Analysis
-
max time kernel
93s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 00:12
Behavioral task
behavioral1
Sample
27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
-
Size
22KB
-
MD5
27891e270e832de9e84d9907c9d2a884
-
SHA1
ae3449f10e0072b4c92f137ff9bc55e5aa1c38ec
-
SHA256
f9bc5fb2c173d461e77d3f46914cb4c8c99d679e08023f7a9cfb4ad246f8391d
-
SHA512
53d1464ecc9da927231865131fbd5d5becec37027d5a1cd0faa8a4f7d2014d41f756d97a067bbd5ae67daa04c55b8b406e1d968f94f96c6334150ec96694c55e
-
SSDEEP
384:Pprr1gkDCgSBoCqgU7fffTffsxajTdZzuXJe1DAB:prVDCRol7fffTffRZzul
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
resource yara_rule behavioral2/memory/4480-6674-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-6673-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-10895-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-11019-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-11334-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-11339-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/4480-11340-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ConfigCI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\iSCSI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/4480-0-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-6674-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-6673-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-10895-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-11019-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-11334-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-11339-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/4480-11340-0x0000000000400000-0x0000000000412000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCacheMini.scale-125.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-256.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\THMBNAIL.PNG 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\en-US_female_TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlOuterCircle.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogo.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\170.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-black_scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_scale-200.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\12.jpg 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-40_altform-unplated.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-250.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover_2x.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\CHANGELOG.md 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80_altform-unplated_contrast-white.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-150.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations_retina.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateHorizontally.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\dropdownarrow_16x16x32.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-150.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-125.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-100.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100_contrast-white.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-unplated_contrast-black.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextDark.scale-125.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Preview.scale-200_layoutdir-RTL.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ScheduledJob.Resources\v4.0_3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-pinyinds-datafiles_31bf3856ad364e35_10.0.19041.1_none_9a7ff9e9b348955e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-util.resources_31bf3856ad364e35_10.0.19041.1_es-es_89f44d2771099047\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msident_31bf3856ad364e35_10.0.19041.1_none_ce1646fdec13617d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.runtime.remoting.resources_b77a5c561934e089_10.0.19041.1_fr-fr_650d9f762be49878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\X_80.contrast-black.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wallet-winrt_31bf3856ad364e35_10.0.19041.264_none_a93c33a11646a55e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_smdiagnostics.resources_b77a5c561934e089_4.0.15805.0_ja-jp_b336bbf703480638\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_10.0.19041.1_none_2df757bfd4a60d16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_10.0.19041.1_none_fa677b094812b494\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_3107742db9250aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fee9bf57d9c96eec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-l..ker-winrt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e7cc14af5d8ef8e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\checkeredBackground.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_en-us_929eb5cc557f5194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_ff9103826a415cf2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.19041.1_none_540191f5bdbc78d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..workstation-license_31bf3856ad364e35_10.0.19041.1266_none_da3d84acc0ea10ee\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.19041.1_es-es_dfc90b585645348a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.964_none_a302f6630325804a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.Resources\3.5.