Analysis
-
max time kernel
122s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
08-10-2024 22:55
Static task
static1
Behavioral task
behavioral1
Sample
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe
-
Size
115KB
-
MD5
26b5b579551b88501d8997d8a6b9acb0
-
SHA1
01a917f315ef1c1cda1adf913f9ff5f6be8916e9
-
SHA256
55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9
-
SHA512
1c5c3828f22e89761842f0f061941a526835be5a13eae557d4337bbf172e6ef521d36059be1f28027d27cfb26dd1cfc64a70088bfb3c9c60ebf03f67328daa1b
-
SSDEEP
768:JV6pJbqz6c8CS+kzx8J4N6+qduTRvU7tCLP2kRPKIWhUNMD:J8pJOS+U8mN6+VU7tCLUIQIMD
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
Processes:
resource yara_rule behavioral2/memory/3788-5798-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-5795-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-10167-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-10906-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-11241-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-11242-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3788-11247-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
Processes:
abxd.exedescription ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt abxd.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
abxd.exedescription ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe -
Executes dropped EXE 1 IoCs
Processes:
abxd.exepid Process 3788 abxd.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
abxd.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" abxd.exe -
Drops file in System32 directory 64 IoCs
Processes:
abxd.exedescription ioc Process File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_printer.inf_amd64_cfb2c47c5677c442\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe -
Processes:
resource yara_rule behavioral2/files/0x0009000000023ca4-5.dat upx behavioral2/memory/3788-8-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-5798-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-5795-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-10167-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-10906-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-11241-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-11242-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3788-11247-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
abxd.exedescription ioc Process File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxBadge.scale-400.png abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-150.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-96.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Snooze.scale-80.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-100.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\WideTile.scale-100.png abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-150.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-125.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-16.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-150.png abxd.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up-pressed.gif abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.scale-125_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-white.png abxd.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20_altform-unplated.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-400.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-100.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-400.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlConeHover.png abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Program Files\Microsoft Office\root\Office16\SAMPLES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MixedRealityPortalSplashScreen.scale-125.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-40_altform-unplated.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-black_scale-100.png abxd.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png abxd.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif abxd.exe File created C:\Program Files\Common Files\System\ado\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_altform-unplated.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Ear.png abxd.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-16_contrast-white.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\web_edge_permissions.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-white.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportError.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-300.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100_contrast-white.png abxd.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_altform-unplated_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png abxd.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-black_scale-200.png abxd.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsStoreLogo.scale-100.png abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt abxd.exe -
Drops file in Windows directory 64 IoCs
Processes:
abxd.exedescription ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-p9np_31bf3856ad364e35_10.0.19041.1_none_60162120b9e13b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ctiveuser.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c9e91af8cf22ba47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_scrawpdo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e86a866efa478c5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_en-us_88a7ebc1de04eda0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_692636fbc31a23ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_f449f22ccf00d90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\msil_system.data.resources_b77a5c561934e089_10.0.19041.1_it-it_b2d82e7d20a24f73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1052_none_6277ca3070041917\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\StoreLogo.png abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ents-mdac.resources_31bf3856ad364e35_10.0.19041.1_es-es_8781bf6ec208f12b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\takeSnapshot.png abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nlahelperclass_31bf3856ad364e35_10.0.19041.1_none_540c3170674702ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_10.0.19041.1_none_c1594f70200f2c03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_netloop.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f2c2880b1d471f94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_netmlx5.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_5cf6007729d53372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil.resources_31bf3856ad364e35_10.0.19041.1_it-it_63cb55b80996db5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-xbox-shel..-gamingui-component_31bf3856ad364e35_10.0.19041.264_none_de44ae6704f37eae\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_dual_mdmtdkj7.inf_31bf3856ad364e35_10.0.19041.1_none_742afe83f8b2a24b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_10.0.19041.1_none_e8fa8c5c27595c1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_rhproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_622340a725d0802c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-black_scale-400.png abxd.exe File created C:\Windows\WinSxS\amd64_system.servicemodel.activities.resources_31bf3856ad364e35_4.0.15805.0_de-de_3494882f1a0c7a85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\msil_microsoft.hyperv.po..l.