9084dac17aca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-v..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7504bd4a42e0908e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_10.0.19041.964_none_917daa321cc2afb4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.visualbasic.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_7f62245ba2442987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx4-clrjit_dll_b03f5f7f11d50a3a_4.0.15805.0_none_25a05175745571fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_51e6855ebd920709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sa56e3556#\28e8136efc0106917929dfc00d97eacd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-web-http_31bf3856ad364e35_10.0.19041.264_none_d83f503a0f0af1e3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmvencod.resources_31bf3856ad364e35_10.0.19041.1_de-de_89af7d9f638d5a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe,0" 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\ = "CRYPTED!" 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\DefaultIcon 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.Zalk\ = "QJMEELMBVJVHQYV" 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\QJMEELMBVJVHQYV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\xFYWU9X9m7k3f76.exe" 040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\040d31fee8dc69b4c0585494696d4a50_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5621f91ac88fc057de59aa00548e3eafc
SHA158d77cce82304da60db9feec572f9234c8b4b205
SHA2563f9a1f4009268b26d2942f9f3ed1462f686329e3567acf56e0970d6b834d354f
SHA51228138d8936f8b5679d69ef317458ed87c352f1f8104ac5d95927dd61b4e63e76ebf7a2926b5783fb9ab255f5477685f2aa8ec4aff26e612d320c88908451d332
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5d93fc92e9ccbe79b89bd524e139ea796
SHA11a328289a0245414c429305480a389c54b5bc229
SHA256b1e3c6c919df026d4b91554effb203caa07f76153c0b10f99ac48593d7aeb42d
SHA512d9723c31d7ccd9030770fabffd38648a89a802f0624d8daed12dc94d79ef706ea4cda24b26e4bbd524447ae7ae0e93d92120f3a13be738026000d14dd6b3a6d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD50d41fc40431b9a349c778baa75c2aa83
SHA1c4cece708675b57d935123218cb8178bf403a536
SHA256787c0d0ccbde352d906d073ceb7a40192b342105c09ea990c10d0d2ee102a554
SHA5124808071cd3f81feb4874f20619cd380ca98285022b96535e3ff8055c9a191d82bc3be30a391f31997751d32b5dad01a70ab07a4199f4322ff786705defcebf7d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5510f909230aaf50cc3d6a69a08fdb457
SHA13bdb09049491b8adc1eee83de7cc1546efbf9b29
SHA2565facb72d4ef642e47af16e171dbc276ffd512abd478c24483b1c825a2c3dbd9d
SHA512a34ce7faf97306c2b20be8843f03ba8f33a7ea10820fcb0c56af368e42d206a8eb82d4761702ecdcce649d69529f9e9edd55d5d495d49687a1325983158de872
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5fdc1dccaccf58ffdbe07d49f432ff0c4
SHA1489c1c165af5cbe63577f25e109f114f483c311b
SHA256ccbe3a5afeabd029f65577b815d3fd112e834b29015b5a4b96962f6c0e71b137
SHA5127101834dae6dc55f601072f08708d3051f42bb193986e23d7eb971b02c10518f456cb106e67943a0014ce1c73a6b7dea806912f45a0b8d54b860a998d5efb4ae
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5f4bb06e91a53e9aaac22513a1a285f69
SHA1152287656670cb081fc6dc6e92167271e6ff3898
SHA2565821414a8249694f9c916264dadd7961d7b4263b720aa280b9dad59345203b54
SHA5126f89a6c87a30114efc0f99084c1691b747cdad357f327696aae0210dfccb4bc70a912b2148656168c4ccbece2ca9ab12a2b146273fa5f9da3aeb3a47c6b1cd7f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5a7d314a38a28b27617bcfaad1248b914
SHA1b3a3346e665c0ce4024b7db8e274e0e526655cbb
SHA2562e31bada29d1d83c9720c9b6b5720184914a9066ee217503584fc3f9b72cfd64
SHA5125fc0e4df0aaa0defe65349b7627653f8b0b168345b59b46a341eb1a0f7ad1cdff7588fdfd0bf8b619dfff6c385bb7e965d22276f2b1f54f66b58e92a063b9f09
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5a693623c902c5dc9504b38b3cc8db9f4
SHA1c8788b75f2df686614c040cfd7192558de8e504b
SHA25689b5e16866e9767c6ce9a536458bfb264aaab317ead26e477d73756e671c5aea
SHA512cfabc08bee40f738f34aff92f43bfc57c4c0069b5ff200936d6f3a7bd7ccb7b16b4917cf25e3fefb163d60ecd6b01b27a909edf0b032a78493fa8738b6a54ef1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5afd8dd3c3e8bcf0544d2c3a5c35099c3
SHA1e5f35e706db090a42a63d75b3e3d6184fae58465
SHA256d7d8e401f1f145a1d823c771645eb77f2fffcd2a70efa0583d0184b0859e5944
SHA5120b8c3d73b594b5f614a0c99bf5f9d78eb5a72adbd41442f8b9a91b08d8b3c956172e2e1e1725d7668584f8adfd3a0e3920a4b3fb4e1806f7080d2733984682de
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png.Zalk
Filesize388B
MD52503dfc2d1197c249f0be841b920cdaf
SHA1cc31a894cb50079d95b980b48c7a729a44ebd7e4
SHA25620d4267a4364696ae362ee72fdd9c1379ba7652ed619ac20e4265089588cbff6
SHA512701de149195b6c496f4aca63258d3da92e61cf29be2a6ed1def8aa42847eec0716ef8f858c3a9070781d6936e7ac0114eb2dfa3b29b729771aebc81c36c84eea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD51d2c7a86c9bbff8d4d7153d1f0eabc1c
SHA13ffb2aa11bb79aad1209bb7628f933644b9e8fb2
SHA256aa9b8a0d745e7ac4e39e91376285444baff1568495cbd4f881c355b364db663a
SHA5122107665ebe3fa60a516923563cae8fe54bbbdaa5158e6463bac08667d699baa8b97da446dae416cd178f3600885536f457cdcf6cd2b9e06052da628a55800352
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5950d58c5e1d2130c213ce5b7d72eef52
SHA1f09c0501af3c7b1affb17697a080a5a65b2293a3
SHA256827176d2f2748f3a2bd2f8fbc415ea85e68240a4b54f4a8725b45b57d255618b
SHA51213a36b623f4298f30ea884cfc5aa382c52611221046e6b13731ddc842d3efc955f12e3ad75f97f2bac039532c46d750c41eabcd564a8a06ad6162b48f6207ea6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5b69e42b2e20907f708392de75c40b23b
SHA12f9fc7891500e29181bbde91275a042749f28826
SHA256841800875640c7c64cda1545b06d2855f48489e17a94f770c31fbb07fe65d2f7
SHA51277d3f9ea04aa9e2cab14997462fa05c3c6873e78b9a4b9804543f0851861ef8a337ac424ebaf94bc3a88d60a967d09faa96798de3c328f70febf10175a37e204
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD561732bb72e0721e5b800d7b304fc639b
SHA1f0a77c862c7d07f4067bf2a87dddea1f58b885e8