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_411a61445fd08261\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_uiautomationtypes.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_e2e8e2f4ec771c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.906_none_fdc08f109ca1a22d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-acproxy.resources_31bf3856ad364e35_10.0.19041.1_it-it_ba1e797e5556ad27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-audio-mediacontrol_31bf3856ad364e35_10.0.19041.746_none_acc8373e80c80cf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7336f569fdc72dd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_76740e3372063c3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbd42ccfce385e2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-edgecontent_31bf3856ad364e35_10.0.19041.1266_none_b4f47dfa8b363f0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ces-rdpdr.resources_31bf3856ad364e35_10.0.19041.1_es-es_a614526647685ede\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..essionmsg.resources_31bf3856ad364e35_10.0.19041.1_en-us_8a162afbf45a66f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devicemanagement-iri_31bf3856ad364e35_10.0.19041.546_none_be7a56c8204dda0e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.powershel..er.events.resources_31bf3856ad364e35_10.0.19041.1_es-es_f32e17b1bd4f39af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netelx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_196b5dadc5c810b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-packager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4822e6225d7e0f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.546_zh-tw_44008cdf4a0d575e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.488_none_3adbc9ee201aa4b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_sysglobl.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_ec0ab30e87661d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wvmic_heartbeat.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_424dd759b4db1c81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_bthprint.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_905ec89a36f6299a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..riseresourcemanager_31bf3856ad364e35_10.0.19041.153_none_181648432283054a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-autoplay.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7b5add25891e2bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-lowlevel-winrt_31bf3856ad364e35_10.0.19041.264_none_0852b5eb9c988a9d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_d30a83ff81d13ba6\logo.contrast-white_scale-80.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-white_scale-125.png 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7584c778e48f4a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_rdcameradriver.inf_31bf3856ad364e35_10.0.19041.746_none_25214790308f8b98\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_762227ad15c6779f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a9890698cc135fb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-dll_31bf3856ad364e35_10.0.19041.868_none_e5be9917549f5620\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-workflow_31bf3856ad364e35_10.0.19041.789_none_ce592e31c7a217a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_10.0.19041.746_none_0dfdcdbd4d7b1f72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.tpm.commands.resources_31bf3856ad364e35_10.0.19041.1_es-es_1f06e5522ba30f6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ngservice.resources_31bf3856ad364e35_10.0.19041.1151_en-us_8bea4e0b86020402\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_39a4d63e07cea862\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_it-it_0b97db13d1e83aa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RedistList\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..xperfcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc672a9e5cedd227\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..utilities.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_dbde578a62d9abbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\401-4.htm 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershell.security.activities_31bf3856ad364e35_10.0.19041.1_none_765fe4302f458df7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ne-dsacls.resources_31bf3856ad364e35_10.0.19041.1_en-us_956b31e23edcfb63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe" 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1R4S5JZR5ENj55n.exe,0" 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open\command 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\shell\open 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HMGPJEUOUYBGJAM" 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\ = "CRYPTED!" 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HMGPJEUOUYBGJAM\DefaultIcon 27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\27891e270e832de9e84d9907c9d2a884_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD58cce18efd1b28a8ff4e3b095e87acc1d
SHA1798dea3033673ffa5a04cd40f9e924af5a4074f4
SHA256a4d279afe87da3f21d5095c2c9fde422d46edc56589aaa9021f5dec3b2da0c07
SHA51293aad4f96fc629de2dbd825980d42b1685007193571e3d9c150188e7b93267262f28655b6bbb12fd3d270b901a6786a403a3aa8dd7d8d5d4a82ce12058a0f68c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5bf7986f9cb850d90e880ee9ea77bc355