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ba97628b969f9c26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-execmodel-client_31bf3856ad364e35_10.0.19041.1151_none_969496a90f08ec6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_multipoint-wmssharinghost_31bf3856ad364e35_10.0.19041.1_none_b870259d909f25af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_dual_cpu.inf_31bf3856ad364e35_10.0.19041.546_none_2c9fc8ea9f807c07\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1266_none_c4b179e0b12fe4b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors.Resources\3.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..lus-setup.resources_31bf3856ad364e35_10.0.19041.1_it-it_dd32dfeed1d422c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_10.0.19041.906_none_9477737eb02808ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_netwns64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f2cbc59bdea4f497\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\msil_microsoft.build.conversion.v3.5_b03f5f7f11d50a3a_10.0.19041.1_none_4cfe57a80d9253cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_10.0.19041.1_es-es_9f0d8198a6a614e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..iders-msi.resources_31bf3856ad364e35_10.0.19041.1_en-us_3dcd06dac89576b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-upnpcontrolpoint_31bf3856ad364e35_10.0.19041.1081_none_b201fe701a40c4dd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ef70d2d2f309f782\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_product-onecore__mi..sport.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f980d1844e6ea31b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_ccd8bff775ed21d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_1d6a3b05b050dc29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eed11ea07bd4d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\rescache\_merged\3031988681\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..i-prnfldr.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0c4c3e7ff2123896\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.19041.1_es-es_4e86b4697508e210\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..onitoring.resources_31bf3856ad364e35_10.0.19041.1_de-de_af4964eab4357bf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..kstvtuner.resources_31bf3856ad364e35_10.0.19041.1_en-us_a657570f05ddcdaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-portableworkspaces-sso_31bf3856ad364e35_10.0.19041.746_none_f65848af5d6acbb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\msil_system.web.entity.design_b77a5c561934e089_10.0.19041.1_none_f45997aab9ae8119\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..reportingpowershell_31bf3856ad364e35_10.0.19041.1_none_2fc9857a91205630\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square150x150logo.scale-125_contrast-white.png abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_751f6042bf0e8082\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e3685f97b198e2df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..extension.resources_31bf3856ad364e35_10.0.19041.1151_en-us_59dc8487c2221556\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..oningcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_c773dd84a226e905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_10.0.19041.1_es-es_30ffea7618681dbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1202_none_0d4ec65817505096\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\pdferrorofflineaccessdenied.html abxd.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ybinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_4f8cb68726b837d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\amd64_wvms_vspp.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d4c2f42d3ccb159d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-healthcenter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_51e6855ebd920709\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt abxd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exeabxd.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language abxd.exe -
Modifies registry class 10 IoCs
Processes:
abxd.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU abxd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\ = "CRYPTED!" abxd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe,0" abxd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command abxd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell abxd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe" abxd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd abxd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VJCRLUFDMKVPTIU" abxd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon abxd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open abxd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exedescription pid Process procid_target PID 3140 wrote to memory of 3788 3140 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe 85 PID 3140 wrote to memory of 3788 3140 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe 85 PID 3140 wrote to memory of 3788 3140 26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\26b5b579551b88501d8997d8a6b9acb0_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Users\Admin\AppData\Local\Temp\abxd.exe"C:\Users\Admin\AppData\Local\Temp\abxd.exe"2⤵
- Drops file in Drivers directory
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3788
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5f57e62da6c62f9a0d5567e1d7e77708f
SHA1fa598a60748b7b882cdfc9e0772c2e4a0109a9c6
SHA25628c7fa2710584e24ba42399488174ea6ac391563c9e366e07b0ff6ad06ba30cc
SHA51290f6e41341f00dc05216cae4f9df4a99d63cf4205b105f53b69f1b0856191cf537afa35c1a8e3a01e7a3b8136ed8db9ee66ff7c0bab57100290fb0f6e5c07e31
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD57c82cde418d7839c79cf8b97d201b659
SHA1913899126f9b71164401d51d738a690aa7f1fea3
SHA2563dbaa240a4f98caae19aa4fd36ad99f665d28a22db03817c7bf55041564ce371
SHA5126d9d1fd421667c9df35f958707241cbdf1379c93c0783ac547df61d6b873fddd1d06f36e0c1944f3c035073ca357bf7fe45031450b7903da02429b677722bcb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD570afae87710c77a4d9d85cacdf7112e0
SHA1fa4610fb8a9fe87a9e471bf3c274ebb233677d53
SHA256cc4f96a098c4a1f9560f297423ad167f5cb2e4bad9db0abfc7ce2e4589fc2f0d
SHA512f71f3bb16eeb18513ad1ac8f7e88d7517572d5746cc4ff61e098bfc985eadebea21716b9326a75d4986a550bab6f09d00bea62d9a43b7ca15cf5bff2b245e660
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD505a0728045338227cfeffe950b584cb2
SHA188904339b32531967f2e0141434aa6fbcf71dda6
SHA256b9a73c03d6de8fed50ecd2c43ee6ca508231840025d932ac913bb2ae10274ab5
SHA512bcca9ac35237f0d7ff44583215d86a378866374c85adf8e929091c7a68c82f970ccb2cc53f964c6d6d77085f6f8f0004e91964615d5e236918d9dcbeceb98a2a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD578fe2c428698d13077ae4fbe9f09efcc
SHA1052cb69e4a891fd2f264432d497dac42a14b0403
SHA256739462d187effc995548a08b386994d7431795a52ef9d77c0f53587cd5aef728