SHA256de8002619d620e8939924ef27745e4dfd4f8796d42a0c4d1bb8e628d949f88ca
SHA51272f44c6e3cb77986d0a3b36fa170ee51a8e68d6ad6cf8e2cd1d49e5fe741ef085a086e8d1aac6945ef01137fae9d6f47c809a915e13d298c27f872ad42c2fc11
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5f67910d694d2d740480c56435cb96e14
SHA166c36dcb5b81779a81c15cc452f55ed127f72692
SHA25616aac44289307669e349216b202b12ad0334a1a3a50a5afc32aca9c6da7c9c20
SHA51219d326e3bd43bb8de6325eced472cbfacd0d5333ed94537adcf88262da66b55a308c67e2d1b637626fc43e6267986769cbda7fb3df1a71e79f7cfea04ada0407
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5818e398f12464a290cc6899d2b76d82c
SHA1aea4b9392a46f7fc890c5216561b571c6a59d4e1
SHA256b29944af85353f4dbf5f2fe2bee7d6b7bb7c2a95a1250aa8d1ee6336e80158c0
SHA5129d4178df0a4c88d58ef76f3f03d6562b1aa64ebeb0d6533cc16cde72486bc41acaebdc770c1d0ff735582d3dbd73a088c2ff25eae683200ff17a4e878aff7b24
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5474ab515f29b20631f0b52c3ecc9222a
SHA16690b15ee830f4e5b8806501fcb1117ac8d3d1c8
SHA256feb962b016664576bfd9a3c3e186246d7efe26fd5fbb1c9fe7340b6fe5045063
SHA512c178c574066d9f508ca7da9261f0eb61a78023908ce0d8ca929322926f2b770375185f08c502fdafb14f2b6cffa383a0965cfe17b67a16b365bad538edc355f7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD50f5f08eb9be803f8587653fe0c782879
SHA18a05ea823500ad8dc53fc65ae216c19410a4544c
SHA25637f797560996a6062328aab1e8c8c27a87afa50fe9d3496c696ce3653085abdc
SHA512a8047b0acff3e49c49818140ac5880b78b8dafc56fe41a26f45cdc5e7b58df8f5080ca653dc5554125cb025c9f7d50e3dbc65a550e35047dd628a7aac131bd8d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD57f5b53c835eadca6df96088f9ed1aa9d
SHA119e4d795d915f8a6032ccb4b85fe765e9855bf4a
SHA256fd4be8d4da44ddd248dff30b50d7a6c878c5f3fa86191589ec393ea14d5728ec
SHA51205b9d1dc40b445ecbf292a85f7668067e5fed3a8f4a85767d6289f530d36ff4b50c06bc4e75a2d878baef8ff36a835530fe2ccf5a8fb6e8ac5c5d8867a998b7d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD57f890ebb157763380553b4cfa8f8e439
SHA17e265248fdde53a651bfe6051a511e54f2438826
SHA256bd1ee03b0cfa1ce4abdbb70f458a5cfec851e3703b145450bd530dd2b0f205af
SHA512aa1afdbcaf82b35c49c06c57aed778dd5236ea3f01d3911453a87787da0f5b6d39195995814096a851e5522e801513d2c6623eb1cef33242ad28d5d05456ac98
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5a1d8eac3545fd09e685faef34a5e44f0
SHA1770047f0ba8648879c14c7cb6892a6e88f7043f8
SHA2563a473e78a60f060a3abb5a3eaac99aa7112c4d0b91000d77215a0a6b94395938
SHA512f0a0f466174a21f51b5f020f6428cff6dbf6069fc944fd9c7965befdcd37fd988e745fd24f4203581cc8511aba207d51c959ec76618c8334a585e36a49bb15b3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD59da6e1a4f21f8a516ac95e7e0540290e
SHA13c3ec70d7507071e88117b70f51f9aa1ae34850e
SHA256af66f50ee155f09c996aa42e29b803cf62c70bf3469c1cb2130ee74b0b02d36b
SHA512081dddd5055cc3ad36fcffbff94455e76128e1f016843ad4e288592d8550eb4da2d5c58921d3a719bced91a1175918bc4c6a9c62f84091d422be8851245d3a4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
Filesize19KB
MD59ba3d8a78dde14296d3f88d9a6cf29e4
SHA1ee1c8b2f7d69186444095ed28d40e1c2de020ad7
SHA256e6a83b2214cd2694d9d8c8c7d05f0932aaa645a5e9142f75cbf26a7e39501043
SHA512be248b81fe9336c4e1bab79840f81eb9a8d50671a6c9d1e70bb02ef496bfb3016de8dd8a83cd64a390c0a24d8a6c5b7851a00d96060f638d444e81f98a935878
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5c854879951f1171c16b5cbd576fba9bf
SHA1641bb93c244dc3b047a1ca4b12cc7a626d96459c
SHA2569911751c815bd73efac75780223cea9ba19fb6b1bd09103571daf4a9a036172e
SHA512fe35a6faa6f15cba751c7aa72b13ad28ad094628261854c04406689517de4f067b6db5cddfe724d3e3472f815157db0f4a8daa0bc3f667b445d2e1386efc197f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5e08a9efbf7dd2d52cf5d6b6574d1809e
SHA19c0ebda4eeb55ee31bea37a1545ab2f6b92ff20c
SHA25609c3ec1bccf9434770dc37f796032ef1f87f7bf337fc72b9615731212115740b
SHA5125314e84ef10ed9831c679bffa4f9689c06462b9081a8745662b5caa5543e26bf9ef4e93ba0372834948b0fd631863e4496c88f07c6522510bb81e3d509107f76
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5e5812b217e2b1a9eff555ba802307026
SHA1c57a534a52bfea6c8a9fbbf08369625660528531
SHA256458a94dbae15bb3f98f9e5989fb01c5982aabc1e12d33791b4348e724cf01442
SHA512d89df1ef3004241c11b6b6113a6d1e0891e7589efa63768b82a5afc0d286877fd27ae8e8447f43716a8f9beb6d9fb9c168c3310be53abebb1596e2aabb2e1a93
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5fd5c8fd57c9703739ad72b86e7ebc077
SHA15b3761d78ea8256274dbb1cf2c08fb39b1f8f30a
SHA256efda1c6acebab621fe0ab065682a911466b2ae6a2c1b0a6e1237515f46c41277
SHA51216653693d769e2435137eb6f10639f985f4f6fae99afce5e9b871e378974934587c85dc12e4c8432663644bd1a62f0afcf92b35f223cb5c8217d1072c91496d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5ae4d9dd15ecda67982a2826e8f20c383
SHA1575e5402b111b686697832ed247230d85ecb0fb3
SHA25697470fea9109e4579cd3926b61aac021813df25a3403f6325c9220d9c93fafce
SHA512eaf1d780ee0132b139e6b502d6821fa98e4a97d9994429b6c6039f45bfa625a85cc44619110538b1179de66791e82535834d50b894c2af20904e0401e463f8da
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5f2f4ed9ff3c53b7f579e0a3378db56bf
SHA1b573cc1f6d21105fd38a100dcba825a1d8887c00
SHA256f1e7632586a74a4d1df0fe99498b636bbc42b6b42d7badca77cf23eb9ccf96f2
SHA512d77d1953ff2d537ffd1790a95fd5721d91a188088b63e5637420d30c589dbd47e43dd49e81c7de20f74c90d0c23ea184d508827510d9d3cca8f6b65ba0b0093d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5c2a66b1134a0170c5967cdeff60b6ed8
SHA19179da0c1799d4962d038f9dd78dfde468a6ecce
SHA25606ecb3181c11dc508b99f41064831f319f38710baddbf8056be79d2388767a9f
SHA5124062b5220807d884166c99bd83c86944792d4cbcc358f3ee58103345fcc7e99c3b05fd2fd6e185aebae780991314d5ce864308139ce5d2fba460b9ad900dd9f4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5b7726b9cd0f24e3fa3f55383c6ccdcde
SHA12c094844e9abf697e8f04190d01d00d39080f678
SHA2569913b0c7781f0674d074461dcf938e6bc2e046e90abb8ad917b90d7760050c24
SHA512f86e03fc221ce580c67271212da12a3b52adab69b74d428477293b121b22bb3d292ec4930dc7350f29a73015357cbf071b7b3ff26694ef94ed1246d587fc994e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5e298de2e9ec8d6e4c5553928d31f6e05