SHA1a667fce88d72475c93915f217aad9b1555265c86
SHA256513b6ae7a1fe88006e050811a4c5c1528b1ce17ba36a205dba5a0d34f6032513
SHA512792ccc47ad3b35c66b96b4b17e675ac24dea8e00a9011ebff44ded0524fb2b100ebc8e040e55767f28f0661f68c60b40e90504f783afb2679c0a6153e61c6c06
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD565f329b0285a25dac1e0a199ec541470
SHA16c1ce4af3b878fa8b0234c22a11a7ee2f944154b
SHA25610c3ea9417d257a46feae50ff68be6cd687f4d9b17ac3ddf021880800fa8c161
SHA5122c35c257cb7f087738668be543bf4392ac6c02282f4d0b46bc7b8e52039befb5443a2393a4d887a89d3cec6ce09c2b2b2641d0ab0f8cb2df2c43949038124635
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD58727f723d73aeaf1cf2e140a51f33e60
SHA191ce6203462976e6558af097f4a49e5c8bf3e66e
SHA2562f9e1214d769e2a329e12bc23dfba2934248087194e12ceced826a1383d46b57
SHA51298a22265b56be61ab5b69cc3f15de1a7014f9263a7deb81de4da0e515b693ccfa57a8101491bac6fc7fe839f9ed292d1704df0bc96707ac36098225065b6d708
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD58ce577c9a3e7f65beda148a8a0f0e109
SHA14142ee22a4fb66ce65eecc927bcbb825c77c1833
SHA2566eb368fa9402339296efec2947fa8c775fe2c90f23bcf783db4ff3e427a4e9ac
SHA512045ae294fac6c8131ca28046ec5960cf04cfefc6cfc64d375d56c9257c3cb515496bc2e16b349b8ce9dd32d5fc1d87bd8859c96b96a7a5efa87d60ffb919eefc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD55bee46aaddf48f54fcf63b1270e35ada
SHA152819113038ebe1e698d0b1f767415cd73fb6ef1
SHA2562efe89d56db8871e3ba2a5fb8a1e4820e700a67c8ca444819fa99b831bf1222f
SHA512851c1c64d4c8b68e192d34ac2d1b9025d677658678202537f9603eca007627b7279be47ab9bb975b4d56c11b7bdaa71d6558b447121328c704fd77a94fe2d880
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5f2ac8a1f181f5a4ff851e26ef2eca77a
SHA1f99581615187c336d3a83519af284fc051e1f646
SHA2563cd407ddb01b8d373d6cccb53ae64533014c5f0f59cfc065377fa196c2a5f903
SHA5126b5e2edaeec0efff4612db605f78e1d0f2d882eb1fef1626416d5d86eecfa0418124b4967c4e02fbba132987e54ac3377cff5d68b37ba587182b4a300682821e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD56c7f88697efe627057ae8faa44cdb684
SHA1764b80b521d2b1d674de6d0ee84447af1879c0b3
SHA2564ca5ee835c912c9289ef87fb4bf5429a1a9177ec23c6f5ea278be53e1a157421
SHA51273595834357e4cfcf9b9c4226767b1de40b24911c7f98003738e1236c7e5897a9efd4a11a2eecf1b8c295d9e6d440df482ebac376c2082d1a1398610485fc122
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5c40c4e767abd4ca87da9873834f47786
SHA1697c18780b12930bea577e6f036ae4da5b6d6c48
SHA256db190b9f1ae9db01a888505ad0fdd26cf2c513957f5d1b5f162d86f6f1f8c262
SHA5129970ffe6429ad914f29a864f390ae2a741857ee9d518be17e0c3bdf1ae13c8fee232cf7f81577ef1b2e4ef7f0e44d251810353a9c3511c73d8102bf930cb46ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD596582f2e6ecc551457414fd48bef2ce3
SHA1213941da8fb89fd6a6a0561f5d3f4cad25cca43d
SHA2561242494a4841c71abaea2232bb05fe16396dfd4720dc557e698d6e50e4a7c12d
SHA512303811da582e8dabe706e6f5cee0d7b7e13388b7adcb8e3ae15c4ff5f60563c1660f930798e48f71974b12ee12f5cfcb3f027c0cc9542a8edd48fb9c69f2f577
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD51415ddcfa84c96b1c30f373b7eb745b9
SHA198a0ab99bc94294d803fa6ad0b98d7ec3c18267d
SHA2568042878cfbb3d9607189864021f550f00edaf23505a04181b5a458a9a2958e8d
SHA512e14b83a23aa83b0006ccae5679f0c8b1c369f5e1cc5a7fda18d985fbd4e01d7ba9333facb08e669e36007ed8eaf85583ba039c1910e796441ef2b385bd91874b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD51a69f04718a693dbbb20d4476b1e9565
SHA188a10f2e8dc55cfe8aa915e896b761c5cd4f125c
SHA256b809a6ef176eab90eb4c13d6c590cc43115f3e0654118dd3e3700ba20447b7b0
SHA5120b0425219e57c70a6e5a91fd55f3dc7e52ecb8d30e2421469b660e72ec3b79127c68e637a2d69ddf3270a6bf5222eb2355dd9bf73d9283939e0408f52c718e48
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5d35296694f5827cfefc44202dd27d31d
SHA1b2ee80376bfb4e3aa86b24427afa5d48d6dc870e
SHA256f6587dbba2ac8a7129f173b66a67e7e370df8a4396fd785b9172a8f341e5397e
SHA512cd8fad88f76391ec0b4cf3839c427d93f65a2f725e6809d8e441d23c6b122a058838c03f67d379aa924b0a0950bd9b047f622f521c7d180e223443c30a006566
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5ef6f9e5cd1878b12e9fc684f3e826d1b
SHA1f8b6d929cb71c67487b75f2c16bc7fb2227305c6
SHA256a88a5a24176cbb0fdef981435725ed05e02b213ba774c02a0ab2067ceb889101
SHA512f2ec3683e9fa447720b3800d256bb09f27bf2fee17b97d53ef14d3863b3290ea6f606523bc9eae685df1fe52e665da6c2d6d17f8d4e00c3205ea97f4bebaa5eb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD55d477b7ba7cb8ce15a76d5a38690ce5d
SHA1f6d06f5dd62013b11b9281d69e1f66e299ee0ca0
SHA25645a714b3af7960a70eae8f62fd36370f3eff578a622d0db50305c38e5c9b1804
SHA512cbe83b997db580ee809b1026b3f094916d8e84d2cfab66f0ae31eaf9ccbb4db175a785baff2d2fc39d6c48daed65ed329282998745f29e3806a09d35465e1894
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD53b341b071d6802472d6a579e65fb48b5
SHA12df6ddf7247543bf0f1eb8b0fd66977732599c87
SHA256e566ffcc354d18eccfacd972b839628e12822a7dc46db68eccb1bc1cf5e9a447
SHA5128153d7b71ccf6fc8b6b75ce04ef497b3d9cb9314ee36cda57aae7bb09a8e62c8ff67bb0073d15705c45dfa9d9b3476e9ef9be5e462495a862e46df62bc6e64d3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5838b0a99d633f040743c4cf94625db21
SHA11ac7f35a303f342b214565eea8bf3e6c0e7b5d02
SHA2569caed57c93ce205c27cbdbcb5245aa2812bac4fcee92a9135831f59b3540e568
SHA512dcd6061771d1027cbb1e725b71a0725dc881ac4791e06b7f8a37296d29ee902ead71d8aa3494feb596ab6be98ff87deb351d3d13c192c34b84c9974f3dc1f8da
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD50e51b8dae9ae465bba85be0782d94853