SHA512aab58e8cb4a58672831db74f6403026e91ad8aceababab3e0b1b1747249b062476f92e43f750aed01217e4264862d183e8a8940f2eb179f5991ed4306089bdd7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD59004f4246c62c3b89b134a3e0dd9979e
SHA19d86784fb650916f9f4e3b5c507f3067ccaf4f1e
SHA256f5c7bdba0ab455f1e102699c9adfb56d1ff61990be56f5583ff599e79fba867b
SHA5128a370b9a4e28811d018a0ef75b6fb7b6cea07fa569ee23a3be495719221edfbe6ed37dcdad0d2cb55489991d4a6f6a1230c9e8e52a1cfdfae40a0fac151a108c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD51f22b2bc67129708e2c6fb39a8a23206
SHA1901b8f9dcffa38c8085bd7a1d52520b01ad32459
SHA256f1d951a70c5ebee3c1f8da4b22bdfb8d5f506d04c58ee3fc8d02ad0664d88349
SHA512219bfa80dbff92112f696bf74fd79fecdef7e27465ab0bc52c16919009b1966a4ef749a44b02bd51978ffc990d2dec6497371a45200e4c4900cc9f14b999c9ac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD534e16f22a2aad337409126849d8ab7b6
SHA1b49ccbf2351c2e92913c78853971d388a40e99ed
SHA256b0044ab3aa4442dc06272511d40a67fb93985326703fd6ec41db1b5ab886bf2e
SHA51248b2fdbdad0c82dc17a84db69045ed3000c2bacd3fade9f4297e936a86dca73ae1aca06d9237a21c289fcbdc4430048f3c08766620b0187346ebc8779a9f9745
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD50373ff24b1b22dec66474fcd49682a83
SHA1c63000d50b22efb3ac7f2bec4d30e34f480d52ec
SHA2563f276d9e85dffedefede33ec2da80f58f70880ebbaaecac2fa37224204327e52
SHA512c878cef45f45aac5ed9180173b988a8fded8279843a98c0a2fd2399399c97070720d684166e9d1149d0cd6cd027abc7cdf42f58ffb8e32e5cf93ad7d4c077c10
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD536d87c77e7be1d9d2c065d142a75d64d
SHA10acc315f11107623fad881bec46dba2b9d3b48c2
SHA25608912f3ea1f74654519935c83e6f1abe176bdca42bb762250718482b1abfd64b
SHA512e6aa0caf26cf492879f92fdd452b70afff5b9e23b2424a9a4dfd378fb3199b184076c3adbb23bb18ecaf00d59494f7a37c4e3b6761cdd32d670ab6ecc4c55e31
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5a5326e37a6e39094e9cd2731b511a79f
SHA1bb23c73eccad05da6480c96f5a5d047be73fab3a
SHA256e684ef70b3461de0a379e825d5887101cc212f5b1b26e2b03e197a4e92faec67
SHA51232b3aa07ea2ffcd6a905b30450b7834b6c7b45721c63d0659d64e3f87ffccf998479590a6241e2718cab2d0f764c84d0d38f37662714a553486ed9a7d9f389b6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5fe0e5ed557d70c84ff668152dbb8c2cb
SHA179cc162a13132fc5a78d1f7fb4a51aec46caedfd
SHA2568f2ebf6a95974e9692af914ed1e4eef48b523f9431ad39b0391cd2b13d209580
SHA512d702c1db94d3a9b701f06aa203a43bc798096a88d82d08b6376d3bdcc37070088d272fcdb123a05be1aab3c3fa60914cdf974a0ec81a0e43638e78beeece7b0f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5b14c5f4cdcd1be278774631acd2732bb
SHA162b54c6c2d898406d4afd9267fa31570ce080900
SHA2567b7d09c814c670971bd6f8e11dcb3abf20a12d568d12500a9de9196952e940b5
SHA512575d8c596460d959974b1fe2afb406b161c622c16abd79f2958139f4f1e6ed4daade7d0b5d6101e4a2f27df47b1266fa9816016b392bc65edd0025d84d5e2010
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD53afa367d93daa1d601dd5e7e800675e1
SHA1b6345d090950ce3d3f0fd5e77796da2f86eea549
SHA2567498edbc083215918ff3674f0d5e75e1a8936442ebdc187aef7cc82771b8734a
SHA512006dafb9d76b460d4275c081c241112a9a3abe3d84172f1fc8eb3b77e6c98eab8d1a41e9f6519e7b5d549c55b526ec399718291c0f7676f7abf98aea84564a65
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD544bf3b098c853dd853ba0813325ee2b7
SHA1f8e4fa0564eb8af68086d869c8b298d60946463a
SHA25620203108ed0b161afae6effbb027835369c02c20a2467320d8eacc67c4f0c2c0
SHA51216dbb3c490829b1da7a93f13195d34cabd02e8555bda25628819d57ab5fde367021efe4b62144f9071eb692c7b7ea6716c94cd9db6b9c043fe7eeaf1d40bb915
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5c12f77d0fccc596498ddc7f2e39823ac
SHA1cff0de400217368d835e8eee8f0794a7a5a5a3a5
SHA256d4a9bf0bc6f8584c65efdff78cd78c1f54dc681111c8e1fbb82d4de0832f8ec6
SHA512e38f094decb214051daa12ac1518af7666c0e254a49f91e4a0b16000facf79dce3b9ae7b1691dceff4851d9e10c1857974ae00093ab166dc8961757d2fca0af5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5a0ca8d6b72ae1f9dee74203a6f281aaa
SHA118d032011101aed9c628cca003a689db70e28ae7
SHA25625335efb97f58f49322454af568aa8144b3744ea786220c9ca649cfdca9bda5c
SHA5126d047d3dd8549eb276c979414ab98f5357fab5fc8aba8e4c568edea9007fe83263770e0283ef33cce31ff05dc078de1aebbdfa58a52cfa443be6326478b15154
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5aef9847adee0eee0f386a1455ee1aae6
SHA16900030308325ac081b3487c4043a7227a8200cf
SHA256efc521bad4145aed24fd4f352444f9c1700a8d32a1b419291ca869ad387ce556
SHA51220faced1211a7f4bcb122a8c15269be779e958308af222b6eaef572f00e972c9e448a53527847c0601d234b3ee2ff86c48d30f45cc62344e90d8efa237a68f16
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD54f0a154797f58512efcaeee8180a0a8e
SHA1e8046c62829ba3549c2fb658808042901e6a3cc9
SHA256a12e22d6eb5354f97fc71a0e4e6f14fdaac6f47533cf36f3b6b840e74b1edaef
SHA51204f0631898e950e2bb2d62d4e891060a0b1a521057463be2d184db7ecba3f8e2f8739b46b87cd1118b5a17a6e7d30adeeac766a1fa635a11866bff8ccb5714b5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5e951ab40e17a282fd02a6bf4c80d2386
SHA18badc45720d88b1018adf1b1d502c666d3df7445
SHA25696c3b81b1ca92c3460f3746446da1ddfdd8c1f4ed560787a2fb5a83e2eb17722
SHA512a16b8a2e02f55ba8134755740dbdc531fa607cb97117afa4a021883b54ad4818cd00baf8dd02aa6a9e87f80d280a897ad4edd0e6c648d8dc46362c2430a9a4aa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5c345fc5c914f4cdaa6d35d077558257d
SHA1c5a50a1b8ef220de07ebeb3b9cd6ef6d7f6d16d7
SHA2563ff8b162acf68e9b9ad435c83e31ef5caa320b917f08727c9426627556c60f4a
SHA512a54e65575298c5db6314deb7d57433e3150f27968467769336d373b0f0308fcf7164c873b07995e34356592d14e0c0beb2eefe909b4c55ebf4e0a81a68bbed57
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD506f4649571532d6b22674408920002b1
SHA19eea719fd2a1f23274e305393699516f39f5b1c2
SHA256d779cba51040a5b401ce0ea494ead152cbb5c1383fd1018d5c139361551ce233
SHA512fe179c7e4c7e0207bb55bbd821e3dc3309a970a398c01ce2915a9dd3f7bc030735d1454f8ed64bd0d09183f5d1285286e9d99b9a002d5002b20409cacce26224
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD527d5dcac4a6b3062888bb84063925caa
SHA1bdaaf803964b7a23b4138f3878de11794461521b
SHA25626421942c621b861de2de4b9166e2f4a42f8e4d7aa73c1a11897db03e83fccac
SHA512e08cfeb36d0d885449d281af0a4efa089041395cf7e4c30c5d6559a551b9a27bfe19197b86ab001bc12b438ee65b9de4f7424463479777320fc392cf6f6036cd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5ce276b89a0e17a3c98e53b297132efd4
SHA1c1e39e91c1e25b8c6d9e0468f11a290e12462824
SHA256fc0bfb6834dc7514a493fd8ae9f12f628da4702c856855187172455afed23ebf
SHA51221c8944f939c6e835b1438d4cadc5d2290c198b1ba180523e7bcf27b1ec856c77da41b14d2f37e7dbe22c59a6d24a179e38ce552124fc7922895d667ca25ea5a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5b1d82e75e7fbb562de97d6ff0c57bc58
SHA18c38dd3739a5f70c38dba6e4471c2875997e9212
SHA2565cc1712c6d2aebd2ef34337e7ac34b9f0605d4178712bf66785599cd902e5fa9
SHA5127512fb99e51d17c27409bf0cb3b080a23e70b102ccd6ce52e2133446cd601fd7a722cb2b7ef8810e2bf9dfb7e23b30daab9c52c17d505a34be34c21fbf59320a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD55de785df6a09bbe054cfda6d45021b0b
SHA19402dc52d0b8828398078ea9044d86ece38c073d
SHA256bacb9ac031040131bfc8346239c75155e9d6593d4337551b623a894a22bc1848
SHA512c3798159b9687ccc83dd62c4400f77a59897c461987da52f9ebd7496ce3bacef681c2af62d4de981b73626bfd36fa06986c8df5793a145b2bfb1bbc1427f7c1e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5f569e6d4dad1e3009f3b87d1259f789b
SHA17e88d2375bc845b45576201a3479a4181f984212