SHA192681b6d813f79e84522753622da1a696cfd1763
SHA256780cec9cd74d265d164ed25d4030314ec0a6c93dcbc36008f8a0eaa1115ea7cd
SHA5129eff2100c66507c0375bd0d9db3bcd371436cb10ab76670aad04b0adb216c12b4fdeed888f0313b81b21289c97ee21aa49d50db85560ba3bd53ea6c113733488
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5fce471d1e4675df85a9193fce5f296f5
SHA19083c74d8c786330f88788af4126e768f886d668
SHA256816d0fa2cbec0b94533786de49c17ec35e92162c7956e172c69ead9409569cd2
SHA512b7c4cfc51ce2ec240e74358f2c2ad8356422d1aaa00521c0d59edf85ce3b634348ee7e1ce1d61b8c65eae67cdbb13616fc562f7f0cbd27c781ec0853f33d2947
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5d3c426c265f35b2f5ab8a357a2d4e867
SHA187efb1584c75c61b646fdc48da9f26538e529f26
SHA2566b4dc922f2b55a3534df4ce3f2aaac9ed7af2e0beec5e6b5106a943fad77dc88
SHA5122f93cee794972bb4c1683af49af00f2bbe7d5280d6dc7155a0e41c47dccf86695320b6185271e72778f94079d93a355852711ca83b417816148a11735554b777
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5366d4538822c67aa52a52469d62c0190
SHA1d4efa2b851bf65bd5612f21c718e79ef120cb8e2
SHA2565089f0a62aea0e7543005a78081b1d823e4a89bc527000dc86d57641a49b5bb8
SHA512f4c6e363195fc4e5a115b24b6054b84d86ae7677897c8449207fc25e2e1f843a50d2b3a6d9c2894c032a937242763e33afd820870ee67fbc250f47d221212272
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD505b094f11d5151a5cbfeaafb8fddeaca
SHA1d7925cfbf498d4c95d0e4a4a0a572ab272ea9d4c
SHA256c682da86510ad4a2e68d3e4266ba7c8db1e306cc41238bd5a2f0cda0a171f3b3
SHA512491a8a11de920549112783f09c03c25a2648eb87639a4feee9e563053bfea696206d1e1744f951a3fe149f4c73e618fe84e3476ef18c4f31ffc9ff6e52cf06da
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD547bbd49ce6507b3e2cc8594985d1cbb2
SHA1372267168008a2f370f95250b039ba0b1c23d5f3
SHA256d102a4dfe494f7dc480f2c79baf6395c78effd8d244fd854a3a35d57faa66206
SHA5121f10fa47fcb5e338c9718a32f65ff85250b29acdec44761a39eebd8ba3c3237c4529aae839c3912f8400a84a123bf97d482f2c57ffe98698d72a9fe15b544f57
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5d05b132e0a7c818dde244ead8b01b90b
SHA191d1a846334a8f1707a2350094a6db9a7d4d384f
SHA2569cfb5bda37abc779e6208e8a66e26505c1af71ca70dc677ea0e2f4e6527daac8
SHA5121e9a84b055b3fc5e0abd5328356e45525afe8bf271f55bd46f9954f51d408732341c218c59db81bd5a6f25695f74840342ce30f022ff2c71e1382d25fad502a6
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5d83a666ae9055f3786a7b004d382fcf5
SHA17072910b6e9d8f854d3ec954bcdbef0ff863f240
SHA256dc75b2cdb6c35a23e55c144632a6a0d2473e2bac988d83fdc655e29b031241c5
SHA51294c6564643329597d415a6a48fa7dec4bb3e56a7bec63c29b9aeaaa9892b02079bc7103f2bc3833688e5488eca396b1e757cbc4cda4c554754013de67a586231
-
Filesize
316B
MD5a10e814d9b98dec5755b5c72167366dd
SHA16c01d1061a7fe360dda69a055f696d3c42ed0984
SHA256f1c5e45ecfea34ba2b14805a7b003d2e4679c17f538c8af3e901b85098a2ad90
SHA5121dd03c68c53941c542b48b27ceda6f2f0c8e310b6b250815562866c3439a38dabb92440f5a0f16c647275de4fdee2a1621ca1ff40b16f925c25d3e717b0f5f5d
-
Filesize
153B
MD58be8bdaa523cd7c31262656a44ea6a07
SHA11fe97813995ee6d8e745d606bb189af3795d76dc
SHA256eff1d1a42aba4145ec6829bf97848b89d15bd054d2641a0608013edf53204ada
SHA512930ebb3a88e8c02a29072c5774fa6d000808bf71d1a89af9a80009d274aa2d35ef6b58665f8dc89622478cff84d1dbaf91ae73607e72a994999de03bff83cc2a
-
Filesize
190B
MD5331077acb44205971c5278c0b897badb
SHA13408478f01bf250d047ee9114df0250b90f758a0
SHA256302b1c863546603b17b3108fd2fb9ba7d6ad3d791c71286e3f5a2da353781c01
SHA5126284760b24e4a7c7ab57e113b1ae48eebd94148ce6ad64d70323f310a983b212513f7dab3aedc718c648f3df59269bb829ae903415feaec1eec56d5da1984226
-
Filesize
190B
MD5faa89c18c97f035487ddf284b39adbdb
SHA11ff4ecfcc0c8ded4467ae5e2b2787154ce4dad41
SHA2565892718d1cd190a66b554ed72f9b725ec2bf2b0fdc382ff97f404e4fdd5aa468
SHA51233fff4d9cae915635e106181bc096a74c22a9cccf1cf86ee69298e5bd2d3ae15328503d04b33fb4503b5ec53b0407e79026369a75b387d27831c08b12de835bd
-
Filesize
1KB
MD53a7c76538ac1d133ce6205a9287b4c44
SHA187033c2eaddee83ef0b45515ac91c84ff3fa6b6a
SHA256b74d885fb393c9b96131aaf4fe238827e5e3480ba75d53d15b4b5230a56d9471
SHA5121b922e8b5d748f040ac28792ed707ffd6b332fe88e77f953f13b34dab6974f14fcf1836b077218e881193020b78f8d563c7f51385f7acaf675290203b143a8b3
-
Filesize
31KB
MD5c47c45d9f5ad8ba77f288e01058d91c2
SHA1e33d5e28f13f692e564fbbe9e4a41b967489a329
SHA256d54251fbf7be1c1fe4c96f167474137bd74915dbbc72f360a26e6e3e4af95124
SHA51297d286a024dfaf71bd42ff71314386117453fca2b4d5bc1f3e7cd5af873f7e5c1e90e9cb8b2a0482187e7d343a8c1e8cdcd73d1d2ca37c15fb366270ff9e1f0c
-
Filesize
34KB
MD59050069e64586b07aa74a689a13177c2
SHA1d6fa1ea4c28b36a2a3fcccf3303a78309d1f85b9
SHA256a99b2d7788dedd0af6ae3477735bb5f5c4168c70a9eaf4f7c16620fea9fe3e9f
SHA51202d5299ab41224c6638a207fc4da66e4af680eff4b74b6c57f010fd2364bb1a20f214a80c76befca863f99a26623a8fca7c554210a8ccb45edc6c2222136c40b
-
Filesize
23KB
MD5aaa49b3beab823de682894793fea9932
SHA112958d0b584168a7d8266059e732cdf0264fb6a2
SHA256894bfafe85f08bac85872ab90600f5d7d30da51dc284bd572f925d76e10d9fe7
SHA51239717e5d40e32b73cd803ef1ead0dfdb4793852b8c9eb24c8c74fe5a96c7b08dfdc4e6779eb5f3fb619106a629fce671f9c2e28bde8392f3cc2eae4a5250b2a1
-
Filesize
2KB
MD55cd027bfabe5edb5ab695efc8c7c9d74
SHA13919a9e650e1ed3b515cbf0c3e1934d8110921ab
SHA25676d3c12038bd5f4f120b74a4c258108a73d1bac719bfb5cbfba99285d9eaf5ad
SHA512d43003ae56f303766dfc5cbc6647292335ea80fd1423d2d295626d5279d2b134352766811a8bec525d44b2c67f0b924a2178c223b1e108e77c9c7c369baf753b
-
Filesize
1KB
MD50c69eb5c3aa02e5e933c6df8adc3ac17
SHA10179dd4097ea5597fff01059de8513cc5125af48
SHA256ffc2134de3af0d7f1c37399a8e1bde979193196a89463bb4899b933ab0a34fe4
SHA5127a69a1e69045f7a4e8f272c07e590412b3e771a8c94a9b43c2e4a336443fda9be6ef11600eb32cd07e79debe5f7918de39b38a361daa61789db7ed73441d7c70
-
Filesize
3KB
MD5c74eebf0038c27c3bb996b29746e7e9b
SHA18ce2425a5dc10119f214e9865f49017ee7fb4175
SHA2563faa10ca33c998b4565f469c417616fa0298eab9287655460fc21456e8bdd707
SHA512a823b1edbdf81e1e3c85145af12b4b32426c5a8601a239d5d1a258c01bd9757b97de3f5415b382b1b7e2339fef3620f3d14c6350c8f076af4d6e66a0eb0567b4