SHA1782ad3e0c3cfcedaae32c86ba6d8cd81fcb79bf2
SHA256f558319f9b093f8a98f84bd9e7af36b1d8287791fb441b582414c6ceb3e213fe
SHA512534fc198638d2a084420ed5413ec1298fd505f3cb384b88efff3aa6b24fd859abfd32b483b96c180bcbd2a8a96709829ff49079b7b7904789b4539670abdb47c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5e66d0e9e2cf6b3a1e18b14ecbf59cf46
SHA1e91062dd0a0f2f5f9c14dd82a6292286d3a08e5e
SHA2565f12b3871c416321c8583dcc09132d577abd7997d065fba212b87ecd91d62358
SHA51246b279b2c9c105e147c38e145f37446f52e19b8ad71424e402c33eaecdf12b062e7dd6482bcd0690c4149e8d89b5ce716f97f66e82d9394acbdfd1ee95bc1db7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5b063ee078b573426de7b2e489697a641
SHA1b611fe240e27f6fa671a5d1e9b6be8a8d5444122
SHA256e6ff0bf2899ddd997f3b6637af21d1deda519f721ccb93455d9082ec12e449ec
SHA512a06a45a42b30a3ab9f6e553b9d3011b66e5d9f7267467881536cafb37ffe8b2c8fff9d4755e16a43e761133b2437c1c84128bc74b7166d2744f127be8fab9e65
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5af5a0bec2285a42957b756856bdac1f6
SHA1a7e78b249b1da7f50b170d4857312ea0380fb755
SHA256e8f3bd163e5d19f374d11be0188a832480a3d53d572c7e0e4be5ab168360fe00
SHA5129d6ac112dc5337e6d6c19d0c6ea338154cb2cf24b1eeb39590c3e01fda114db378e14d54de95c498c5c1ab4bd82aea6043c0fbac139cf3b611dd9499641fd204
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5e85f8bb08a6d84179014d956c0d01cdd
SHA133519627c30f70ccf609cafea10165fc8bb5e304
SHA2569d493da4d997aa8dc7976607c54a13e682ef35a33d8c504b13c272bfc8d40c50
SHA51298031897526c05a3caf506dddf352b453e14a07b2fb22d36bc4e3ce490d917c08a501bf5088a479d73456d30a3fcf3727f2eacfa107539deb7c9be9ea38945a5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5a00bf2d83dc99616984abc526c3321ce
SHA1a72eb576e25df29cf686604893a12130db5ee358
SHA25668bfaaa9794cd7db7226218d8f55908d493796b6a5414d184ddf5cbfba91fcbe
SHA512aa9d1f4be88dc53f66cb395af8d961a6a02cbec752e0212e41adafd497edfc4fdc1398392ebb77affa5ac846e50453a1c790374ee5ec2ca702949af4b696e2bc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5822fc489a39b91f9841d1404b847a95b
SHA157b178eff11472636444fe4250e93b01f1792fd2
SHA256a9730b30cea46fa8b83a76941234ffae08a0f59f18d295b29a7a38013c4ada46
SHA512378f20e140bd874a4c4f266510ff359269ec60e0a13f6e6f9638ef7f8176aaac383c57bd765bf7e65c0b5a226c478bfc70a04c75f435ddbb4885615545c30a71
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png.EnCiPhErEd
Filesize2KB
MD57b255ed8b1d274ae32bc8050d09da620
SHA1bc577ae8261396d1f79814529930995e629dbfcc
SHA2568865bdb85691e22b758588041a54fc739c33a950152087b819ea8513c973a38a
SHA51290402c2afd6fc1abb4d3bbaa129f92744c048f2b49a0b56390fa8e4c26b499420d77e9edfbdad6501d96c4bb619161a6ae92d563aead07695cc1762399e14e4e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5b4385b62a1961db26e58237fd0a597ae
SHA195a313ebf2a9d1009dd6414c477f68b735aa3989
SHA256c08b6c922238d82530218ce71d40b79ff68fb98987d2659dc4c45d4ac2c774b2
SHA512d071c253f884150e8b9dd6466f0b6e353c109e15db221f13ad6f39ff32664a4fd97daf48ca28281dca36b848d09898ef3e5ff8c9cfde5607b19fc1172ba967ce
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD505eeb0cb0efd7f4a144d44f695f6f64e
SHA145ec39973f6656aef29401f1dcccf5535af65406
SHA25696bfb5090354ebd47af7699fc564103f4d884999d137f5ae79ed14aeda9be7c7
SHA512e27b6f81451c354e12a67412769aa72c9f6b0cb20956898db194167694179f82e90b0410873d24f03fc2c74ac15efb15c66084b887799fe6deacf8c3ac825296
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD58b87613db8b09854c3d8170c14741cf0
SHA1759bb6f3c99865624b8d53d556702e79e98d7bbb
SHA256cd536d7e7147d883a4deda46873ad02c7f67b2c5a82981c7c169d78dbff83cef
SHA512e6be422fa157ab18f2dd1f0f1721f061aebb9b1d35b1eb10e17a5b69a6b47535d78613d24e95c30b6f70f112ddd1285c314aaeeedcc86e0a176eacc4f1656f20
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD55c686077115869350c79032e8cd1f35d
SHA18ce3a7dbce93369faa641f43cbd1dfcc815651db
SHA256a86e6363d8657dcce753022b69956ccef586d447472d06df83a9821269658757
SHA512f028dfaba2997196da2814360bd519b0fb00e2c4e0fc70a0ae0ae99bedf242c4c7c7327157baef86ca55b1543f051ad1ca8d2073fd309a9a26d64c6b9bd15900
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5c66309aeca1dd941a1fcaf8c5364c3ea
SHA178d462faa9d66cade8eb6601f09d7fbf05e06f70
SHA256d00bccfa8fa6d71d58dfefe5f79fa274d267bc3c43a1dd186bb9cb67e2fb5d56
SHA5126f3d88f82ae2c031e1117aa5e877925938d929f8a7c3bbde15009bd0e6b183acfc5a46af539fb28f65c1f22fc6438993f8c21b34b5b2d6a46e82604548fcf59d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5afc08499260ad28eba30d86c1b315960
SHA1caf72abdf5d69e5f2abfbb842a162c83a20e45a5
SHA2565b6bc194f64e9a1da6e10a9b92800202abc14536f680054195260a72e21973d6
SHA5120d14a56ecf30a5e23d1c68ffe6e3a181d9f6cca48fa3004370fe8b233006df20e19f0952ff1bd952e718eda464d679bcac9ab8981c1a5d2ba75b29b641c9e3cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5536ac59c7df18704226b4129134c66dd
SHA17c430c6ceea8809b45934b4b5ff0bb599759ea28
SHA256891921808de93038fc955ab23616e064ed2369f6f15341ea8b7acd2fa16099a2
SHA512371f2e4cdb051f2fe32935d186dde4da97350eefc26063821cd9ed9e3c6104fcab2fd25d616eda89df2b72cc08d1b1ddca98ff5d7373bb441a6e2bd062832995
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5a0e1b8bed2a1a1e5baf45c80ead5ad13
SHA1580aba3effd081a0429105287b035a2be70ee734
SHA256afc3fc99630d09199313f5dc5117cb32bd74dcc114fbfcb5b8c9982e97b314b7
SHA512c03a18ea581c1e500d58a1b849dd12027810334eda98e8acb6bbf2ef69137d5863ece26d77287bc274e16a8ea4927b318d37072951fd4dfde4ec2a9302e68697
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5c89591ca771c22a252719c1086be6191