SHA256f9f51a1b7bf4d9e818c7da33a322cbf3697206d434778a76b97c71ba39178297
SHA512ed97a11a70cee25ea83b3096a24940a00cbae9c0f267b72c517c5b984c4c517858dac33ba669aff45395310704c3730b14fc7de81128a716bf9dff9a5e0066a9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5ff90586ed315dca8a278e8089d1cc16b
SHA1d8bfd30bea8076b9fd4217c30b43cb9cd943c27e
SHA2567c9f9ffb70eea519136980fbb8607547fc233f1532acf85ed0ff556f82f3bcb5
SHA512be7c588b2095b6327266b7a529c9f249d5058472f3e3ded76248659187a582f4f81b8e2ccad5bbf0ce33b94d8283509a92613bb0a3c35bb68a0122b10eb9da24
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5f2d81e5cd75010e414d7c6f2ae94fd0a
SHA13e0c3416c96e47d726823fda404bd4dbadeeda25
SHA2565415decd92e0e0d59975c3bad18e1f91f2b34d146b86eb9622baf65911aa3f80
SHA512db9471da5a114a538c8a2039a08d1cefa46c772aa107887162c77fda2e7370d3ec4b73c04040736aa3aaf51716687a8e421d25ab432d26290382d5d60b104ae6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5ed7584d2ca13f6c369785fb111d89e90
SHA143779359eff5b3f782ea72f47e7e47919833aeee
SHA256dd7dad66f7aa8b73da641714c64931e41023692ca367f0bc4a4098c02d76b37b
SHA512bd0bf0f86691d527d69389d7494acabfd6e42339ad84e55cdd4289914bc36f5f94e57913fe7097f76be5fa1537df043aa02403f19f7a3fd59b7bc1499d4ee5c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5aa50a804e82d4f5ddd4834791b0a4a4c
SHA1d88a5431e98fbe67474cec1e29b0146b10e535de
SHA256386c5afce6cb65f41f3112472b6e69b92d33f1d0adcbb917f0250c077fc290e2
SHA512baf255ca96ff69668618ed52d44b9c0f0f47904feaade8f9bdc07ef5c193e84dd44f9240e7ac8fc2f60a2239dda4c0bc412a39f3e22af070c89176cee5565b8f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5b38c1ec2e7f892c910248980e394ed51
SHA1e20c544fcbac1a237afee28be1ed1939be73abf2
SHA25606a71b8e61fb3ac463352bbd7090d28bd73ec1780c2f598cedea0011d9af4b2a
SHA512c6f152b0d5b559588378df9fd8dcc96f1d992f25f2e2cad514b00e6156cc030ec785c1bbccae1d0477302c467d483ddeda4829cadf223250820a6be7da681ea5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD572ced2a41a1ac4968d4981be13715fe5
SHA1d88014ab16a4befcb96baa7a6a68682647cb9a41
SHA2569fe426e2cf426ae5ff615e99947e56757f5b7e474ff19a525b056bce088ec9f8
SHA51230233733481e5fe57d88e3c8476aa375cd22f7a0a9f37a720aa3288914aa8c440469b6de3af81ddfc4fd32ef2cfb3c7f394ea3eb8e1410fcf3103a61e3bdbbf7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5203078b447d3e5b987994f7cf38c17ef
SHA1116e0de61fdc5278a73a35006703661a0c07931d
SHA25659834dd8ca373a630057949413db30fd7dda1cffaadd242f1445b7f8b3e7374b
SHA51221a7650e4b2a4420450e1d079e0f83ef42702817e1ef0bb6b47a6b5d12b47f6fca77c92567ef495884a071303b5fd2b0d32e4cf81f8a1fd2dfc1c37ea78dd874
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5c4122fbb2c070f73f0a0eb38cdeef8c9
SHA167e813fe9997bbc31e53f0768f1ddde19be92a47
SHA256044d314bffa85bb6d02b71025464908453714f915a5a1579130ad70cd2a909ad
SHA512200ea9d9cb4e852097d2b098b8b5a06468c771f2ddd5c23761983855b331df3e081b0172eca96fe779e453c628f3a6eb75cef46193d43a78c1e04b0ba8324fb1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD581cc1389471f185074b8fae7312858cc
SHA18689cfc7119b1067189c40e6e57c11f1c3b70108
SHA25676198b3b81e3bf6778debadd091c19bbca321f5a02acce8dd21a2439ed51ad64
SHA51266b0346eb424733e52491ee4461d79f15cb78ddcf8e75d98786369363d31535477c7109c85422cb11fb9598eaac5dd98bab2ce8eecd5883fed9cb93d125edc6c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD57a090d04619d9990bc1460f9009e744d
SHA17ad00b577fcb2f3616ce7b5ceeeab6349d453557
SHA2565ff5f77f3029302d1d3c7ad963db74397688a5ebd773ba648b718045bfe5f8b5
SHA512d06438f42e8bae5e80b7d439bb8373d87532028e61423869d36e2e0adc5bcac719638ed70a53de87e669c06b6d3806c3a0094defee38a6d273c6dedee7fa7bae
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5c5d4cf989984ee3aace100ae6e2fb8fb
SHA12f036cf1a73c1814a09bc69326fe4849f6ffd206
SHA2560d6be4428b9d01bb5c2dc32b7a83b0e490d4056e9c25565d3cf0c1545ca5549f
SHA512a5aa1b17a63f9b9539768af863620f0f61e46a25c958d4e9b1b0cf00159722eb0595c5816e4088125ec1e95cc72f2ca1168d54430bb5f4471fb9827d22b54bc8
-
Filesize
335B
MD590e1d1f0d1fe153315fc40723607dddb
SHA1ba93dcad39e699dd5dd99643fa105dd3237aeb32
SHA25666ad45695d485a905e74df82a43d6e8fedeba94cfde41bf53ab93cce21194a17
SHA512f5c7e0f0e474326b4674770ec9a78efd6a9daf52de72cbbca72d7ee49bc568ea86e3f1d0e3b5d1b1a47957b1495e462f4d99642d8b9ca8792ea99ff2a9763915
-
Filesize
153B
MD50d86c6fe0d9ca1838909bdc3fb3ab026
SHA15f3d9ed880f31e48fdc03b6887c79c9e7577c002
SHA25628d8eaa5dc0a0e02e4fd4e1028edec1b34618647a28fb39d5dcaa7d950806fcc
SHA5124dc4e0d58fa1374d1ff49bdedb82027d5e45b069fee887a085dafff91575af712731833746d66bb285a8d76a51d282a51e7b2c9e321c0d68f3ef1f9865d438fc
-
Filesize
190B
MD56e604924313c531e61d486b85f85a9b4
SHA11f3f877ea18c557a72946d7a1ad5a744d38751fe
SHA2562ae2c641f75c1f44501d7d6eea9cdee7b99f05d3cf035912cb70df95e6e0d067
SHA512e9d18a45ee3d4840454b061e1c74dcfd5abfefd6e29e3ac7b63fc3466e8577802c5f892de88cea16586c60c142a4b8477756432210e2ec20552191187b22f5af
-
Filesize
190B
MD5c86228e434755bb09f39c3b22661c174
SHA11df325742ae963215013a565260f57a2f16145f9
SHA25676eca00f9cff8067238c9f6d9ce85b924d3bf4501c8f9e84d38961288a3136fa
SHA5129981b795e6fba1aa3313b580459ff0ea46418dd0613eb3989c249dbcd8f6078225733cc4cfdc874af736f4d06a457765219229ab76f7f389ed05e9ed40799114
-
Filesize
1KB
MD509d30328f900c24419d39dd6d9bc45a3
SHA1f02bef7b4eed27a3cae1eff66adb4708ff2d1fc5
SHA2568e9f5359aab286b9c6e3ea338435262aa33a858a46b45cdf72aea35b3b859856
SHA5126a6f4231e72c972e9a0f513029c4b9fcf0a9130637c9f1883c027b57588b4ff1bfd80dcaa76d5e1b4487c4a33ddd2860b080788956e6e5db1dcfc1c6cec52660
-
Filesize
31KB
MD537df87f3e454e1f5e2c5d936d0cb5ab3
SHA1b9ffb94bfb4a5916be19d12b488a5e5650eea874
SHA256c5234e2d41da3a0a15d09738a628b32f550b2ee868ac06155ca32c3b5adb38e6
SHA51282c9f882742326b375590e78696a569996e907bee4d802017a5842de64e5ff9debff28621c27ea10c7ba7024c23e09cf867af65d321a3bdad42d0029d8b74aa3
-
Filesize
34KB
MD50b22e4a8cacdc0690f8b5b34e0420fde
SHA1bde34594840e6d53f524860bb3e9b03405b90970
SHA2563b4697834f19b0b3653a92dde8bc83c4b57230aa373e4fe5c62611373458087d
SHA512c57b56b700dbfd24b9b61fd1316605b65bd2c9720055b00118dd76cc552c67c365002680c00405b375051c84548e42582fa3384e17617f72300e139a893d7d06
-
Filesize
23KB
MD57a021194c42e7b905a65c0d665000697
SHA174bb728e5e22387877e0e38df168569e265fb5af
SHA25672a818ce933d75ff090f6f9c6650a019192042f3ea4faf3a9763e501350ae278
SHA51218e265e61d982998d00b7108e071830fece7f809af695dcaba7801673563eeca845e856648ec2476a74365e410dbe695f67b9ab6693d3ec59634e92287c44ef2
-
Filesize
2KB
MD5255b4358bcfcb72319346c6ea9491be3
SHA16e3253362d878d3cbf993f969dbf15af2f4af3ef
SHA2563bd079fb120c9e573502306f4a92ac5d639137f4e53beb43dfd5bfb9e5733d34
SHA512faa1785efec95304a68b927d3cb472e3c88d4b68fac63547ca792fbad6a9de8517f846bc4ea1a7e41590678ad0100baaa0f6d4c1325192cfffc7eb5c490ab917
-
Filesize
1KB
MD55877c6d55bcdffdcf734a593a4838ffc
SHA1fe1149bac89753ff2ef41a0976dfc29a9e0cd757
SHA256b77da9d5edcfda94afa6846f753897d3cefff154ea2ff7f6aa64e375a299eaf3
SHA5124e6edb25fe38f3ecb5eacf56ad245af2292cf10c2e3d0d4e082bfb42d99ec503f0ea22877ea8949b1254b291b5e8d87c6f099d11dcc0464ac6243356e16f4676
-
Filesize
3KB
MD56066871cbfbe34fbdfd6a2b13398e55f
SHA1298ee27eb63623b10eb5ed33ec1cf5b5407fb7b4
SHA256560fa6b4e6335ac0e402cbe98ef45416f1d616e6b8317631056084906fbc7815
SHA5126198a700898d2f38d48cd33f3ab68bc9911dab136ba0293f2e926e062d05ed2eabdd05910403e126c9c40984dc28aacfad5778072a9b1bb313fae28b9554e74f
-
Filesize
2KB
MD58cb1fe7474669e3fe32d41281f4d3e4e