-
Filesize
2KB
MD539153f808690930e1a692836fcec3769
SHA12a28e39ec5bd9711b3eceacfdbca02def8bfb19f
SHA256cfea6a8ac8aeb07363b72477e784796eb4016cbcdd6fa2888ee8aaa048e6a663
SHA51235d5a98fc73dcfca412175808ef86d28d65f4faba3f9a2e0f83f579d4a26364f62c71406ec1cc2669dc277172c4d62a25fc8397314425395b63570aa6c8791f6
-
Filesize
5KB
MD5c81fa30d8ae24a696a2b7517856b67c1
SHA1f1c0a1ec424223818324f1e6e65cb93c3bde66ee
SHA2569ac843007e7809df233ec8c926e8716846ffa042886a88f15c6090a000eceb78
SHA5122081a11ee23d0f8a0a360febd3c0fb566ccd509bb4ac39709a73becacbd20d884a10133c6ce582550555becce5b5c3a9e156608b82437295734abcffe886c46c
-
Filesize
17KB
MD5ba5c8924c7fb34049068b825e189f70e
SHA1e2dfd69af7263b20dea1c1d81df3013e1a8b5769
SHA2569d16c12a51c6be2133356757a236621c6cd7ac355b80ad86308b59e6898ad15f
SHA51269d525c4328bed956c1325bddb1e3d875ed7f01ac42839acf4d822ff0495f4cadd04a695d277aa221f89b2d4df8a672a6fed915a8df17fec43ccb31c3e63b2fc
-
Filesize
320KB
MD51c1a265cf4506e5a55ac603a1f3c9e05
SHA1621bc7a98cec62d548485ca06f64c2ca35e2be54
SHA25657676d2dd53d41404669f4abd7c83eb851eebcad8b10e4e868bd60904ddf8762
SHA5123440796b2267bbf1a4fdb3c1e6a6fc8c26b6fc4488b37a8655be9fe8d2ade16487a81d082a336e4a7286047ca59103f4b2e3a9b65e80a4b52ad9ac4d077df16e
-
Filesize
1KB
MD5f95e267eed755f03e0f97ef7050f1ff1
SHA1b923c21f03e8284e7443715a34ff72af65011560
SHA256e7bf79dbed21ff6b8c52d22e5100af67d9ab0f43e43ad774564a7508de085664
SHA51264f3b449bdb3dba5dbbd02cd409ffbb449a74f56fe062a013ecb627b702ea9cbbf3524e7ac1b75f455ab4bffca94daebd3c7cbf4a80aaaae5a809afa953b403f
-
Filesize
10KB
MD5b6a2fda86f01b45e2df255273c6079be
SHA1f9f4f0611aab43da97674f87b544a68c8167aea5
SHA2564a0ea3d4f58795f09e897ec3498d5901c3a5d9b18a8531f41cf17513adade86f
SHA51285b3de27c67a94f88cd2a28093472bb847fc7781bed81dd1e4df2ab8a33571c3fa5be6ec08a70d57237ff1e93fdbdfedca60535df5f4210c4c4552b74e801ecc
-
Filesize
3KB
MD50a4ede1f40b19109ac4d632bd45d9957
SHA18d367cee45d886b8b42dbdd6a1dc9b8fb076d28a
SHA25658e76df2cc9dcbb7c8c8e2b46d4e0a67f1810b5d586a033484b98330bb2be146
SHA5124e5ab207cb41f29a93b2ea194962d5c59f5e7160517bad2597088cbf2fd57dc0e0e6d33730f913f90630c2710b7157d3b9774de7ceb7675c8734e455fce99bc9
-
Filesize
162B
MD5a2c035e1f4b86427e4a7565561d987e7
SHA135c89652645e1e5af1650d5a396a088656d8ea0f
SHA256dd7fe22bf5f4895c188bf37fc0793967639d9803bfbd98e7eba9674cd82eb855
SHA512a34848cb8d9f9215df17d6d83c91bb3094d4d242cbe1edc205d27c8b87d091ac870647e5a3f7833d2a11c69ebc402fabeb915946c0cf5696eb755314b2e672b8
-
Filesize
1KB
MD54a92116137013491f883e45381ea7499
SHA1e19ac19ee1e9c820c89e2ee73655c58f76bcaf31
SHA2561d1a33acac55bde176dc9584daa8585c146a9ceaf73e7d2cc390b92c435e8cef
SHA512e798f908d0903ef2b89b7b4b6b26329384fdb547c963f50a9e6d2c4881c2af330dc5b58d47fab70ef963ed28fdee519cf76ad3d37855049ea4db2f7634e991d8
-
Filesize
3KB
MD5d5a8e5b87f2a1c0c839d9c7c2ce1b50f
SHA1b9dcb05609a756202b636f6942f67d2ce382fc1d
SHA256778567a6ed123e46a26b7fb8fdf0cb5e9b3da9fe300907b70fc6b7354f9421b5
SHA51267d76df33aefb33f33c595b4f91490cb59d547b6ac1d3432bdedfc67792f765c7759da2ecb6526e21d5bd580ba241c0683ab5e49ec82dca28d78f3a1a473a005
-
Filesize
1KB
MD546d56841d6f3c51990ec804f20f81a93
SHA1fc9feae0fec58dd50c5144cc443953ee53ef9c72
SHA256dfee3f92676942b5dcdc37283c485ba734829c3257362df2f3d31b307b8e5013
SHA51274636fc0884a4318175c483c68d7d087bda0a9c7b5b74605af13fe04cbb475038d26ae03f197a08c3612ab361a0cc917db2cbda01a6802f3e8530338dd509df6
-
Filesize
28KB
MD5122119797dae74c29cbeac7c26abb007
SHA1fd0bd9c086fd44b7ccc83d43fd06277766b2d812
SHA256ce89cd3b9648607a186791bfa5c2fcac568aae72775b9225567e4eb349205b9f
SHA512bcd67d865bdcbd651ee376169c7b42f1f428e6a035b30104904f65fe1e0c6b20a0e5c7d3c7f932b29e2029420d11ef86988579de679f16b2d4d0861ea945543d
-
Filesize
2KB
MD555fc92facea16e9d232c0ae2a99d2bbf
SHA1eb256baeefcdd675d27c4a10e4ba26ed0d56b9ff
SHA256a50b5f0b3982870a372d974b6eeaf7883d6f5c98305f7def48bf95b556cee4a2
SHA5125b152e7c23615bf894c8d7ede0f4b0dc12063ee9520cf201c7e404bffc97450475cbf61e11f1691ec0f80094d4fef393fcb4f803a7bba8bb7714146313dd7482
-
Filesize
1KB
MD5ee302d2e8855162ce1fee66b2f8f011f
SHA190f860c5335719bbd5a23989bcd39f587a5467dd
SHA256fe24c4722c72556a4d7bc883b42a6402fcce9e7d8e42ee04ab4a8ff9d38fe22d
SHA5121ec0d1bc892143afc0a82bf6c9156b6f275807b72764c64cb18f50b7ad6268577f6db32d8b566c4e946ffaa59dd7e052531270a323f8ccf663f9800732afd02a
-
Filesize
2KB
MD536eeab66b10be80abd877f2b54b00a50
SHA147996b5c69139ea84e7c3dea1ac8558232ec0c1a
SHA256b73e4c3c788e4444038118bae4da32a5209ad58bfadff0b5302378abc272a9f3
SHA51250894c8f6590399e2e0f478d56b45c39be7d25f858376c3e5b2aa36a313508d9ba9773a43016a875122e0d83ca9d600c4b3168e7820a688d0aaa7146e20f3e81
-
Filesize
1KB
MD59717d35b0f6d35587a00935a0eb94a4d
SHA11a4fc9bb629372ea8388bfd3e66eb340fc1e4310
SHA256541ec597348d5ad348bc0b172231907c4c8cb63fc100223baef510a45e499df8
SHA512e8fdff436ad02213422333f13a91edc2527de9a6bb512395fc8f9246fa0b49dad148e2252565902c8ddb89d883b5b852c224cbecf3f92f166c1dab04ec8c97f8
-
Filesize
1KB
MD564da603a7a733ff7066daf515dd2eb39
SHA183a41e1807c39da5813a489a5b38b999b91bddd3
SHA256eecce048471185f3711be2519866ce9e2032505319720858cca04107f320268f
SHA512b244658efd3c8b0efb845dbb0f7036c0529ad75fc96d2b454cb46be416b78250f42c327793b8030cbdbf166965c8628e08947c49bc9b35ac6e69a10dce34e762
-
Filesize
1KB
MD53a4a45b5977ee2700187310022cb3bfa
SHA15ac7622a90e64870cadfe1ba6a1eed6ff60500f8
SHA2561330825627988f9efc5c72d2c21405293fbbc83a5b87331279fff2863f7f0a19
SHA51265da2b72e2732a87a8ea2e2eacb73645d084c1cdfd5da8fbd65816a8f5ea9e42e62ad4b4eae8f8cd63104374fb0c6bec9068eb2c21aa0445cd1ff9e8a8055c04
-
Filesize
3KB
MD51dc94da9d5e21b574fde46ae9f86f033
SHA1070aefbe641c8d45f86761fb92f70283580bd188
SHA256de71482c5c3c870f3ca69c1fd84d40d66f223ae28075dd614e0a557e38fbfc53
SHA51210ff4d11ae7208bde072c877d0bf3c415db009e975782efb496c75a64aad1d386ca17487a463b06712bec0a2f2a2fb4ce47e941a6c25e8a0344d4167fd09b04d
-
Filesize
2KB
MD597998b60bfcbbf4d423feb37d7c8db31
SHA126a4a08581c79e1a0f5d3f7429e0980f098a5005
SHA256012d6913c082b03e2b7282b231940f8700da1a24d5f29766766447b1c25b24f1