SHA152ce26bf3515f531bf1ed79bbf901cd1d9b322be
SHA256c68cc2116a03b55afacd657173427e82f581313359fec6717398aed7e1813b11
SHA512c551270311907b301630b8ec01b9f61405ed4b27576bc9ee66d48c5ca753c1451e6ec6a5984f6f2f966ccb1a6f198f1027f2c629b1ace9827df384b670807207
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD55ceaf1b614e504460fd5289067960c4f
SHA1fa3cd31eb6f1aa8b360f24207d6551188008139f
SHA25647e9ff82964477a1474a2b6e4ecda8f02270e95d0da67d586ec14c5a2488583f
SHA512e65cd526c0e41ca3f2eb5694feb7a509ad4e30a1c107e76a436914b91d443f8a9c51327372cbd74cf146c4ac12a5bf3e794b783161cbbde372424b9c2540971e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD533cc1c718ac2717fa2967e5c625f4afa
SHA1d7f448917c44c36a1de91adc81b63b2187b5f579
SHA256907c0adc8d3fa4abbfa7b161b0d59f417b69cc38c151d94c5a4808a1901a0fa7
SHA5127123b19f68a96aec42740af952db6a488e0ff7173d996bd60310a3034f1a0aeff62d7b00ad6b3882043ab11cc0610c27e4425f384fe10afcec8bfcb6a38d0dab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5fb493c5096a5af2f6f18acb567327c3e
SHA13360f0c4f7f43a3f8a3b2ce853935984e1b49e2c
SHA2561daedb1e0916830b5d0ed1189aa859a0a23c50b5dbf4ed3eac3b56f80f59f64e
SHA512aacef952d60c9c11e68eb975c79a6df94b75dfccf40ae44727a36af7bfcb228118a54cb3de27bbadf809803b025a2515a46b1109e13591523d0947ee19750162
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5352542e4dcc1d065946425cd1f0b80bd
SHA135d5c9795644ae855377648e39c45fb0d9af7a01
SHA256de20c96ae9b23710a2a1b1c6ff3a978421fdc47dfea7475852c67e8519e1c8d2
SHA5122264650519a78195260f78307960e1e404b1c5d6eaff0fed13db3b80f8ad7036dabc9232ffcacdc5ebf20024781d39c555abcfb8a3918df4d264114719a4012d
-
Filesize
282B
MD55e53ad1ea6f1c6f8aed776f4bf09b8be
SHA1395f19bb695e34a402d457b6a6077d242864c7c9
SHA256c19ac6a621d65d1cb6dbfea18cec718191dd5dd06958b775c345c6ce08284bb0
SHA5128b685dc9f58bd37a67ed9333711093ec2013a856014f70e7fb1fe7e7a8424b624045564f5b2a9bf4e2f6b5b04dc2a87ab1fbd7b195508ce08b79e3ddda534bae
-
Filesize
153B
MD56d7fc0a320b3e124a67b8e30a370af67
SHA1495aef024b6350b3ad91934b39752ca82b079d26
SHA2568c39d217ba0f6f3306aad51df98bdd0010c118f4124af16c711a9efd66002a74
SHA5125e0e18926edf2addeecae6ab9b57952c63d760b6edc6591276c340f50ecf9da4f0dc753114aa72b13680f31c3a050cc9e3d057f71139b22b49a22b1f085dafe9
-
Filesize
190B
MD5a6e933c54fe473d169c0723ba305a40e
SHA13fbfdc9e0da3f0d24d6ade2376196f08bc4073c3
SHA256aca4f567783b81b9ed9d3243840f40bfc6e8b7edc39f8d11f77777981dcfdd96
SHA512f0112010afd8770cd6ffb8dc82224f97408c24ac5efec6c4e55ab1d8bf4703ea77b45599b85f069780b759bca9d849e8c5521baa426287cd2153afea2f06a17b
-
Filesize
190B
MD5e6067d747defdf3c8aea052116324302
SHA147dea831ae16611ba4f5aa3041d8df8608c7d1c4
SHA256069d3f38b715c6544810559be4cc9990fe6c6ced5e97a47a389ae78d0838f9a8
SHA512bb0c903b9e7ab4a599622dd3aed894db415f9bafb4edd5dcc92634c6ba13edf96bd2f105c22ebc5c3d77797885239bec51a1df1297aff5656b9ccb04ebc83921
-
Filesize
1KB
MD51af9e327f61f20d85654102d37e844fc
SHA15404c9b3a0097ec01dc844f3372d3d0fec402248
SHA256801b075b6ea467a28e3bfc2e34126f3a5306a8f2a11510f22200ec017c4424b0
SHA5126f6405cc3c538b8b957d26fde09474c6b41a21f5f2b955224699e762dea95e1666678d56eabcafaaae651f0ff8d1eac39045aa8fab754d10d2aecf8d79805af2
-
Filesize
31KB
MD56d603ffbae4299b2ceb7c7aed3507a12
SHA1ccd5fa65446426ff7e4ae5b9f271ae9e6b03f1ba
SHA2565b5e0e3eadc4fec8c5520b0d6ed2056410bb927bae6eeb4d4aa2d406a711fed3
SHA512e5c030f7241a59c707ff6721a668b7fa475b40be6116c1c170d23e61f291b5a9221e8aa9b79b7084dd4c3d851e95741155a7cf4998e8189b72e7ddfd77c9632c
-
Filesize
34KB
MD56b7602118cc9bc9dcad313c51869ec63
SHA1e2ccdfe37f685db1b29a3c7a139919647399fe0a
SHA2565e0472b6fb51933b9eee240dea3376a0247e67a637535c5e4715fb38264c9d42
SHA512f5f3e3b89ae0ee42c628db54bc4cd297d018791140a3f6c0a38f2e393d3bc0c544ddef9cc3aca5a0832ab81afa4895d4bde1a6c6876e23529132047e96a866bb
-
Filesize
23KB
MD55c834911164b908b168623cb3076a42a
SHA17e2e4bded4d1c0af02c4c6167c0bc3c607105b3b
SHA256154c64668c2bb6e6d0daf9213fd68222336d9ccf21086a8129ebd7ac6d6247c3
SHA512d5af8fba3d6da9a1e4536f7996b553c03ad51450389576b969ef128761b1b4ffa063bcef3dc93cdc5662b2e9d7414fcdbe7ed1e1d5ba34b29b0758c73609c29f
-
Filesize
2KB
MD50a26407532c3ce3c2dff65f2414d7131
SHA17f60873260451d3f23f16d72a6665c087a30cea2
SHA2565316d6ddf15d7617aa4e627615ea649bc3e3c4451348b674f710c4f08cae0ef0
SHA512b34439b105a7759f0251113ba922b2664bb036aded8c0e4c9718be5ba817844e5cf63ff5ade67275207ab207e75194fb2b848a755f0a19a7f7b0106b75ba0675
-
Filesize
1KB
MD5b852a74f51c7bbe9c2a1feb9bf5b817e
SHA18d870c8d79ab3b79f686d0290fdb2c3a5a45d290
SHA256677a4cebf0ec4ae4e2b14a318272a649fcc899b01889f790d5f090fabcf0e693
SHA512c1da52e7d7a69665cd328513b50b6cc2be9d41649d42cf874d5420c40a6071aae91e6de625767c1d68078e8d2a426f6dec4fcbc467ae3d4d6a5fc06b83821f9f
-
Filesize
3KB
MD5f31c7727d30a2a6687ebd23dca3b3d89
SHA17c16045cfa4d854bb6efd8cd12a12d3f90f89b98
SHA2565ea381715200f0d8397033d2b9725b973b8d54b8db4b20cc5841f607bd9265cf
SHA512594ae97d5bd33b3b4a0b48e7ccf544a649e2da48025510c4f9f155bcaef6eb7d9ed3867fae5ec2f80f2a794bedbcf9406587994c7f1c3b68091a61dbf9cf23f8
-
Filesize
2KB
MD54f826313f3546212282cc2f29565e519
SHA1baece1dbc1383f3c7818c61679d9f93f6337c525
SHA256cb19c70e071c7e311af5783f6432cd7043a6eda0f07fef79081ee1b2d06d2a0c
SHA512fe5ed3764073864f7d3cf760510e4f6061dd909a70fa1b89659d7d43d3975c10e45b211dfd858e4920cd1e25102bee77fb06dd6e3d01db266bc265ed973977ea
-
Filesize
5KB
MD56f79833922905a6b664e6264163b8a3f
SHA1a7dac3fc3e829701d16b4c4801be18bb188aa598
SHA2564298c650a0f5fea0269393e33fdea2c18b125b76ec2374ac6f0ee14bf5da17cd