SHA18ac3e87ef33f712e2442d04f927f34e4630e05c1
SHA25677bbbaf5d5bb2e4fd05e5af8e8cff9710ba22020eba5d9320aeb097c6895cfcd
SHA512f1f6f90a9b7f113ac89b87278f8327d3899d765d6cefe8eb4e4036a8997316425116b87b4faf83cfda0691fbdb315fb8745450dda9591c653385a994547a672f
-
Filesize
5KB
MD575cbd8778d8e19207d8181a89ad61fb8
SHA1a1271fedf2e61e389ecb3a712282d155256e4dad
SHA2563ff57ca94f2ffac1a7a4e5acd375f039b9f8f23e40a384408dd59355b6988dd3
SHA5120999d9f1eebb6458e43cdb72693dba418139c01544ebb00090fafa276344d62bdc7160508e432caf5f8fc2b078febe8fa8d82d6c2568d849dd134ba14dad5999
-
Filesize
17KB
MD5aaa97115254e558eb676b62b639860aa
SHA1a40d4bc6ac6c807c11d306d8236ee80f7a9e0cff
SHA25606c12a1e8db1f3e7dd58d3fce6b052e39a005d33712ff73078379635ba49987d
SHA51223e9d984c3a52a6fd2ef6012e7ddd94d62fd36c1507296b124af86df90a9575759f1fe7656350e1585b77d64101e59a89477ef2c4aebd4be365f0791d7b64b4c
-
Filesize
320KB
MD5cee03d0d0f6f54d25e9ed77df7f0e616
SHA1f58a35d65a702262cb1e28f910a40a9a11419a26
SHA256e66962fb422a78e0aa4dfd01adf67a09dba5d70c463454e99849e7f4ac3171e4
SHA512e7b81e90089ea4875635cbda2804954cb735953c2b262352425248272fb0b94367c75426b3584e84b087f45a549139cbffa89a04b6844ae355ec984201d166fc
-
Filesize
1KB
MD576338948dd6e9ad047095f41d3f9bab0
SHA1747e1bc57134d3fe5f406c6586d6e954626788dd
SHA256c9f939c5a1d2885260180e68a0a00a9209cbf6b5b4ef01581144029186b369f6
SHA51269b4dd336b224641cd29d7f8748a09bb61f56153130b51e1c7f616fde75168a94a8334e65fc2cd254f813efcc0816b3709dbfed9ea85e5ec0bfe03185f3b5c1a
-
Filesize
10KB
MD537d97722d405045d5a80ba4e7498e111
SHA102f00b67f610659f7183d151015b565fad972237
SHA2568e2ae58abf3df3b812b4dd26ef2f69dd0d9709b8d9c56764865687613d9a21e7
SHA512b6ce812d1eb18b65a4f740b99f917337d74d810fd0caf26e5df3be733961da891349b940b08d0e1caedaad43eb710eabb7d1c0aca56a76b7a13e4875aef2ce0e
-
Filesize
3KB
MD5554b1a8ba78463a4719e821e598414b6
SHA14cb54199933b6b2235ee08c3dd7971a8c5d47061
SHA25677573046e05d1c6a4db038c6096f11d9d30144cad2b225b003064af3eba55067
SHA5126e41d3ce878795e0a3955d99cd4693b871da274b6dc685c10b98e3d96e8852b46846e41c831b2b042e976e72f57e6188c1be01c672ab0065e98daa0b0d7b9665
-
Filesize
162B
MD5b4d841a1af1f098197df64d6af0e7b20
SHA19e71d9aa24489118a1897c57f96cdde45543c2d0
SHA256fc75a7733c902a9164b500430bcee1760b7405b41b2f044af70a6a34db813cd8
SHA51273bdbab14627510aeb2e4b125123a033f9e36bc4658e86300c39365414891bd6ef9550feb29b23c26747158ec2aec573f8c80736f14847e81cf09839f77266c8
-
Filesize
1KB
MD5385da9e2db4d6973302eb81b6678594d
SHA1ff6ad65cc6a23e8730a6d490ebb4e571cd856739
SHA256155bfc38333306346e5d70e64a483a4fa54d032e30ae63a276840018ca20cbf2
SHA51216b45d994694b47999c05ea0d3b432481dfb191423fb6b87540f0582981ebf1673bda3d6971751d916876e6829f8db2a670c70251f001ea635f50e7964774c8a
-
Filesize
3KB
MD50ebf09a17781bd67b3d2cf22e16d7f1d
SHA114501da765fadc074d3e0cf2b97449359e4ebe03
SHA256f0d32a125d3550ff86753a154e48f1186ead35fd6bf5649ab140de37ce32c5f4
SHA5126af1c12bfe56ec9f37a33c260a1c51dad97658883fc58b197663e486ce6cb2c5b81825f689805a5fb14f99d5737d4810c63b5f7603c5f519e5721b0c7fdbb6aa
-
Filesize
1KB
MD54e37726cf9ac59097d7d718415953a8c
SHA1f919f5652ec44546e2cfdf3dafd81203d11e463c
SHA256add23c6eea9aede6dc7939c61ce7804febb536edc38bfa5699b572bfdc6094ca
SHA512f18fc9d6db1dc9de3ddf583e685e5d75d631dde934d78a42bcda7f3bb4ce70a0688915eaa573ebe40b52edaa0ac1c7ebc4559a1257c8030f3bc8f661ac32fee0
-
Filesize
28KB
MD5ce396937f233b8b8022a6e5eecbfa23a
SHA122159c9dd36fa32bd6ff56ac224665922c77ead2
SHA2566665936c8e81d23afc14cbc40a243bfe55e04ff2cc58d4090947637684e36d7a
SHA512d4117db4f938418f7a9edac50f8e9b6b5f2be35dca3493ff21171fa2fac9f97ccfa30c9da9b7fa8d4ab1be861f474260639d58a70fe3f197e249d141ddbbf0a5
-
Filesize
2KB
MD54b68befa289034efcffc27bbff3bf4d6
SHA11f2c5008f58895e8b2ef2e1d7e9299f69931b925
SHA2565c6fa5916faa28dd0ba5850f15ac730b5114c0885cd549bed8855124aaea589d
SHA5122bb5e7dba71af619f29aeac0c2e0f3dfd5b4ac23885cea76350b171584a94b48e4b664fff6e8f2684d77d01cb1fbd473184bc803ca76038c7e0c636358439621
-
Filesize
1KB
MD522215ae083f0871b2c6a0cd1de9419f1
SHA1f1943e83261d7b1b839b2d324c41b5afe57da3a5
SHA256940d49d6df0d8e71da65232228385aefedb2b3dc88e11738471a9e9b847a953d
SHA51229b9e1adc81e9c734a9b1e14e4055a6aa0586f87a1e57ad0878ec32091f89945066ec96cc3afab4c754dcfa2eaf6cc6198f4b7aab551e36a32d1f1f8e10db0c2
-
Filesize
2KB
MD5f83fcb3ab40ee0bf6a117515cea2d9f1
SHA13a75e249203117b08ebc38293e7f73d1c6fbf908
SHA256d0cbf045595432024dc75fb72d34382643a5c27e964b1a4df6f9f9f289e60b7d
SHA5123230df11889e7eddac405902b8444c80ba95a9d86ba31ebcd9227d7e93ab90e902e9cf2bc6ea62e4e9d8a6cbf50d7e12da8a2f8378e67550e55e2dac5ca47977
-
Filesize
1KB
MD55c5d4ba396099220e277f636fa809693
SHA157aa22c57b599909aa985ddfaebb60ef242725fd
SHA25652d11f772269f66fc8de3cc0f39f01c461cc63b3dcf2ce6e53e238b82cdce0b2
SHA512002b0c5c1d1228de32caadc6af572f822bcb9ae94feb89b22c3010a1085f32bfcae25ac726e249033e114e1fdfa40e7756dc1d1c885952a647c26212175d1def
-
Filesize
1KB
MD515dfb8323034681435686673ca84b96c
SHA1ccd5ed8963eba0001c464c7d9a3a98c9430026c0
SHA2569f13017fd74eb756adfceff4d5e1d71b0865c345527d530a725e0f278b0a9167
SHA5124134f7b984c5446c6c6e04ce21c0095443904607e0d3fc8ee9f830ed2d3221a00e824b08a261c96925348e29c85ca6e3f0e036136e8e36a6b394e8f8a4ae0777
-
Filesize
1KB
MD5f0291584e5d7277bb0ca0094e3f9bfd4
SHA1bce58e8da5daef54044eb0084e9d25395570c1b1
SHA2562e94a5ef70d4e771b78ee9e2112365625cef6db96d909318c3bbc2ad5a5e4fc9
SHA5129a8ed1b4de0a4fff106e2523ccb60201da211037cb9051ddc69663edf9dace3c0be37e39ad0a22a13de561b4708aaef068bd5484419bb499b68cdb63d7d6f338
-
Filesize
3KB
MD51700f012afa51263034ee4cc90e5d202
SHA14593bf601fc0723cfb236d0793d285d9b9d7419c
SHA2565bcbcbefc2cdfbfc0843d2a9c2418cdcb5ad2aa4ba8a3749185186ca894ee176
SHA5120c5ceb9c4d9a80e3f7af1c6e5e63376f74d3a23b81bf0ba97a3fd8c160a7171ab72004b41262128a0ccdbb3bd4d9ab0c69f47f7a941b8c3fd43f38b12261ab17
-
Filesize
2KB
MD54625a037e83b4008ec8237a66a523e4c
SHA1535e47a0a0ad0ef3f255908622c18e12e43ab068
SHA25661b719ab9561622e8933eb9aad706d87d7af1b9252365b6fca3c007ffe332630
SHA5122ea29705d375cbf337c9e2616e4d03b1b57d1ac0faae8ad8649fd35b6466ce36bc7b2fe8ef7ab4a6bec060d7bc5c0a3ea779f325df8152ba0e7647d655fea455
-
Filesize
6KB
MD5b563098b3cb8e7550911664d71ea8dc4
SHA10d6aaed17ff84f835309a8c8547f7bd540c97fa4
SHA25666f59ca6ddae02f17c024bf38193f37183ff4b6aa9ef7eb87bf8bdec45d86b81
SHA512d910c1febfcbd336ef11232f559d5fabc187154d04394448606a0409cc3d222eb4ee915782bd2db6037e0c520f822359fbb2c69014b385b596b002bc48951aeb
-
Filesize
5KB
MD5b40ad001ffdd73950e7181e087ed4db6
SHA1e24d8c800e90b96beaa1330b35a4b6299398eecc
SHA256c2fcba3452dc94fec740651225c9d9381345ae26b0c713ad69a90653694e5985
SHA5129ff8e31c4a54411939c93239cfe769d957c339b93f17ae49f29262181a3b23c171fe9507ff6806d29c3d3879eb87d83c0881e15d175d3fe46a565eee9ab4e248
-
Filesize
3KB
MD53cf8ed7f2edb56c23a9d0542779e7d88
SHA1dc6a2a91adc3668bf0335c3f6a7be6a2e3e76a6f
SHA256414ee32d5e3fa86b4a9c33377f2a98ef254cfc0c922d9c43656ffeac498101b6
SHA5121d04b3d26d7750ef13b490025cd5a929b7ed7ea2e8f12402868c6fae5e213f13f8b47ce624b3a45e80371ddb9782f9776b19c9ebd58f5360d7272df332e91ba1
-
Filesize
2KB
MD5c91438abae283fef0847da645f011955
SHA185084deea415d52a5d8cdc7ce4148b26462b7803
SHA2560ac24707e72e58d3945212809648c3d4564a7ecdc4eaf68f9e95630352cac328
SHA512b19b1e402b4fd96b0f84d77ee64663ce16a88ddb79b53889b79225e22d9643f4f689ac6b71406be876e569e52f5694367090a5c5edf4c8128cf9916b1afc663c
-
Filesize
2KB
MD562bb178a8bf2aaf127df3c3b8825fcd6
SHA1a0b6632b222011371bf82ec8aacb4d05b5628f7d