SHA512cc9b7cf88e011af37bc9418dd886f377b030ccb49d91028cfcab8da4c91bf5feea91aa2e36bc11de941836399280164f0143aa1004a5706b830748bce2f9c223
-
Filesize
6KB
MD5d96ff275540ff7936731f1e8b688bc34
SHA1b1e9077e9040b1b02904c48f54c94b05d05ecef2
SHA2566e7aa371711db2b7231eaf149c5b8776e365869670ce8f89c4f7cd4af5775169
SHA51216a13677d3712f2a5dc43c89d6f3f4a49386f13c3f5f6ce020cf38302bbf0f42b2fa69e4b1f5cc30d025dfcf9372d07d10f4526dc7c1e9e7b6fcc77d00cb6c9d
-
Filesize
5KB
MD5272079bb3b042f37658369e0ab23c0d1
SHA1bf3a495a6b16b3da259eb11091f6004bced98dfd
SHA2564a5f3db2aae8449a0133a3731633fd03ace2b733b8f615aba0155507e66ee3d3
SHA51223fa67a49623f4bf6c5051383ac8aeb05fa3a7947cedd3b3ccf00aaf559c0b8e85579649292c29b9ee053166f7f01098e69b29685aa941b9b5561cf6b0167b96
-
Filesize
3KB
MD5f1c3246c6f65066a0ba8193095aed063
SHA162936edee06b4e9e9c3c08c797b4e8a6d2f13f27
SHA25649bc8e7ac3e8984c95aa7bdd94ff412717a4c47ba29c83369dff4b7eb290b66b
SHA512b4656c1c1d4dfaf331224227274096e1c767bb5e72ecdbb6afc5298b0dfb9f47913253f9fed76cae08e9212086458caa1f064bf266cc85a9dbe779cba19751d5
-
Filesize
2KB
MD5c9c60b65ad75bbc32e07323050424c60
SHA10c76fa1a3b2bf4c45c154218a9b46e8933690162
SHA2566d0d2fce8b49b81810ae2d8c15153a00bef54a260d05a5f914a4481d2b97510e
SHA512d50ef3b9ceb66baa05cde8d438722c14a16dd046f71ac05188aee328936334b24baa79b71d4923f1e4f23fbbcdfaead8e2957da7f759607fd01146b4f8034f05
-
Filesize
2KB
MD5e9152c07279fa28a19613daa12cc106b
SHA1853ba3f7a081cc6f32102e2c84689a464edfc719
SHA256846144fd9f1c5ac7ef6a77070f11b121417f6e28dd0cb872a06c6a49182623df
SHA512b886e98137d961aabf37ed3b4fedeabbfaabdd55fab365dc96bf931b8ab82abc0a48b8ecaf874e59aca44c1cf369a2e4d3205c24f1d46be25a3ef38cecbbafb4
-
Filesize
1KB
MD5917ac1724bb37831e94d1449b551cc99
SHA1f6c949abb037c4a2b40a3c570349e9084fbf2899
SHA2560764dd3251613de1db9ad3f744e6a3d3e23f9e5c80aa636b4522bfb7f6c0f987
SHA51267a783037c4b8c5ef3f3ac31466a64a8d9f3f9ee88fffe61275594a506c574d077f2166418badadd0a07a8c03fc248fb17a677720df6d2e812cf48068c0c5fd0
-
Filesize
1KB
MD54cd4a2d3b86fe7243f68c9c9c40b30ba
SHA1b60e526c7639193547470d86f789f7ce9612c4ea
SHA256b796b099c2c71fbf2e2434177cc0feedbe0284a5c5d84294cbeef38d62825ff4
SHA5128ef14084be95cbe7258220d234ad826316a5f8068bf567efc50c1c65dabe9fb17691f33903989d4d0215018c2ea302ef47a5e8f392b0b1cc2bb129fd79f91fdc
-
Filesize
11KB
MD5470281468b7470a3fced41a721265aa3
SHA13ea1d0c9fdce913b08ec9dc39321c3d3c7f96ace
SHA25656d77906f18aa5c6479904c00b321ee7f9a3f52eba23f05c13d6fc3d81fc1b01
SHA51231655db069880627cc5d9ed01e7b4863b00f473dbd19efef00f73cb87a1841d82a3e897ff82288ed3d57b1b837bf5badd42b2c23a9b82c779e0a40effd0cec7e
-
Filesize
1KB
MD5c9fb3e00c7e43a1614604d9036a7a424
SHA149aec2c12c0d3078852fd6a6adcde70121859b66
SHA256297ebfa7c0d994c9f712deb912a282d6bb7f80ae06c8b1bc24281f987bca04b0
SHA512a941b2b1f3ce42edbe154380b8fae9c87b2b4fded3e0e178e084af0cd259c2ccf80cffe2f46b56fe060051c7bc8b03ce312b8113325f9673c2ee694dea964b02
-
Filesize
2KB
MD505212e68be29370fb74e428ac40fc37a
SHA1e914fef5697b75f25f3da58d7ea78f0fd270b2ea
SHA25638fb1a65e1c72a8ab29aa8d9ce115f30b34a5d928f3b6a0e98d0ba2ff6b7da25
SHA512eb350e8a560b083ae0ebde4a2fdba10bfeef908177754be87a54f2bdb33990fde922ffe8f9c40ef226abd22e0a1e3950d409d575cbdd275c587c57280fc6844e
-
Filesize
11KB
MD51f0e601d620acb30267538612f0bba84
SHA1256f6be56426903686aca9b5aa0041b3ec59b06c
SHA2562d0dd4f56482ce75bd441431937519e29cf7c5acd36019c021df3ffd680e49b3
SHA5122c31896bb6c165bab0e4b4ce80a5416341882f00a82d5fe4cbbe019603fbf5fb2cf7b2fd70e71359e369d90518237bb552556e9617f2f073de9af32238632b56
-
Filesize
11KB
MD540db5fcbfbc3395dd532eb2b51495dcc
SHA168b0da07c647ee216eb3203019111337613efde9
SHA2564e2e732ce122ad44a21591a9996ca40416016d465ded7ffec928f0ffc740f2b8
SHA51279d642eaf1e0653bcc5dfe7b5c592243a8a99bfba5638599ad8cea5faae5de229c6b086eb861691c6264a5896246f12d1f2e91a6eec629fac53ecbee58eb70a3
-
Filesize
11KB
MD50195af529372b33825be5002ea4976b3
SHA10700ee7595010a70704c2cb232afcac70813d530
SHA25699a9afab88d2b11c3d00c0a40162b2b02cf1e2962721a6af1db62e2aad75da12
SHA512431d48ecc3f16d723f02d8d17e1b4f972511aed675f1786372b138fc666f8422784e01d468b461eb87c1ce741280bc3186653ba0fbb926fd6a3a55cd984c8ff3
-
Filesize
1011B
MD5a28200af979214b7a2d6f3379d2fc7f7
SHA120aaa92d4dc71ea0950e80682c9ff2126dde763a
SHA256960419d00382a772c19a5f6e6d079d655e80622aa7a85755d77f5da40d4b2623
SHA512beaf593eb60d3fff071d8200243e4c339f09170a18b407f95bc4f9d10b780e776dae5d15d365d0d510cc7272598b89f4a5c42c2a477cca81c0a7d32005221a54
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754092022451.txt
Filesize77KB
MD5b8703c502f19d224466c41c4c697d916
SHA1cbbf650b375dc97617d8f21dcd62a8b6818ce552
SHA256804696afe394fe2121b4315301107e004e88f5c8d7c0444745d38c28e3def5d9
SHA5128725c120e61789ca8127aa204bfa734445f7e9501368c113af62421a16490832b5c6f1ef75e9be922c43da7fbd3045544b91d5ecfbdba04db580b329ec3b5137
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754626415278.txt
Filesize47KB
MD55e68c0774a4cc925b4afa754f1b21dbd
SHA13ed8784444012a22f540bc8cfb656dc5034e67d8
SHA2562d8ba5d9831460c09ecb871af4846384ca9f1771b938948b52879872f3451ddd
SHA5123d426a9e08f06cef31eefb7a7854686515e19f2ef99056682fbb85613e610e1b723c6a77f491d54aab688505e52db724b405376e324e50d9a309e13c43af877d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761560483173.txt
Filesize63KB
MD546645c5b9328463ee040e5fb2c2ac81d
SHA10272e10a1783eec9e1849bbfdf579ac8ed8168b0
SHA2560a607a32a9de7ccf623de646ba5cf9d4220ea0c929eed55fee217112142de450
SHA5120482d99e784c3b3f44780f0e34a797710516493f3b6b6fa8cbe8ddabbb197924506cac507aa57d08280cbf39ef5950d7d44344cfc574498e02d47122c10959bc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764151817172.txt
Filesize74KB
MD58cff9bdb66eb3896e9b4cb1e88f3a791
SHA133a06049be8b5e33150adf2efd44ab0b9ce7cbf6
SHA25602758d42733879c8f4aad203a3d5fc54e208964c656b010a7f8cdf6361a45f63
SHA5123a682363d95bf1ada3e8ac12204cbc0e8f18d840752a0b2fef7abc945e77f38e6eb32338f81a3e03cbc761a02bd228d9a9a2caa47ea504c3b02dd19f025a24f5
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD593d135daaa1a855378a269a36506de87
SHA1d35b793194c200480d493713c1e33bd9d6509f56