SHA51288dc97e7f42e4c08a58a33b5f8ddb1b32f3fc7508dee29afc44a528402f6ab370c236130bf98a26ebdb72e389e89b795f346b970f2f7d3c6de36ecb822979cd5
-
Filesize
17KB
MD54004e4c50183c1b2094c5f424a62e4b5
SHA1d928a7aef92b6fb6e2ff993aba484bbabc6b3a4d
SHA256a4f66e1b07aa17a6813556fa25688e2122fee89af4aff92dba23db61c06f2cad
SHA5129714b851c5ca577a15f3ababfa46ceaae84f59b05bd76ab7e4ab657881a085e3152b233b549afd806973d454f48a295289d37a995361e18f49b8579c5604b314
-
Filesize
320KB
MD59c29ebb889b32e1af2ff17cac85cc74e
SHA1a4b8523dbf0aef12c7d2de602c97a887a0a34b3a
SHA2569c1b45e8640cc8c3a218ec85dcf21fc81156f088e1d6fb15dabaaed97f04e368
SHA512457c8e8106e10ab962f5f43bad229e234bf005ba03e3805e2f12de4f64ef370bd9301c0a421a1db56606d8a0aab22836e17f436a18106d5de1b636fde4a0281c
-
Filesize
1KB
MD5d2a7166452e1006d722271c73312c5cf
SHA1e9dfa26e5dedfaa626235d67d33900b5ec48b76a
SHA2566f464fb51392b8a29f86043bb557e25a2e562b439efb9b76f1b2ff57a289f4d5
SHA512389a2fc8700b8491c181820e7364e4a353eff99acfb29440b0af6f83422707f98c8d89c6e3e953f071a96013856cae5a6f71113031edd21b3d1b5e86b5397d5b
-
Filesize
10KB
MD5a587e2112ffe6df49354bc789eef751f
SHA11ff8b85665079977f4e66ee060f1555d4ba5ebb1
SHA25610d55cbcaa8c5d3944fea74ada6512b716a4e4aaba0a0aa3489ce06a32c1e295
SHA512a794139badedfd2eeedc9aa1e7476adf62cd60c259b2c3a546e521c3e53b11b9ad68bce5337ee46fefc4d297b053105c1089881dd7ca49de7c623db63370b6be
-
Filesize
3KB
MD5ae9823b07c3bcce20cf44a79216745ce
SHA1a6893528dcc5e826aed1293b6bbd187cc936777a
SHA256efe587c7d676dcaef1db10145235816e6cc6e3b42a4988641177d42e347ddbba
SHA5123743a1a9ce0977feb48946cb8b579813b2f0a10b83b555e1a72edce27e848fa2fce3e8de23a8c7b92edbcf27141e344b93631b30a7df8a25ff7336d88a281da0
-
Filesize
162B
MD59269e57b3214faaa30bbd88484703522
SHA1618977ed6d36407888c8b141408aec98540a0a71
SHA2560e5662fd95a056f73063cda600d3824a5dc723bb9d8de9593228932c7f0d0563
SHA51256fd775a3b669e093f707af2e700344179f468d8c5f27ca038de4ca271f4721eb4c4cff3019a00361b4ec24bcb72c5e341cabfbfab917e1f198c58ebdf930d7c
-
Filesize
1KB
MD5bd2510bfa000315ebd6554e51400af1f
SHA10ad399dde4506ec681881f6fbb0b86dfbd8882ce
SHA256ae014448aa6fa4c79148ca67136e4bebf79f3000979133d68b35a25492e41793
SHA512593c5e471fb0aed55e924dccd58202faf90565435248828cb00483570d66ffc1cbef086ff3cdb338efe7ad4b3771ea5acaebc932704885e12d0963ffe8d1c4b3
-
Filesize
3KB
MD5bd17583fab94445cc25c8971fcce1218
SHA138c3266de0d55e61a20b36bbd24e7b260d7d41be
SHA256cb1865a0b859fcc2fc36d0b0f365eca807f4566aff0a464493acd000156721eb
SHA5121f946c40e95ce08427816cd9b385f056fefa8adb969455d6882a7613a33285f90762e695446c14503f8a9df3baddcbb3a10302b0996a4c37f3fa02e076ed4c15
-
Filesize
1KB
MD5bca549395ad70603fbbe07dac81491d4
SHA105e2666c9d51a091243302e9fd875ba998dc722d
SHA256bd427060074de5c7e0f33eb77ca280be6eb38f833adb9f5d16bbc62e6b1b19c5
SHA5123ef89f1d64099a9ef086496c596f427149cb49f7f4fd2b4556281b223390316b8143e87f5633c35c78b57de9adddfa73f719dd46c98579d2b0ada0c34f2bab9c
-
Filesize
28KB
MD572870b9a2bc84a62dcc44f1ce95ffd01
SHA15fbaf29c7c6e73cb139045aa47773353a8e1cbf5
SHA2565ffdacea6d6d95a9adeb29137b094f450b387fc1bd261936165cdd947026d3ba
SHA512c66de6983c4fc31594f0f73bc05fae7f6035b6dac63ff02480203b59173190d7ce6dcd9d0d6b2b5e217df35a6b15f034d8a85818b10b90c099a235764ce74dcf
-
Filesize
2KB
MD5858000d351909b14e3a159ff55202943
SHA102239ec47ba75c354f9c7939732a3ae9257bd3df
SHA2563b36ddfa7bcb5364f7678a07f334ccdc605f4fa354f6ec92ef1e50efc057c8af
SHA512717988c18b8afb8c01b4cd08669d0b39f8d8bbe0514a9e4dd216e96aaa8dd92efb6562f59388e17fbb4b96c7ce14e3c2adb83b60a9ea7c5bad90a82b62e91564
-
Filesize
1KB
MD537e6081e3a6d4cb75ddd254d9649e1d6
SHA13a59dafef20587a79230fb1e4dddfcfa77d7febc
SHA256ca0263990a4fa9016e9efb02f323519ffbdb5a7a10f4480c98162212e12995da
SHA5123b29da9a9e35d4708898b2ce4661cae03e8f8e315fd8e4234c1b4d60a0de271f3fa12bc9395f1ad51c96252308a4a1b99c345ba64c1d403fef23d65644c375a3
-
Filesize
2KB
MD545325bdfe83ff0b139c74e2f24f2d2cc
SHA1c889017ed35b533ec1d1f70a12914682e9068aa9
SHA256cdd24ecd5aa956f44295e34b2d87b4dc475ca219db9e12a86477cd1be06e13a5
SHA51220f2187a560282f1083c7e2ff8be6ce5269cef2e05c123cc499131d895cc96bfc081dab0708009548956142410ec03678f36f8957e5fb12d192f912fef5c054c
-
Filesize
1KB
MD574cd6e7d074ffcf7eb737f2df4782b62
SHA1cb9ef289310863b4e6f76ed9c297b5bf9b367bb2
SHA256c2799010794e7ec2f37cb08e5346316b164f95d0174855cac1f080a12fd8f13c
SHA512f6791f3453fb04e2e59171c519562239f1a45b5c8b91325d6ac94cdbdf774fbc9a6374f5a5b3f939be21765de34445afb2f27f56eacbd030511683d2df942b0e
-
Filesize
1KB
MD5e7fc46caadff09e4c07ecaf73467e1e2
SHA13a749d6ad95e38a45539b43a6c6e33db2a52ede4
SHA25620aafcab474775ddbfcb29b42506b798de81e7d48fdbafc330b5d4136f29bbc2
SHA512ce725752e88594e3b504a55c8cdd0cb24168bec6708405537b09d7f1a5243a345ac29cade4d734002bb9b73dd2e7adb0c79a1c4165c8ba8af409eb45f0364278
-
Filesize
1KB
MD55960be9bc005742a9ab0a49da151efac
SHA1f8686b8f37beb15d00581a23e28bb89abcdb1144
SHA2560a2195b71d464c55295527106fa56aee3a5ff15bb0e4e6fa7591992e6569cf39
SHA512b0c1f0154b5ecb10d145e54695d9e5021460393019953bcbf312cc7cb65927ca5e0ef1a5810b561b7f7a250684a9d795e3a844722f9784a7e40dc99ab70df996
-
Filesize
3KB
MD55cc6245cdd5f6ad1d7e954a60e0c4d90
SHA198efd5f3eb78764ae8e76c048fc1c360b6d1e772
SHA256c35e1bf4344a43c5a65062292f5af49017b83244457f439513cbfb31d73b9b05
SHA512f9c72db9fea55625563da2c8574cbdfc9e2ea5714b711949b15debab5aef5afc5408403a987202cf5c13cbb569a8d242eada1732d2585711ed4e1f8c88d5af62
-
Filesize
2KB
MD5e72cdd3d5824d7577d77aa2a17986ffc
SHA102e4926fe2fd112f907a6531d64e5ca0da87e5df