SHA256da81658e118a14796874d2eeb56c77a05d1ca85e7f84b8947f59e5a03d27c268
SHA5124e73f826dee06beec68e1a0eb73f5b30f43bede6bca45689e85377e2afd7f0ecafdf77bc51eaa555addfddb5dad0b12e87ad4ec865f96c67d8b31407a4c4e1ad
-
Filesize
1KB
MD53ba1a78841982455aeffdd4d1c42e60b
SHA18433addc9798c9926b150959668030eb8214d9e6
SHA256a55761b91e2db403af6a9e464a4a818672a6154cae3e093e5423f422eda505be
SHA512a57c5dedc521edba1bd25ce4e8ef988d26ad41f727d75cffaaa7e13f6dc96d6ae8947ef08eee91b0cfcfa627cc485bef53ea691ee43850583eb6213c5c7d99e5
-
Filesize
1KB
MD590f366ca1920e22a064bb46c37e50bc3
SHA18ef064aac0ffb69a4e7d7bc33442d37dbd56b4e8
SHA256eefcf208b0f50dbc3fe71ff344592ac1c5a5ae05a6ea6b6a888828a3b467bbbe
SHA512fe99ae524d3c0d78c0c40bc20bc5a49bce22390e6e66a04940bdf9d81ceb5860010912c2d6bfa91f008379467b73b8bb5d27de2a4e9adeb63ea1e92cede614f9
-
Filesize
11KB
MD548f9bbf1894a7afbed02d67570d0f3f1
SHA1d2356b650724db032c18c8ac241cecedee88ce60
SHA2566719ea391072768cf2552376bc4be9d130314c928c9bb14d260537dc81bfbd05
SHA512554542c7770dd36b85bdb459a84dab103add075355004563f865c8609a7e6b051182564b6376ff3276118868739c7dae76ebc8ec0da75da9ba855a127bae7142
-
Filesize
1KB
MD5200845800d73a3fc0f85c3c8f551c717
SHA1139b7079c50ec656119ab85e98cd5fe9ec067898
SHA256564ed9ca7e751557adf8b1a134cc1c3c63ee10e6f6c235456d129e3dc421b643
SHA51299a47a20d768e78e5e0820bcf6c03f66595357431dc4dd1b3b37896ef3b715af1f37d1ff8e7789949e03c5926aff66bdb8270b1593cceef859a20092b0997490
-
Filesize
2KB
MD5f319badb55ea46bd12b073d9b7cd66b1
SHA19904a817ab5a15c45504848c3c5de40e9cd04002
SHA25658986e822290fb0be349ace966f4e22135c205cd6a96200fc364b444399028e3
SHA512c093ee2347bd81ada05374ec3dce26ca0dad98734c16586af38b204bb033ffa912f43fd049cc5eba513c091fb6f6cd3275c3779431dcf2af28912262d0bfc71b
-
Filesize
11KB
MD5cf304994952a52e3cf8ae133b3817dcf
SHA1ecddb688d92e324cc265cd6a38a711d2cb1cffd9
SHA2565ea56201e002d7852e17fe323296a5836d8c74f4600e6394d2c77c8a635c24a0
SHA512e942b04a14ade7345363968de7bc62de32e50d9f40fc3b78733687137e431fdfb7455e3708191122848d7f89f8708eaf113ba99726fa7f00295bb8cfb675155d
-
Filesize
11KB
MD511b2b4c0a2b5b0acf6211639a87153e2
SHA14e50503f1435a92a307c460b6010760194be0ebd
SHA256eb8190d98161523a0875380edff11f9a508480c57591988643d53b9b2a468c2d
SHA512a499376bdeb6baad090938482c8ec148c43223b23648d65ceda286972c70023e89a64d4003aaad36d7cbd297cb11b74074808ead7f2ddebd91554157179f8111
-
Filesize
11KB
MD528d8bd3cf08dac1e5aa6dbc4e735375b
SHA1d0490445320350faa672db3939527f78e3fa0a15
SHA256945085f42a32804621d490389265b785d0da6371b9c09aad58cb094fad461f13
SHA5125c87e1493eeb488c7c792737674bbcb2c36e8ff78f70e9bd3640d3ca500309bf90eb1906575c7327b5d6c139ba80349df1e97669c26f644f70072bb99f2bfc79
-
Filesize
1011B
MD5473f2c1b9776702760ed0b3a11716c92
SHA1bfd05a34f2a81ee04cbf02c352e7d52a89a280b8
SHA2562a246d7db0a06bab8a9e976f28e0762a90eae071c7f2cecd0d2fff75307a8547
SHA512ddb855025bda96053193ea21271ed52babbd4408949a4c590c41e3c610d59378d21c0194f11f2fc60c059776201c4e020fcee06150a7315bf1dd5ed16951abdd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt
Filesize77KB
MD55c8b6487bae272e77ec2abc3bd776474
SHA1e68d4230cca2cc75b5c04659d60422ac001c40d6
SHA2561f80311f4d85ff4715a9df27477bd99caaab30d7414f859e8dc6596538adc2bf
SHA512a4cae387008bb7e9b4213b5a81be05f1a64dba677af0d46d0317a957d95033b77ad76f84bded191910ab21a000c5cccb2292e38053ad2623a04917062eac4b59
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt
Filesize48KB
MD57f26a983e35a54a447c968de9c290d1d
SHA1e0398ab369638805c1da9ad75576b29c8b845688
SHA2560de9c48347c1c707595f557bce8fce41d78dc2065e7f0bcc88b00de9fd3394cb
SHA512555742b233c1bab6d1cf550d2e36d0e0c101efd24518f63c7729140ef87db33444b8f03726cc5df6eb2a63c0080ad4f2a10ceb992387bd64c5615d5b677b2a94
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt
Filesize64KB
MD5a437a5fb4b940afb28450c5a252da793
SHA1e93fcc96b2c313fcf20878c4bf1d513f6408deae
SHA256f4ac4b801e0f4eea19e236f69446b4c543cdfe4512d467a082a31a8c5977adbf
SHA5123c7c2e24b684de16571a79957430ce1606eaacba6bfe5f52cb2d0b8e7194382bff49e6092472f189a3940850ce31a53bbb95108914ba136d72b898ded1205019
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt
Filesize75KB
MD556901bdd19b84f5764583ad6ad11c1ec
SHA1aa5bd8858a7fd7e9e3dc1d35278baf563304ae0c
SHA256a184de8997f713901acac4c38babc004858da3df5d24a84e3def40182deb5742
SHA512c5d2a12d4aeedeec5767ab2d385ee8a41dbe5db96f8654adfcb74e31175c54d6108ad085e6b3c99cb58c4fb29bad7ab2dbbcf0cd21fcba59674914ee8ce804f6
-
Filesize
7KB
MD5a1d121ab07f4a1aa4b616a40a2e9d9ca
SHA1f01318ce084ed79c39a441b50ea6a5a960e24afe
SHA256bcd79036e5b04304f16dd88aa5f971fe07b17c93607f4466b476ef79cfeea518
SHA512c009d2ad02ad10cb1991859e80b95ad8191e864168b62216ee3d13efa5ec416fd333c1eaa6cadcbe94269fa398d9ca7340b0d089cc7ead8d65acc382076a5787
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5cb988e77ccead7cca5b32edc0754b02c
SHA181334eb4d6d2a601e8569dab9c228b289211ad47
SHA25690d7832544fcb3e37b1e0e975d0399ed27199c4b72d16d9cfa3334cd74f12847
SHA512467387c610a54b8c55fd0cb599f3aa8202da28467ce8a7465ea22821db64f8808b81f54942e5dca1a18ed538acd7ddc3106e86c3543497c7a862dbffbad6fa20
-
Filesize
21KB
MD574f40ed2c15071e54bd7daa5f5e95d76
SHA104097d123f44ad7edc4790c225d2e3b182e3ccec
SHA25655e77829039bbca8283824b658b6c7e8988458378173a1418b51756a8311f2b3
SHA5124152b300747b4cd608fc9d2747e255f96bf4a7e289cefc6ad311dadc7c9c860fad92c7467c370e8193c032382fa66ef19c72f0bd14997fe25ec3d4413e08cd77
-
Filesize
1KB
MD551b82c874f39b8f498e760d610b206de
SHA1d8f14e83763f061494f85389fc09f817e465c36a
SHA256d0f4491fb7cf0ee972948fa1dffa9b1905029a50590ee0acca047bcbb0f9c644
SHA512308838610d8403a5087d3e11da7b468b6786c2aad224e796a383a72095a021850c65c5ff6861c3b78eb51d62cd94eb64c06fe5eca0eb5ff7c68e3295f105a4dd
-
Filesize
952B
MD53719dc15cbf9a76dccf29ed12e10c2a7
SHA15dafacd01e4b3db9fccbd6aeeb1979835935a43e
SHA2566b151e3f151397dc31e943e37ada5be155659d30927e229919c702d78db85cf5
SHA5127f6efddfd8231b674a7f8968c9832967439002df4bfb5fc9cdfd133231efa88395a8aefff028b312918c5976e6469b6acb1a371f1a20c8abd4f70f65dfbdf4a3
-
Filesize
121B
MD52768a7a4be7f853cf817f85cffeb565b
SHA1f1d5d65dba3fb1db78d1423be25f48d53f04ea63
SHA2565441debae8f2221f04e5d96394e24ccd385a3881ac250d234170fba04c7b8914
SHA5124a65a9543a03e4954e5565f4a85306714d6340a92489525245458c4a701bb26ef227915c720dd35828e723c3fd1cd2b6e03808f6a3204b93f690da8800fc69a8
-
Filesize
1KB
MD5f76936fb112568f14a9eea6225a12337
SHA19da1c8fdf9bc8b4b9031f91dddca325477787034
SHA25647dda8e08d709d130d092bc8d186ac5341a76e6b3acde9874b54f45be0898add
SHA51218bf11353287c897bcc3a15468c764b004090793e2c3f4d4fa81716c24a8713f5394d1dd1b63e6237fd9e397546435ac0db523cee8c4ca16d50b9d67b2f0a136
-
Filesize
8KB
MD5c97ca4f00840f401f44cddd424ba5cf1
SHA10c8fff2229036eb5af11b8d3c7ae040789f08758
SHA25636e27f2944ee5015ec3df30d053e9df1b5cdaea9b65057ec1d6f5828f0bd52f2
SHA512f0b5f2812dd6ba98af0e1b05722f76ce7bcd918361efd74fb42ca253a67ed63aa38ceb06856202cfa67b0e72493ac6ce3e11a927fd9aaeabc2dcad460d34be03
-
Filesize
914B
MD53a78e5aefa5303792743bc55683fb3d4
SHA128e3b6085365c1038088522ec273ffb708aa7fa0
SHA256de51c18aa28e808c8fcf9d033f4a57b0f5667ca5c62ee3378aa2cd338efb7fe3
SHA512495de55fbe7ed2b1c211876ad692ba67dcdcc13dfb93cab546b13be7b424e1acebd6e5e15c6df04fd518b616c13acb25067192391cd40588cbae49e69e1b9365
-
Filesize
90B
MD5e0b1c87d53e15a6216290456af5a4f55
SHA11a3dff0f38222776dd6989aeb8b9fdedbe29b005
SHA25641c1f950a7d7fd53a037c0f468465a086778bf48d0571125be91a82885b81348