SHA25669035e920a00628903f64d0b14e7acd1e27bc03aeeb63947ffb720e0ee8589bf
SHA512388d26ce43535f82e5ad8ddde71feaa4b0dfdaf82e2450775763ef1715cc1d5b8eef90f0bb8660fa5ec442b238232bb038c7211c46e4c34c65b97e7990ca2430
-
Filesize
21KB
MD5d4dcc5e243efe2e21eb0113f0cf4c051
SHA1bf5f738f3ff49ef3ebaab3591f69b4387f278602
SHA256aca9649537afb71133e69a01c28f6aa7bf9aa857d37a184c6e2b160f7af9b592
SHA5124961bebe83ddb1723c20dce4c6e28763b30580b5dde2f4b55679a51d50bf4dcb25b922cf77449824e7ed58f27dbce5832e950b8058e78066933d27c2a43a99b4
-
Filesize
1KB
MD5dcc706c166f8ad7f3b3527c399152dfe
SHA153a3316806792a9032ef9a61833b9391cc03f1ae
SHA25631f03b3aa196ed2e68d922cdd1817fb69a505f18385b04bfd38afac9f7966223
SHA5124a7beb3f161d8946549c5f5980cb9bc498d9d4fb7e8849399c52466ba7ede09dd0c941babbfe06e376edff51c7a5131711fd357d7f7d180788c74e5e5696d4e3
-
Filesize
952B
MD5c6a19d0ba7997c5c0bdd849fb9e5523a
SHA1681ac4b0ea3b86cf633d18fd7bbdf32b3ac69859
SHA256bd79bdc81a0d79bcef60197836a5b9629c13c5247c65beeb3aa25a5d9d1c1481
SHA5127bdb6f8ff4fe1b191e60b427ee79dfcde8324bcbb5ae045a4e0b278b0dd348239812d2ffec118938194c32592a37e89140d51f42552a2b120408dad3142b613e
-
Filesize
121B
MD58be52fec17847ce52bde1ada5b6b4ab3
SHA1f56f6a8259ff1619ed1fd7b30e2a45de642fad79
SHA25612100486a7a43200d7591749a3018a4e0cfc30c1171dd851f981553a7d7d0757
SHA5127eb78949ad97d29836bd3c151e277e8198c6cf395e1470c23215ca930da07986b5e40b221b373bb469698b13a527730392840867a207853fc72d6fecdb863589
-
Filesize
1KB
MD5e7e9737e9e2025f03380448ed8a0e3d1
SHA12f726f8dd128b34cbd7bcc54320fcb1eba9b0203
SHA2562d0163c3f7c05db841b24d0f8bbf7a8119d4ed79cf2616638b89ca98dad1f676
SHA512c65a747221696b5ae1a6c2455621f5c3840b275503ffde8c47d0d3502585447cca48363991766f1115e20c1c2cb9aaba05bbb361390041ebcfaf851341d463d0
-
Filesize
8KB
MD53cc74699442b3084ac6cde16f4d3ba5a
SHA1c4f0e57377a1a40c58e5160bb80a85af162d4749
SHA256397ef4201a83ba0c57a83578a9a3f89f180be776cc2ba79a05820abdb639a222
SHA512d3ca41d7f0c54013a4c041be811e09312ff2b6608d5e813e137d9bb03777ad64985c3927f9c3e7a100923a05d3b034b0f493ccb1c63817da7d675209d7ae765e
-
Filesize
914B
MD59669e9651e92291f052b1634e27d99a8
SHA1be9407382e459343b50c166dc4d1328ba260c81e
SHA256b3a90a8b9f31407aa6c9de5a201880205bef7244bec84c7d8fafe716aba3a68e
SHA51210fea3b2a44969192d3376dee3849a48ce3fd2506ef177fddf1566053718b1a2e3995115dac2f7c74ea046a93311c9e4dc21ec7feca8f2f9ffa665a2c5a11b09
-
Filesize
90B
MD5f83c0c8090a03da94a8f93123d3a69c3
SHA15eabd956c037b3644593e5b277edcb598d55e501
SHA256d2ec18b87c1039f18a1284475b006b56fa48706a7160b2d3c955d0c3b589b486
SHA5121373481dea05038123b2bcbd7c4c322d206b0ebb4eba4056d23abcad1e13c7d888ab52925acfc1eaaf12730c51ce5b3b55f5f21fa0f2b201c2d81cb1f67d118e
-
Filesize
90B
MD59457e60ad00d7a043073144b4bc2da65
SHA1faa131566748e0e9cd68e449ae4f3426848863a9
SHA2567f5d5e0e5758d3b5549fa0e0cd8668fba8cf31593769d5234d6f5062e4ffbc32
SHA5127d8796bcf04b8f4955f1a69fe34c3efc805349ae7a85788f6e54df13e425ecdf02fad0cae3cd925558498c3a0ba378a29431245c5e6834334eec3f1f2581cf39
-
Filesize
328B
MD524356a1445e437f548acd898eb78ebf8
SHA1b098819d69fbbeef08d6135608712494afa2f5e6
SHA256b7cd342ee2c9e6d20b8ff44c385f3bf56f386b38f8e5ee6540dc687c33e02984
SHA512d7aee4ef4b994e24867d79f58930ff2e3dfdf59c1d92f616ce6165af2d15c630c1d0a9135d8a68c8b3411d105dceadca39f0ddc76e120c056c35426a4126ebe4
-
Filesize
1KB
MD5fe16c7d82033c0bda7fb04e80238530a
SHA17387cb598afe0082e1a8f38b712e665b08d2fd90
SHA256f35c2e37ae34896c66acdcdc86cee172015360ffc9e1cf6fb11dd4426e9f8246
SHA512da5d40dea158fd7cc1a1b68174d6414926a83284eb108ce390501700d7a0a279a4097104eae6c3c8d9734fcd42c0bf7c9481a6e03980480675d964c44a09d3e7
-
Filesize
162B
MD5e65c436c266f089d0117cb84b7d01c1a
SHA18e3d709855ddcb47a3590a9d3476c3e99a882f80
SHA25652a018038c7c81893de3591dca10606abd342b3f52427a89bee922ee717fb1dc
SHA512dadfb97c13d7b2f637bbce43ca476bcae58dc435b39f1a493546d3a5dbd15483b5e203816babcd79d9b45131c527503317758324caafb11a366350f60697079a
-
Filesize
586B
MD58b0b903a1805d69de41f9ae1c4e77ac1
SHA1059ca681146afff11b5273222579220de782cfe3
SHA256e8231ef76d363f33f46ea6581c4677d8040b539ee67b1456275b8b566f43c3c1
SHA5128ac2ebf5003f0b376dc61a85dc7cc1583718b2b4897a45360f1e5e8f392b4b243fba101e3ac18ff470c9efe32390317971b7adacbd5a7f7080df51b9ace7e62a
-
Filesize
124B
MD59106222afcdf222c8ac36e23061ce8b8
SHA15f7cb394b0e7c2dc8a056a9cd910f91819549569
SHA2563169d00dc77c64d70e1bc6057603638f9c47455f51b18d07dc2785fea3c74a2b
SHA51225aa980cbe6f351c041009d14921448423c35abf5cfac655b75e161db7037420877a13338e5bb8d873b461a800e478a1e9f06918baf092ef2d0f72c91a2a3bb9
-
Filesize
8KB
MD531aa56deb879ecefce9e319767290c38
SHA13c90f4e0d6de54ade5fad24bda6344aecab6d598
SHA2567cec3b30e082478e63b137b3bba40e49af572ff95acb98cb93e03bc4da8665ed
SHA512e47cdc14ddbbb345a750fbb6580e479840b2e9e7fca3dbcf83cc71d3c870c4661aade6c051f7541d4a77076f6014cb4b9dfa4358ffc93caa32ec00d1e045a31b
-
Filesize
880B
MD515e77094d0d4b70bf6464b90f8e8229d
SHA116f0ac0f1adcf7e275516095a55663a2fb4dec0b
SHA2565f68f31a81f856bdddd981df5322ac407ac509a88cea05dbdd37c7b70b97658f
SHA512c1237ef4d84f8c3c5e4335481a21a40ae84632515f6e285274415fce065d5c27494f720f13094acc9bc404100f00571c787f9b758ee4c6fbaed242515c29feca
-
Filesize
1KB
MD580ad11689f3b36c204872c6bfa5c0429
SHA1345d2d093aebf42bb273fdd9fc12510d88efba74
SHA256279030e3e4c7d344e4ae37a96f91ed7544d99df4e605414a0a2ce00e636aa584
SHA512a11fe2feead3178f9174418ac07f6f2de075d0aa8748b2e6aa1ef5a39265ae197d3e2bdcc5bc1ae027b381a549e1f135e96cd73ae31bd6fc246500d679787890
-
Filesize
1KB
MD58e2e1a3e054a85414b82226b90625b91
SHA194f5109fc151839f96dd8f6b9f43b4e440586407
SHA256fafbd2c33906b4590155b377c8525d08a95adb0870d502b2693feb6e9e2bce59
SHA5125907d666892abdcdda9a639d5df05befbf70c497397b9f6b5a4c00b6d70aba5e6604fa0603b7e1e0c27732528f7fff287e21d77702adb9abdaf5ef68346b58fc
-
Filesize
1KB
MD5d9c9c41d9119259e00b13db92de44117
SHA10fe36c3abaf724325b6223b7b18d6fc0a4290b65
SHA256816b67a86eb50b0d554e12a7a3eb4a6c1ec934eb5f4e354d893febdebc512298
SHA512b715436b01c56fa6fd13211e7146d1f68b4b3efb0b59437857be5b778c509b993b18fdb117a0a516cb1154c3d1c081d3e012503e8f2891dbae7512f1017b275a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5ceb7bdc27dcc9e33ee149a6d3b3ab866