SHA512cc87b8b8c1c76445d39237ff9aaf82d4b5ddfd367f717d6b1f25a7d3947d61614c931e2f27bfa35a32ab80f74212d0ed2fbcb78853836024a320038aaade8cbf
-
Filesize
90B
MD5ec488425a145c66571e6acae5459eb5d
SHA1f1cdd1727929db1ffb91196cce3e7f60415f0398
SHA25647c8eddf310347816ea57fc16ba5ed84c4646c04c665c3020aa18e9d6bb97d4d
SHA5124aff26a1c2d6f47c240f34bbfbefd5edfa9939c44531d4a413a8d86aaf57ed835625dea3b44b291a1b3ff99b007ec9bb2c34e7ffe2730105548a706823299e69
-
Filesize
328B
MD5e7c2fbd6f49833a4dc1e44dc253f8a8f
SHA10bf12d8b09094053355c876f970e5f5c43acaa82
SHA2561fb6bebb574fd45bcb432609ffcf7f1b1a67c005349cbff05359ee60bfee5634
SHA51258214717f53b4ef8799b58a7a410df6f2ace6c116b22516881a2708e81a13d18527443cf1802116ee649d44a6b7ea94c8f1ada79767eb1cdc2758c5cb2bd69af
-
Filesize
1KB
MD5f328e703e45b6eae68a1918c27591b07
SHA1b99d060db889c8a29ca0b9fe722ccfa4f6da11ff
SHA2562214216004aeaaeb06a4517d2edaec90f0568038e67ce881da6187d2e076e5fe
SHA512f5bcb5ae05ebf503973a615338ffdba0f2ce70df8bce80c49b8113d02a3b8658d2b699a144e62c3afd9d806f77e9b1e97581c56f5beaea148228d2c55cd93af0
-
Filesize
162B
MD545c9f2099b4059e29481e1c7fcfbfa5f
SHA1ca898f50242d75ac8f4cb0c2b1cfe185994c743a
SHA2566e95156a78e9503501cb6e5607700b91ce0c5b603b49f15c84bc628b57990122
SHA5128fbcdde99e1ca2d72f16ac320003b8dc8ccefd2ee548054e28726723b131a5676492c6d1ef8e7759fc21c8f5535a9844eadf8b4fa2f2bc1139a36313b25cb5bb
-
Filesize
586B
MD58593eff0fc9b3de9235dbcca9b054448
SHA1ebe7be8fcf85a003792c4e28a43aaba3af624873
SHA256941778d49620920f66aa90e5b7e5bf92fb9f14132c38bc2cf90b3840ca1a93b9
SHA51248059656ba3675087c8d4e57de1fb5c1e8f2a36cd4d8a5dbc3f1ff7ae187a09bbd8d698984b05854cef1472267621c6074915a01d40140ffb2edb1cc487f09ff
-
Filesize
124B
MD53a3a0a236f4b3bfe956d44e1d61e8c2c
SHA170af6da4d6039ffa2c8de4308c644a086d180971
SHA256871901e9c8660f05b9300ecf5e38d7ec1b5e5304be1eb608080f5669a609dd25
SHA512a9891e91abf211c8cfc5376ae2218a59481837c2c11df0e61205c2ac676f943bc082961eeceb62a966c2a3ca3605ccc3d1a1470180d0fc359e0166258f1daa57
-
Filesize
8KB
MD519d54cab01a9f98395493a6dbfbde6b0
SHA1cbad37eb8be4409d96f6c26d41de8db20f635dcb
SHA2563c20dc5c607091dbf9ec09c58bf74b0bf2bc8164173043b1a1075f32f8e4df66
SHA512faa1a117778af4ebcae13ef641b356c5574b9d394644122ea89daeb990b298be71a8f798ce35ae519f2c5ca228301498a8d257c848e231dfc488eb60ef0c2b6f
-
Filesize
880B
MD5aecb20258b55aa32f7d9f74211179f8b
SHA166987ebd8dbfcf82538c50eb5317824f26676b43
SHA256386cf93f756f95f696ea0a364a8a116b17c3a68179c14f9a31695f0ab8eb9c69
SHA512dc4c926553db9bb0a915610b8a62659c2d0757e6935d721c7fb13e8862fa5f18cb182d437eb6e676464d67a91ca032959127df1b45615589e9febff5d6f0aa33
-
Filesize
1KB
MD50f4de9acf6cea97a252fad4e26852309
SHA12b06aa731849e37168c181e4c29ca129e3751cef
SHA256c603bb78c078ddd6382dd27cb8499d0ffe878a4d9a78d728250c356a394ee016
SHA5122e5dc397d5bf380a6604711d7216291d72e27bd93b9dbdb9ff77c6861bc95c3d1e4baa82fbbd0b8e462ddeb767e54b16f8feedbebb6c66faef4e1754a0c5fb22
-
Filesize
1KB
MD54f325e48475e4e3ded7e4c917ed47a13
SHA147eaae757bc198e1bc68bb237a0b67d9bb1782a5
SHA2568e5f8b96325876a2c17c2aea4daf98bc9a5a39574aafbf775121523b839fa781
SHA51246849c9231d2afb0fe4f03f9b3b0729d561871e46b66abd556cac83c8386b7e6dd96d1f5cb34429f4cf7c75729b197915e2a374b0a23aeff3b39ed1e624105e9
-
Filesize
1KB
MD5fcb965b9a1c691d38cb664aa72eff883
SHA19b39397b6f7408bec40923c9cbf20ddedabf27a4
SHA2560023cf1b14eb9791d1fc3765777556ca698606bd67cd03b232a06fae44410ae1
SHA512e32aafb4d21e71d7d7f1c1e324b3dc0a7d370c4a9afc3059e1c511f4544a431c31aacc13014f1e9e3c59e9faa97b3bf511fd1f6fb367fbb5fe110374fb91ed87
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5981bfdeffabd0729c45f03d4b894bec6
SHA19185ebc2e6dc3286eb79fb9d0b28419e2dbc2885
SHA256ec7f5bf7c1637b4a701d8a90aaad55f211fe426ad63e7048aa1b1f10e28b653c
SHA512f37ad249e8986d70307f6e5f7f45d1aca852541e37ca79d1656a00eab5b6e3caac8680ccdf5e4cb2ecc31e4104b16297697bb11a1637ba508b7bb9765ac3de8a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD55aea7aea5e9d5983316a81cde2efc44f
SHA187b51d0edffdc7875ff684b0a3cf7b3a010a06a8
SHA25669dbca5077ede14a50f207b11b15617a3483ec5f6f075d3024c11964a74c95c9
SHA512fc5c583ba27aa756d939dfd5634bbeb1dd6499754b48552de2b9efc1feda44f5966479b2b2c563f892c1b34cb69b59c88f6c76db321e1204b7248401ccea75ee
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD51bb79a0ab156cc0cd1d47dc6170eb26e
SHA1f327920d55b8cbfa641dbbcc45fe143dcff182f6
SHA256b32ef4e41472d5dece4c01c13d105c61dc368786af8cf8a508d52466ea020130
SHA512e3f72e826f637baf56abaae0af6d3a4ecd2fdbbe07e900da0f642fbaf0ae1794b8cf5dd8c95cc03aeaec1a4d14c265b0a95321e01d3698b11725870f2d3acc3b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD54db1e7066b6f146ee5bd67954c9476c7
SHA1f0c275b719006661ff12fa078c3b0c0c2e1f344f
SHA256987b4173555db682317a289e47fee1636f464b2f89f3d2d1780d7af1773d5afd
SHA512c8feca954d9588a750a91c816f2f29ccc65e312f84a625252ca83529baaded37872a991d7cf8c1d57c03c4f3620307643b307565ca23e02c9ff0c252a060c74c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD59a38fafc10ba1438be469a1a2d79795b
SHA1c6c548a12d6dd48b38eadb6c5e948172e77f2f2b
SHA25643a93ef35a8b5f41d9f7ad0560a741e50575383ba9c9597151656aec199fb1c1
SHA512e00702975fc41708398697dee4eee546a98340740bddd9df46429aa7c4b49e1694b3db914df698f5f3693e4e8751c62c0f9b31418ac38754250fefd60a313da4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD536e193bdc1c2bab6231b01e8bfe9a4fd
SHA15ac33161e19ea9d7768d5d557f25deb6b7aec814
SHA256c00dbbb9aea507a1ae8a3b015785e358f23904ea7b3229b02c2b06078ceaf162
SHA5123d33f17f5b946897e52d47cd90ff42c09260ca3129d23194f0d12fe7a234746afde6c149ce07fae85c7871a52a2f78cc3fc93bf64403509f5292a76f95986c97
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5e5b15d88f655ef1001bd6abc0896f4d8
SHA104efd255a04ead941126a9e09a297979b6e7dfbe
SHA2563d16670ab716fd6b8bc4235a78e1224e0dfc48ba1ffb7a484e5613be8a7746f1
SHA5124d2d368a383a5fafafbd9b9e0ce7bc955effb50adacd677e36ea5ed35275e93e7b917a4bf744b2fa33c80fdc0b7c1b812dd298d9b68bf69902aab94b19379bb2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5ae7a39217af965f193cf04ee8b307e5c
SHA1c0bc92d0a3aab99ff0267ac797f156849b7db013
SHA256260f41ae88512a48cd452a2dc289b5b623213f7a6e0400ba5cd5845c2646adb9
SHA512944ed7af82eb6438bae841f04502c9e27b75dcf00197e5874189aeb9233dd5e64cb3f005c72cc574c25cdb82d654c62a7015e028c23d2b1914ea4606029584c7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5393eb2ba2bd8f8d38a896593c11046de
SHA1f5127da311fe687ee27188ef6c5db5634f9ca3fe
SHA25667349244acec2a1a2ecb0d8c06b93edfbfcf45371192427922cca83f3fc21109
SHA51238953e1f25e48b8499d0d49aa7d4c16d5a3dd8421884009cb4a96946d268ec034f91d2297ff830c8bf858f9298df775a67029b25828835882de3c16a4711e3d0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD53d5a43cfc7b5c4aa777f60dcc148bf64
SHA166411d64987402c768047b254fa61bc4e9950032
SHA2566bf7b89290242ab01ee505f781bb969c9057489f530bed8ff16af1fbbf9b23a0
SHA512c8461d73a63c43c856fa297965ac368fa476aace9eac4dfdb34190d74e3af8f810609fa3cd09d7aa97b143ca6af1b9b012bbf64342236e3337e884072a5cdf2a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD55310278c3463c0596ba08ec2ce70d1f4
SHA1f0ae6f987998d7b0f88579d871fda49d79459a4c
SHA2560bd58dec1f2908327e6919864f5a3dea83e31e9c308e8db4a69f761ec4fb6165
SHA5124a2bc7b8cb4b0fca0d51abf5e14cf4e1650f609c4e45057c07ce2a5801fe1395dea0f4f7cd3a69e1a6a4a8b9fc3ba5dfc3bdd3b0472b6f3320eb47328c015285
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5c9c758c64f2abdd7a131c571ba6e96c4
SHA1320cff0e48d35ee09f85ced089a823a3027bdc23
SHA256fc3e44b355a58c471c3fc2639127571cb75e303ec3080b79524bb847dcea59ea
SHA5122282e1d840843f640125787f8dacc3526ad3ab3bab2f26287336a6675b963394cd2a1afff124dd101d19b26ebcac8924ebf23fa87a404a8ca9d6665a76892dd4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5e902d5e699651763eaf6429201ac6b52
SHA1b1df862eea2cc5cc3e327081f77f56a7fb5f7af8
SHA256ca6b32ac2cecdb65a0f7741e0a6056f76bab7cd7c8107259547d924307645d2f
SHA512a359fe16583a532a579177f0eb4e2bd8e201ba3dfa180e2e28f23cc4deb9a4794c837e6302badc9aa9f8386d54c3a6f5662b1973d8dcfb6c7fff7503cfd6d778
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD58f914bb74e7bc7de7fed2a23ebce80a6
SHA1ea02b39e8e1b58f95dcb742e30a97332c1064840
SHA2566f7450343d9c6567e59e4d417a184d768183fb8f1ef086f947d9ce1d195fa8bb
SHA5125bc1bb3e2f77913ad1ab66c22633accc51040193032755176c5298211332eea18944084154d5657bede2aae3cc0e1469cfb2dd17319bff1abb7473d99494bb9d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5ba29849d9a38155e5b8a6e22b761fce0
SHA19f069bae7fa34b0c43910bf974ce03cd1a494734
SHA25696d91323ecf8459933d934ef36f09a621b3d432192358e2d82b959abc288d6d9
SHA512c29a06600a1f6960d5e60960a775e7a751f512b89000f0785180e18db90329d85daa56fc9944bfbc9651b7fbd7a96222f38efdb3da9ed1ff5654e8aa0f636079
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD52a3a10cef990918cab2d75c2f2254cfb
SHA1f2d4eb83f661bde5f2aa16eeb32ec851d2c068bd
SHA256e057a18ba2ef7c839b4f0a18b7d03aca5803cd357341e0af84225a5f79fb3682
SHA512a6a80b8faf9159fcdcd0d6b9fc520ad4d1f610669dce4c58b280f866dac79703bfd18adc7dabe3b938a05cc34def8e934e17927d3e4b11ffd9f2aac764ad4395
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD505d7382c199d6608b7c0567e65a044c5
SHA12a5b521e97a829722b7f397c2cea2b3e21c3db22
SHA256a0c189884f18cb679d45c746cd883028c4595ceb13cdeb67acc580e288cb3b78
SHA512a874fda1202a24090a3b28b8bb16c439f4298d7b7d4613697a32b46cb240884b5f3f80766d1334347302a79cbb57f94390e4ee3b414b52e557d0c3a1046dfbe4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.EnCiPhErEd
Filesize334B
MD5c2161b50cc492cf58f08e6dd81a06815
SHA1b30b1e8ede63a5c3039bef016abcba796465ffa5
SHA2569d2797fc6a15d1bf961543da3c5b57bbdacb0978bb759045a7a60467ef2095f5
SHA51219fd4e3aa44bc37f759d6fe336dba2979dc28b704d5474b60a8bdd71ff19d57ac79210dc5eced0c39659f01be9c649541d5e9d04b94f88550d3448e9125c0799
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5a50cabf7c89d60bb4e11dc3c5b1c7fdc
SHA17fafb8adac6255f213374274835b01637bae522a
SHA2568813e7b83892b63539c93f2be1cdfca9b71c9dad4edee5e83f33af4e65ee5438
SHA5127b2d05a223bcf9876527cd82e5300259a1f8bad38d07dff3184d153a272c534402153a68fc56fbaa91eb483f8f63b32303aa4ef5c711f75e24aed7f522d567c5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD518d943ce86d0fa9cd8fad6543f932e52
SHA193d604d4152f7e097e130c5cd6ce4d3279ba4b2a
SHA2560b5bc361cc58ef3d055c010bb013dc8e5f6c03352d05c62f2ba4b31441699ed7
SHA51284c03268e390f840576e5ed718e234602207f257b11b65aa275d001514bda46b67f2812a83ca46c58b342ae21bcff7c7a2b4d83c6345ea71505d6397f33c6978
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5c0a961d5a0351535df923296e227639f
SHA1e152ccf3ac8809701144ac8d2bd70613f6bfc901
SHA25670937a114b9f0fb46d7039fa290f92dae4ecd0928a96bd9c293ae0fd9234725c
SHA512da20c16c66a85882f6afdd90f4936adc5c3c53c38ee3f9c9ccc8f3a5b2fb45e85b02bd4246a00e010e36622d550e87b2836cce5a60f656049ef86f9091a3506b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5400f3f5eb90212d78d64fcc2502b7f70
SHA17e184bc1b36b186b7cb1ea3908264f396526159a
SHA256d2170addaf791b45ba71ebb25e8539d6ed0c9df9f7e73b61ae423fb28baaf6e8
SHA512e029377e6aef4d1ec044b1d3ff3d5150d6e2e0119db8a0f26d525296cb6a9425d2af190f31d906e521ff6b1b134826773149d183f82f25a8e82dbf19a4d8d32e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD52c3c99986cf9886482b3ea3c885dbfdf
SHA1d0ac6308c2ea831320e654ed315d99a4d724dfaf
SHA256161197b1461d7232cf8c1e013488d70ae8a2c3cf8eca45ce6b635d3e3a0ceeb2
SHA512498a52cd9285ec130c561771b387ecd4437a2c336bb61050d92a8894dc5943f7e285a735926baf9138847acfa28e44b627cf50220e181cef89b1e4a82699cc2a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5494328388138a80bb0f883d025e9ee10
SHA18f1761c49b22e1ed5415fc2ac8a2ce9b60f42803
SHA256c08ac6c27a534ac39a3d5a30f52f19b23018d4d12187cce3d5030747da34a7fa
SHA512407659ac1a749e6a5e86603a0ac31889cc5afc17622c08c2f0ab7662f059f8cee7e6d54985e3d5ffe2bed97136527a22614fae2b804aff0a3755ef6c90fc0e75
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5f616bf0f81c01c97b60125ed78057bb4
SHA14ccbac5bda192bc660281e2fefadbcb30465a542
SHA2567c0e843e50b9463f830ba1cacc5d8131b6ace5a589a26f728e891aebb5d78117
SHA5121dd9356c2b54c53465013b1a7d30bd8813c5efb568c32d30af64f484b2d433e0296027824d29cecdadf5dc1e47c974279c6eb7157927107ea3680594d3833719
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD593c5decbc30c84756bfc3ba6791e6dc1
SHA1b916f2867b2ae43d7995575bb7cafd1c5d73f677
SHA256e945b4d5927331f6f9bd73510596a0845c1f80be840fb9021fce3ab01dce2f5b
SHA5129d4ab5b906005715ab17abc3171aeb744db97673f60ec78e33f889ef4b122d361179c5d2c253874db15f7c78303be735f0c18d10eb97f4448fb86f60478115c2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5ab2dcc37fe7424007756ed99b963a124
SHA1a98956749819d4f7c36976b0526cd093b2a88a0e
SHA256aaf0dfd408c5505faa00873e7d33a4a6cb2b3f32a27ec2245312f22025383cef
SHA5129aeb76f97a9148c0b725bf3bf14c2fca5c57e0722e47c935d350abcae242c1b79f984e322c61944d5eb42f6cc2ee2e48b94f1f0b651d0acde74403e41d104e2d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD51d3b7544ac42b00316e6ee42b4bbebbe
SHA1fcbe6be030bf80af7ed16fecbb647ffd9e7340aa
SHA256c8a0e5fab9ef118f5ca9e8d07ac31bb78c52b673b149f0d6c8d0b9c0fb860155
SHA512e32edbf71bce6633929ac27d7577b5a77b95936c26efbeab9f23cf25f9d9bc13d7999726e9ce0bf944c6700a02ba4deb9f3829ac9c0e8e2576ea3cbfdf37e3df
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD51fc72f0d9352377c911d18a5de418dcb
SHA11ef59d00ea7d49d8dde1828e43f55ff311a8e2aa
SHA2562c6aa482aea7a8360d016815bea73d2440b219f1dba305657b2fbab36d965787
SHA5129ce02950c5de83f5e157c52b49f0c382cf17ea38e965a8ab4e26f1afda8712f62db61dc99d09f304e7d0390ef706c7a5d5579b758b31bca018dc6719d7e2dac8
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5978ae2f96130c2df948843d136e55ea4
SHA1a3cb18432500bcaaf326dadda6e558f070a22b3c
SHA256cd19d77c6e92575eaeb1a829acc14f36477615cefdec5a860c8e0a0b71ff5637
SHA51215f03002155f9e50459f1d4f9e66b3b561c915da899a95fedeebf54b748b2401ee77b8ba0fcb7185402956fbea286fba741d144858f53f8180fbbfd695014406
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD50e4fce14d9cb7b71369a4a3a6fb296e3
SHA1b212b77e4ec51c6c541c1ae0fbb36e572ecc2225
SHA2566c0311f83768b8f5238a126a82c3af2dc35d3fa31d6753f1aca496cf0a985bda
SHA512284332b5e3a3b4a1ee2074b76a16decf047725645ecc6c03c4817623728fbe9472bbe493b8dbcc2758809428796f0a4f37b587dba686915ce2419863497ddb8b
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5151742ff9354d321b9ad0ed845b91c5f
SHA1ddadd739beab70d81b357205cc2795158ac335f3
SHA2568e5dd3afc21295014ad4aa307ba65ea81538c516bb973dd81687c8fa29e2af98
SHA512baaf52be6411a00652bb86962dcc705ebb1b1a1f20a8b21964b69d811a29134f811f8be3a2b4916698900de142e749b2a20e9f634dc5c34e7dda967c7bfbf5b0
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD55508ebc2d0cf46b7549df20e7228a33f
SHA1fe7cabb50ab14c97c35a72f07a5a6da3a4e43eab
SHA256553b85dfc8d765aca0e39f2c257853ce67255c02399d221d409b3c40efae29d2
SHA512e4d9d42dc9e6dc8c87604a6a1a6e7aa0e9f1e083fa39f0e506c0984fd77eec963932edc099d2ddc0caed81eb963c93b7f6c09aaf27e3c3e7eac0e0d9873cfdae