SHA10122b93ccf797057f9fdf68a20ef2772785c27a0
SHA2564b392d1e5d02b8226c672f353a690389ace7f72eba1b433c1988fb1c83acbab9
SHA512c4ef6510fe38d273a5423402bf2c67675db798580b33cd759c1171feaf6fd070dbbc50f9c303894ed5d9e68394773f5239993677d6c49ea64e7c55049e7290ef
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD57d35b60dfdc8e621d8e0b3e902244885
SHA1e009b2f362188f8dd7b46a044ac8f99547e6f0a4
SHA256b0c61f40caf83c7abb7dfaf01938c74e17b05492fb9cd0ac9bfc21ead162634f
SHA51239ffab10cff4b764274578ddebe9fcd2db648a3e546d95b2159062cb8b903acbe87702023f567030a9ecaa535d2b7efd491bdc55df4abb36f8a12c32b5c6a74d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD53fb3e17f926b05e72ca0b8af99a0cc58
SHA1244de41ddb69464702f855a29d8fd4097fd1335b
SHA2566f572be60b9da8f01bd6d5fdcb485689d7ebe6a8d0cd870f74b467e8a50a7c19
SHA5120084e79be2b435edd69739f1352a43a23648c79940b9f359633fc8e986156d83992524ac1833a48fe4462981a3fd24354c3867c5dd90b56c9310260ee87f239e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD58a77c2f4f4a07fcfef85f7a5d298f380
SHA1c61c4a9b08df283e5efa848db3ecb02a5bf88c3e
SHA2563bd9221620186570efbc45434b40a12b91d0124f6da00260dbbd751cd7d45fb5
SHA512423d33746d80dca7d4d73f42250135750ae74ac76932359bb2f709a4153c86292e42b28e681424639b46ec936552c13eca6ba877e5c73000a5834e869d1023c4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD521430f159e1d8a3e9d70a341c46ea5e4
SHA12977b75926475e7e9ee1826446d1798d50661bcc
SHA25649b690e345207c0ba331a148413eb73538a67ce9d06b5f90d3eee199e737d515
SHA5129585feb3d7aa73ad5b61b6ee670bfc1a2fbde3525cda5cf2d4dfb3600d366b2e5f7b53142037cddcb91df52c551e2af5334d0c6b22094b98d6dc58b0f34f86b7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5b77e51fd7782e6247a605f72de795dd6
SHA10380b116c99ae717423223c3cc06f8672c2af074
SHA2567d6db2f5833fca151c4d1c731bc10e40d85083f5dce2914314160cf5471fbe74
SHA512ff1d4f49024ec9b4e4418aaa56f56eccd0d03a23ea912cbf4818a8a87e1968f30da5e6543f447ca6e7c498bc37bd26a4df097c87f83585f7ef75a37c2c40cdb9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5511fd99a08d535423a59da9d368c2844
SHA18697de15b595910450bc734437a7f472a3d6f3e0
SHA2561e751e54e36fa721dd3a914239477ef28714bca4aec209ed197861acdbe9a8f4
SHA51209c878b5b307fcf3703c172f5f067a6cd088bcdc9f9e0e54f85768433f42adf3096b558d3a438064e656f3bc09a013d16fbfbfc4c4e76d9fa5f13758442f5d9c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD51984222b52d75d58954da319d10516d7
SHA14eb97c1d76372e3baee1d839c97728d692221cef
SHA256251d8ec9367f16a584f7c00bd9e09e2f64403d64e828492ea0fbf841ed483575
SHA512da1164d25266969013b4208a491dd1567545f9c37b6cd7ffbefa623b1de435ae8c0ca7b3f791bb4c09394d7457af8593f78b5c647cb78f2865eadef02e86fb86
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5c0d8794c56bd1b2805e80e1c149f4dd5
SHA1f1eeac708f13fa5738c4c2cfb086c16ffbf1d1d4
SHA2563cf99f6043f266bca0ee08d9e71b6fe50a4909e56782d0c3436c5784180d4470
SHA512eedcff2624386f580a8bed8ab2ca36d7e9952ed8fb4480b62a5736590456ac06c188d954b05e0817742761cac4c3642f47d1bd37a6fb92bf026994fd995bb9c7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD595ac9b11140b6c47522763de17dbe074
SHA1a82701b1c7deade81c9a290fb96d350788539ce1
SHA256166a58618a2b24790e5aaae18391c023946775f0bf8bfd429553da0c10b8e5c7
SHA512de6b539ab5ca359cf288e6b3c9fb38e3891326490407aacdbea9a9be93168181a9ed3b1d9598616bbfecbb0507998e81b37fb1bc26a805c97553955a88db39c1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD555e8a405871b76a4f016c01f8c508a39
SHA12c31c607b7633d43f0aa58df6dc6a51313d42c44
SHA256372e9ce486b44468fe9fc84ddee93f0ef17999f83f26532c760bf5466c72ea86
SHA512e698723f041877dd48fb46422cddf60925e7c6d0549a78d04bbab2021a1ac0c85fcfd15792aceaee1832e332caea7d94da7c75d942c6cbc0c50cdb98100fe7c4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD59e193a006faeb0a78a6f325b9bac117a
SHA12ab08cd21c507e505b2afe8d579c5a813b882ab2
SHA25615758a2c36bd6bde54f5907762a2fed793863cc2b3c930cb1be679db460ab05a
SHA512cd8ed17eb8f6229116cfb90ff3c32ac4602bc6ac5118d6eea4e83e2f06f1029263c560307130cb029095bfad221099cfc3f27cff51c489e84db74012dbffb3e5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD537fe61fb2b47ad243078ea1825b6a45e
SHA1539c641a73df41d3778b853bf6e6f5817ddd9575
SHA2564ae15239166dd8d7ef7c4ddc5265df6acc847b543ccaaa5a2fe2cf95fafbf4ff
SHA512066028cd8b8a8e582fea21f0c7f04b1bb2bc03f3285dcd102f46633fdc41d1ada10e4eb4fba2b743d43731a7a15c011fd3fa87793cacedf8634841afe7694e46
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD585a26b9d3d2b0abe1893d45c130c5e0d
SHA1b10e6f70130174cdec9e5699954ac71d2ec3e336
SHA256db3da008b3c597bfcee021f8b21204dbe1265cf1a1dabdcdf3bfe578ddf9dc09
SHA512d1fe218338f714c2c5ff39e773f109edd7ee3401a9213772c4390378e68229a8fa5e62b70a6862f43bf8c51b56f3f6475b7a3e959a7486937388771f0881c038
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD58548404ac97bd69526d9de3ac1e2acad
SHA14c302364dc18c93156ce11b97a631934930fd468
SHA256d3bae8aa545fd93fa10e9dab697b14a2ba9fea9ccb1783dbe8924775f631c58c
SHA5128c761893a75bc0d5e57aa8914a8219081229240262eb27fdf453cb1760e01335695135e7551ceec03c46765cfef9a6c5221809da47e5b7d3b47964decf5c23db
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5cc43646debd247adf93cb191b74d0d55
SHA1e19d8a5a39a2981c96ceb4f0e303ec30aad3d35a
SHA256cbd790d9549dc2ac1d484bd817063ad517d141cf5d5ddf1bb0b58c0b1648543a
SHA5129252b3061465e42c28788652b4e20ae2f67f950a602b47c3137a2ba847566042fa9a312a900810a11bbff8b7df3b66a6036379b2851040c987bbdc02be7ac52e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD52e0c9c48540b6204ce8495fb2d32400e
SHA194ed6f5be41d1a93293b20183a93dc416d6c844a
SHA256e01e93731eb29296898d9c3a7d303d0297f9e78f0d507bb4b26c45994180e718
SHA51256024487eff59a037e8a7febae93e67058ff3045817afac864eed14113cdcd73f38bc3676c5d2b5b0e751610afbdf8b7bded7d05f9bd31871d1d7675a3c69987
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5802730380471cde42b55d18c73245dc4
SHA1733a31bf8cb7a730b3b589aca6a6536a33d0b682
SHA256f8a1c5c793544b722057e8df88dc12248d9b93ffc27859df949add3f7dab4251
SHA51222ecd50c887a99f8d6c34ef673b58b73ae954f9fdc6dfced288f942dd85400ac20b4cd8cdf6be3d121ebb8485466e907af861b6c9721aa8dc2f879bbba743580
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD54ff017c4abdf0dfe2db01b44c3c05e04
SHA1d9a02eb4a6bbca29eab793344dc9eb4166283d16
SHA2569c95510db56ea0dfee608bcc1e88d3e3e4d1f511a012468b0626cef13b4a905a
SHA5122f6b76517a21219eaa0fe506c02ed04a00c2571eb773686015406cf36e2fce12da2ae84f8a0951e822782e6b56c70448c9ce1cfe9358865bf11e995be018793c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5853b7ed799e2968ad59a4e0e68568bd0
SHA1dc45c279dabdfee9b5a970076506cb05ee7c15ad
SHA256e3abad5d509d2f736d57eb0b3e89f9dd17b69a568bd0b93fe166eecea8d07442
SHA5127f143ec0963ebca66eb65370fbcf8e1d10703cbe147cec3ec537e904a1d0a6e73c666a549fb42e370f83ddd34da1b1df8b4b08eea99f26a8c96c3082c9e7dba8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5efc3959f68c0117e14f6ff0f63ca60b6
SHA1c8ee769f5cb024f65e40d4381e60374b68b2fdbc
SHA2560341e92403a9d298a3dacf2259255409178dc6b7722d4a6b76b06a8d54d54189
SHA51289d69562d8330094694e7137c87534f31e8895faaf758ecd59717c8c35ca92746acebe764543dae3570b197f1434165103df7482d0cfd35b53479e263ff46283
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5ee31a61b4d88eee9ca7689fd6f37e6c7
SHA16b39c1da5b8b265fe5a5d7295f0e5513ea5214b0
SHA25650f2714e06f9acb4395b063898d6231491d168333011569fcf0d24f1db5dda91
SHA512a6992d242c8a01572fdd4327dab82476b7d73de2bc9fd6c35faaf443cf2b9a63959aa334296baa5c9f8911229c861f8717db530af5ba63d751791bbbbafa70ff
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD51cfa6a7370038d0e8db9e927d5bb7d22
SHA15ad7b71c6df04b93f30a0a5cef3bf44236f7cee0
SHA2565578cfa7839a4d89f3e0fb0880d6d84d234f2ef272a7d8de7c3f24e5f35bfd27
SHA512a7ccfd3256b10f4db987286046cac2a9989c8073928c474ba482b6a6e5a248f87f2c4feddb8c10f2e53a223d512b339f9c6627027803a441107813f43a2a2dcf
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5378dca345cba57ce66afcb94cdeecae7
SHA1999318cd849c1a250c03f77aff50dbc778ef5ad5
SHA256e2e94f19f0b01e1e6a6fdabf278b4e6866cafaac6017c16371ec5ca4973a4cdb
SHA5127290e36d0a7a586179f32435c9e9c386a97fc25b5d3cc43fcbcd8dacd0138e106ccfc950b72879d28196fa89da491fabaac86336a33773c7e6f14e9e88def1ab
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD54566b85a11c6c434d0c1a077eb58f214
SHA1dc77760bf705da9794e0cdefb48b95dfe7c3ae49
SHA256f0f44408ef7e0847adf0595b64af0b74022575ebe5a467fb6648154f16b53c7e
SHA5123bc5e8e6431d051fc9b7063e6ccbf639ffb680d97ee16b900757b693dc7a4c120f97ccb7b48d5479804775a87cecc02e3216ace98392c54755a25066445dffe6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5b3f775258ae70183a943dc69907de177
SHA1287e6457e26abd21d5190d7d555f342f72b0deb7
SHA25698306a28980a2b5c9bf7befdb58b90415e32ec6f077ebda0019f2a30c0ffda6f
SHA51208c632a4f5c37f607e5d77948c14366f132aaceb50340de46b61e1fd79f6570eeca6bb686874ab765a64a6faa09e2b8701120d0187f8608cd5f9f0f0016819be
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5464f108d6c31333274d81e01ca2a1f1d
SHA171c211a7b41950701760eeee5a976e1529ffb40b
SHA256170eed494dbec175250f376163f0a2944c054a5e3f9671daac3e80bb46b8b785
SHA5122ce6e96d5cc77bae468f3bd7fbb1319c73908376602d91e9ac8e4ae1536a8c5f68df94d6c080730cbd8f9a0f970bf2b1d0fd8cc37ddcd34c11d8fa275e9a68e4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5de55c0bea8a7d3d08360121151a288c6
SHA12648ffedb2a7db3eafa9626cfa9c7af300e47534
SHA2568fe8b1bb9a93178b658eb27929ce1441f656fa9faba5fd3e55f6437cfd5266bb
SHA51285c799c5f6274de642a9069f65b4e1bfa37d88eb51829174193a11cd4d5b09ee4c8c54eaa7becc476c77898992c681823fc80703a46322a534f1ff1a7cbd9dbd
-
C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\Task Manager.lnk
Filesize1KB
MD57f37b875f56ebbe811c61b00f3bcfffa
SHA1e4d6a31967aca9f4eb581244ff7028df908e29af
SHA256582e88b7c01951cd44d6f070cfab1e6d78aee1ce5dc6dad0cd8429baa09e77e5
SHA512dedcc60d085fdd03e9d0b011161713ed6f846a9543db45e23b5a46f1e92e049d41f15e34a98ea70ed7092f293306bf738665a79bcf835c58d079a2bba69fd1d5
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD50142032e1f4cd0733db089e22c05f484
SHA1dcac7578fecf69efe2e8bc2b94615108ed4609eb
SHA256d8a8f93f7b2b74020dbf36b6aeb53ffb38ae121a1fcb9d864c9d5d25be65ee2e
SHA5126bb914b0770230a211bc8109984ebd8f1346c945f4f34f06cbd587a8f72066ad34a1d773fdc1cb35ade9b9c9a916c28d45bac2236a78655df968251eb468b262
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD50fb1d8c2e60792225f1050a5ce05d568
SHA187d18a85a95311e6892b2009289ac7b4eab49613
SHA2563f3391f53614bcf8103dc323d2a1add793de04f47d7bf5efffb0ad5f668e09b9
SHA512ceca0bf6820bf2523bb0c9e17f65224bf949161b55ad55a00fda28e7cfbb5dca4a30d78b85aaec35dc2dfcc35708061fa15b87600d89875e255460fa8d703933
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png
Filesize501B
MD5908441f62652a16dd8ed2a33535aabc6
SHA1e7bb98af0e38417ee2a48f3fed18cb94ae6c6332
SHA2564e1d71933f2b5e388ae777e2932b3284008ada2171ea07403f7b756778cbb7b3
SHA512ece2661d7ea47f1dc5ad169cbca0825640910e5538912c6d020f6800fe4893cbf32a0a5098259da0abc2b15b769f6272428138f7e97f5a26fdfdd316c3f63b69
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD555c082e5c753a3be7704ddf066d0e895
SHA1ced13c44a19f82b143b033378d601f93b1de3388
SHA256e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA5128a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA5123e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png
Filesize501B
MD5cc732d0bd874a5559714f32366affe1a
SHA1b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA5123d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD523b08ce0482bb30f5ee4383c07d19e31
SHA1d0ad0842f75fc12f44873e521b0a16d27954430c
SHA25648f0e2ff299ece25a066e339d3b34b1a1f706530675bda1923f3fedf43c423d4
SHA512a50b5aa6eea6b6757e2437146dfb2e13bc1540286b2db7d3411c82bebcff897ac6d2b78482af1fca072b1faa447e7fb655c02d72fb26fcf844a97297812989bc
-
Filesize
81KB
MD5a0b9dde3171be4f2689d28d205a91df5
SHA160c1da3be78d9805999bce07c248344d7f07b768
SHA256b41ecff0dd4dd905aa6577e715aace3a67106568b9d2c44e503a3003f1067115
SHA5122c69997cc3bb06b76c7ff55c83a3d35ca6fb55e44763a87c0455c603d4e416a028c97920ebe1de4bafbae9be821be3785c81c7e38610858ab118fa635ff22012