SHA25605cae92cfa3cbc488255c904ad163d4b962873c205b132ee5344785315e8d9f3
SHA5129433c1d758a1ba99f8b9bf7ed85c9a36142b1d2e24fe2ace7ea14c33f88159ff4f9b178da1687f06bec15d7a0ca823b281673af697cf8b3f699d9f3963c23c4d
-
Filesize
6KB
MD56ce9f580ed8c6ce860c1460527cc8b9c
SHA1a5d1dd5b162192f85809d6c02202eb50f0f14d5f
SHA256dc9bc1d2609b78f7fa422c445de5d7d1414d29b9ac35dedf10e43b566c158033
SHA5123c188c4e0148e6d300623ad9f9f78745637f32a7cf41b6905b6f9e550ab072183fa7e7e2e1ee1ff3670d103db8f4e9218e5da1fad211bba300e03ac1c9016ff7
-
Filesize
5KB
MD545dac00ac5f367278b49b365f9c9842a
SHA11efe1d55acc94109abdb69583c9df62bc155ecfe
SHA256a7ac211b3cc3879a672f81946fb452cd9a5bcffd4d303ea6f9de05135b7a1ddf
SHA5120af6b618f2b15d5ca908b0992c65ceac9a5f61689af89a1b03e671a64435526f018729922e2568bad3a3a2b38a6c8f4d71afd198bd6e556ac4bd2edc6811c43e
-
Filesize
3KB
MD59528c3df5408e479489e242f1e8892f2
SHA1cd713007fc47e3b44df7371f56d52706d87d4a2d
SHA25684c9f2319374f4224ff5af1db8e428cc86c8fcae06ee04263680f2be0d709ded
SHA51262e11a2802dbc24def18a28910875adba9ca4317131c0a4d003eb1777b396f639d2531d9bba849d21cfede29048bd2ed2d508fa64179841eea853d9fc81e6fb2
-
Filesize
2KB
MD5ae04c4ab9089c9d300ee58a6d5a441a5
SHA186ba390a3042b635a0dac44864ff3ab61233388d
SHA256f64a99b996d0b5a934c9ad25d59850cf6fcfa5187f83036335721d24d8bc96f4
SHA512b32b68eab8029b34a7674a303fa450c9eb512ae6d1eaa024898bd8ba26420fdf02b646768d5c672ecf28c61d9667c171e113dcb92448eebd625eb9967470f4e4
-
Filesize
2KB
MD5303492f6aa3a566ec474be0d00de7584
SHA17e95f749a3a65aad60746330747c918e3ad9a8d0
SHA2566ee2338c2561543b73d66158b971c51dca736a2c45dafec250b047a53ac5be92
SHA5126be87ad4066a61e8dc4e95deff7458c0cf1915650898a0165ee03b74526da49c4e697c2be81d7f8d4e0ab00bbde41989ee4906bdecb0b986be6225b3bb7b2653
-
Filesize
1KB
MD53b6290ee49ecefd05efc2973760ce053
SHA1024658b99048ec753dd9533f2b1fd8dc880c16b1
SHA25660fb959d781e2dfd31bd7a5dc78f76410a8a3483762afb9123bf9a1d25732e44
SHA5123beaba308d75ec59e06606156d7536143979d1a6f454c280a44e7b5377e0eed74029baa3835576dbf3ca74c976e1092fed69d87410aa81f853f85ee600ca8efc
-
Filesize
1KB
MD50ccbf1452f5119ef922224575ccb5052
SHA18b66218454a535e0ced6be5eb432be0e674f451a
SHA256d2fd40ba8ecb748a5761fd88d8e0102ed4cd6b5f050754c9d8a0232053b00f9f
SHA51228ff4d895c1e0c4f9d74b3e523b55bd66de334bdb04d6a2a7ef875a25468654fd607f6c3e7577eb9d3a876c5542541404399516612b2a8c83b689b196c78abe6
-
Filesize
11KB
MD5b567da4c390d1150cb680e5a2416a522
SHA127641fb068b922ef67ca45c5289515117a5947ce
SHA256e646b36809da1c64c7f97186683e4e98cfd186860f66f1603a69a8d396fc6890
SHA51240975f4e776623cc3a0ca0953e244b67ba1461cf4b5d848e951014fa938e0193a717ddc1fccbe75adc717a92389a7489afd62ad59dbc5e10e519d96004df3641
-
Filesize
1KB
MD5aa8463120d676035e7c54347df1f7ff4
SHA18162479adba91676ffacf89c0b7652edeb34bf98
SHA25691b01bc61d9f594f13e462c38fd4bf5912b895f232194b23b3d9a5bb70279e44
SHA51205ab550fc7cd28d9a6db69fb4be6ac4dd2430e4e89bb426e1585a4201af2eb7b077d0cb429db4b68e8177236a0fbd313aca89cc2d597680cfec9a597b9068baa
-
Filesize
2KB
MD57c7101c4567e72659c6c707018e08dc5
SHA16c68d6fb5e4ee5bcf6e332f2f157dd897eeef793
SHA256e7028a5e521075e11c67c5add33ca9cdc38860655f0c832c748de319601f560d
SHA512d6adb0aca74359b49e53a9c677bcb10a8969cb5ae4eda148762b696df8134a5032397bc63a8dad57874bfa61f592f43fe3bbc438190109c75b91593dfd918551
-
Filesize
11KB
MD5d879339f622981a38b4ed8f8dfc31637
SHA1a7afdce0cd94a41152dfa2e631111180d0feea31
SHA2564b01d035bead30b2cd69e2269aa2158dd609337130faee90f4f305a506fcc99d
SHA5129f9bfb7306ed682d39770bc1916a4509169bf8ea53c5148cb1c51354a9c264d5691e1139f91d0f5f844f16b2a0d66d0f0e7e8500b3c86a2e39537d5d0244476d
-
Filesize
11KB
MD56917d02be3739881dcab3905fdc91190
SHA1cd91ace3f7aba60f4f0a78d5ddb16f38257b9da6
SHA256b6a0a4a622d9d3eee44f5dec89a81cb6ae5a4cba3ea217b8e06f221999c27a35
SHA51298e4424ccee80a08daf4c9ddbbb92c58a24f33e2aef8767d5c545854bb879dcfe4985d8d6b73ae168bd6881bd925fdd0ebeb43bc052b5d96892b17e427967f91
-
Filesize
11KB
MD552a8ada9aa6b256232da5d487a5584ec
SHA19d366313f735bbc4babeed38e1f000277f5859d8
SHA256de488589bf0f72d0dba91e1cd11daabeb72b1da7c9b9f948b2d794dc2df19f3a
SHA512c1f990e1f6d9914fe3d8e7b24d8db9cb27e3ddda548865baa9282d6fbffedb6c8db161f19a773a559bf6d13fa9c7750316dd6ca6994c5d10ad3550a051b22a9a
-
Filesize
1011B
MD51c3cd6fcc9029aae215e445f6fea9f0b
SHA11f162da9ed408fe0bb23ff36ebdd91f6a3992dd8
SHA2560990bb9f7f7eefc658a6dc3816ecefc66c3643213f9aa0b152a6ba3c26158c82
SHA5123591308ded49a77d2329dfaa8f3f61d1b0b1da2e5ad7c440cea5852a7652fba86f0fd2c1f96024576f5bb50dc33ce2e236b9dc9d719c9776a806c8d0d376be3b
-
Filesize
42B
MD557c2e7058d0deab1fe0e0bcd3397a943
SHA16f46ed6eee86cc2fb7f648c9f28acde238f94539
SHA256ca5c128604dede8a601be8c87f8e3f506c3cc7d3c25c952073aa261806f6d1fb
SHA512902b78e4392c8495513ab0332eb3d518b2d081a5a91e0fd9c3c4f60435b5e531c09ed05fc4a66f9811700854fe42c7d21ba05d5978a72fa08d2f96406a2d6b1c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt
Filesize77KB
MD5fafd73f2592e36d10c86310fca1ec7a2
SHA1dd602096e9974fe2410c68fd18f8b5720a7e6722
SHA256daa84eb92ad0753fedd990d2374dd2b09bc4a904c65629b7996f9e0f0218c67d
SHA512f05c2ec1b6b7700214741b393420e2e25f3f82c231083fd4e8887361e2673f01b93bdef05973f3351cccc07c35195f89c811939b81bcef636dcc3a735f2c6fb8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt
Filesize47KB
MD57bb0ddc07c697814bcbe2926816d5304
SHA135d2ac22afeb80b342374a92a0fee474c5a4a50d
SHA25607a60edfbc07c5401e33ec52e99065d7582f25cd93decf10f7a59ed3952831b2
SHA51261916e9680f1c7e317e4e674eb99426d1af24919316eabe13c7aab92dcdf94d061dfeae93db537421b2c2032bbdaecba182c8f0b0aa86505663ec4aaf2e3e9a1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt
Filesize63KB
MD52677728249f2caa64158d0c495e4773f
SHA1a10182d27321e80f0a94442e3891e281a4f36a96
SHA256d15b44ae0d9cb1464caccc4a62d99e46f0dd023f0ca37f3188c64766b9095c0e
SHA512cb2523c5e75891304f31550e320d25bb21693a04fdc72beb7534dc2025a57b1f43af011ff82c70b195fb91856221d6c02f424d4295cf20be89fc2da2b9ab50aa
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt
Filesize74KB
MD5451e9eb5cca5e26d8279929c03b51e9e
SHA1252c780706cf860bb6acdff5ae534f22c16ad2d3
SHA256e904bf9843e45685f29d078c2985af60ec3775b61468b1d2f55db2c99cf87f4f
SHA51285937127d4897182357960d2e060b9018ee3bb27a60bb11d2df99791d0cac627ef2663e6c997b4b77aaadf950602ff0e1519db49c4284d34df04fcf483acb25c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD58e6328de2fd0c294afabd47cf553edbb
SHA1b26b408a3a1f07544bf5dbf99c5cfa86cdc009e3
SHA256103fadf75025f71786fc3fcbd932d38c97e8652a41741a287959bd1f5221b96f
SHA51229159c75dfb1f1d80a7b56a7546a39ba95c5b916d3efb3e7fa47ffa6d32f6b8b6ba4d69aae19dd7a1da924e79a15a8c5548af567a6c33846e90f018553f92b97
-
Filesize
21KB
MD5a7a7b5a8f490449e6226741346381c0d
SHA1422a50cd22265207fca4193e93d3c8e4354102cd
SHA25690edcdb703080f54fd250781a552ca87ddcfa3f33200877726616774aadf16b5
SHA51230c17848543e6079c2bda2c2a0bbb86ab50ee2d79a45a949f4f918d142a066d91ae335d8d912853dfe87158a18adea12f8b4b767a1d13333ebd04fda60bc7a8a
-
Filesize
1KB
MD5032317d43638d66c8ac7109454298bc5
SHA13db688059c61a3151f120a1cbd49565ce9547566
SHA256161b03c5535ef6164ce31002f4362d0cf545898909c141d91cf0b748453bcc0b
SHA51239f90d58db78dc7baac0f8a11b0346d68e3d14fa7ab35c04e9cad88790730fd42413f92254f2925961c810c257e9cfba3cd5b5422716d2d8a6d4cc3aa92253a9
-
Filesize
952B
MD535924118b5b4c58cecc1b1a2bcd6bc31
SHA111a4a78b111ce44839a6384d6b68a4d361036368
SHA2564a4c522ad24852ed03c9e6c2d915b783a3fb732bf66766a9854c1293db59fd47
SHA512d54b7b903550e20c7f8c66acbf2f9f42d0a707e74b62eb4b129f29b7624db227a479214eb63145c884c6fd5fa3fdc276799c86c02205212889abae9048bd6975
-
Filesize
121B
MD518c42bfd8185add401b105eba68f51d9
SHA16292d3c085410bda377da0fb8e025c69f6931178
SHA25621bcdf4b86c297fc291b18e801466fc2d1c0a707e1e5f5a6c2f72cf2b9fe304e
SHA5125d151a005e949b441e9dc763036c9e38f22eb90c32fd6f33fd943bfb05f781cfbb00dfb41bd3218ae0dc608fbe659fb4595b5c6f15d4643a012ae04fcf2f7edd
-
Filesize
1KB
MD57a7bccabeb1f04301ffe213e5b073dc5
SHA1195a85a50c2abecf83882ef0822a56c5f9537698
SHA25604a897746066741c77fe8a6e901f390a5d1e41a1b3c9b1f11727f450983f7787
SHA512a4ace3e6c717e251f6bd8094f5b2d736e98d50e385a94a691b9e20d5870aa83e9633c0dc7d917e1dca5a6adad81d7692b4216588103e148d93550f13d1608f78
-
Filesize
8KB
MD52bc72cdb9c5ebeffed0eb458bae38352
SHA1e9c45ddeb8c9c33d5ec26e97bf458387e5d1e2fb
SHA256356ae95952e1382fb0d5b5ce1ca4fde92dc3e224c861bb6fb152ed0b5129f818
SHA5128aac91116451a7d34c080b4840399b22684a8159a678f2018b5d06b0b600f3204c61cbab20ae9d35ef7a091ffa203d391946088a819249944c067d157671452b
-
Filesize
61B
MD56b0793ac67b0f41dbafa1f6492b000a6
SHA1bfaad91bbd3ebcabdd7f586811afdacb7398dbd1
SHA2565ed45ad2f6d4444874b90349079e38caa6c5500e9bd4f1d65556df93ea7bb795
SHA512f720285c5608c1acb143dcb0f5aa6bb212e852aedfd5ec39b1f757bac3a63b925ca6043fc723f1be8e461d63bdbf3d7dded35525dbf20a7bb1aa815b7aa338c7
-
Filesize
914B
MD5ea1d848481ea576ef5f987ac332f41f2
SHA1bf4a0bdc8671cd7f1fff754da6882a3bb03cef5d
SHA2561d72c1130a5526f2b93d3719327fad54889287cca5a26ebc719f30a7da8d2887
SHA51226fb07f10efb5761a44f64f7e920aed676e399ddd01a09fdda6a0773e0d8b7823f43c08c2eba5a093af24ccd4ed5c263d790af9d10922d5c13a8381bd4ad359a
-
Filesize
90B
MD53c07623a7b2d7a92d590221f71e5b9f1
SHA18c13944c6038806b67525fee7122768aa6dd720f
SHA25621cc4b2743bd646de3228b7a92485d0351315266a5481e9b27e1c76ebd80e3ff
SHA512274cbccb7871d3895eb2cc3777fb78c268f2fdaee216769e0db71d83e95c008ed091195ab78042e33ffa57b9bd08473ca90f63b993fdf986003b63d20c57ad5f
-
Filesize
90B
MD5f670abebf8e3dcd27909b2ed8b852fd7
SHA12a2f6383e62d0fef6aa81f122c365eebc32f6b8c
SHA25637a306bc8a1a6a9fa09aa36ffe9f03ed7485c620903bb56b4a7773356435f8d3
SHA5120b5e54d0a756c2dbe71149a144059ed921af623b28f76638004c5ea00846f64118d31af022f62a5f4b461af7b2b52adb2632ed3ae51ad36990529a6b8278bb3f
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif.EnCiPhErEd
Filesize328B
MD52d3d980855c20dec1d7ab67230359ff8
SHA1c57299f5be65db3c051831c8937a02896fb2d932
SHA256d54911c10f1ff9fe9ac450600d7ca1ba118ba118e782e235aac729ab0731020c
SHA5120e9757df0f4eddd1c2fd9ef848f011802fc740ecfb96249adba121cd843f45ac171f2635cc914dabf11402cf5da38160e0ad875d4f6c598554120db315acf5f3
-
Filesize
1KB
MD56c5221ccf5f9bcafa4c6029770276d8e
SHA1a81d0b5515ef1c6fa60ab1dda27936a8eb1ba492
SHA2564075dba8034ee6ed83c502436c06b66a75f885e81b7df663bdc507eda9fb0e07
SHA512a2e5297a740e061d4d02d8ad6f3c1120d3d955469cab6f08c3bc3c1fce7e250fbf7ec2f67cbd9e96323d2e0bea0086b627b081751c72ac5f9a9c8414c3f7ba41
-
Filesize
162B
MD55791498c09fef71fee683bcd2764578e
SHA109962e9c3548ffd3909757716c45ea4f330b40bb
SHA256e755c6cf391dbf6e5e7cf4e274b97f4fd48d9dadfe9a8d1a02450e0a898661dc
SHA512be439caeb03ddc4bff27945b4213c45599e32f3d66f2d3fb348724cb76ad59da5e1a5734ddf6e5ede604f41e366123502f5407f5457e5f2194d96b28a04ac74e
-
Filesize
586B
MD55217703e86860e4fb2acf21ce3390c13
SHA156350d3e80d269551ba14e82f65f4c3a33940a01
SHA2564a862f2e60374d3d179156ec867511e8588beb56d696f772469c27e10cba3ae9
SHA512fcef4a82c37d9dcf6a4a30b78b6caf0d0f7e79dbc151b84680b415e2a2b41e043e748d54fb5e79808d18b32b16b9610f886a850559d7dc99f39fae59968dbad3
-
Filesize
124B
MD50fadc0dac9e0f101c7ad8a4265029835
SHA1a235728403c15f61771a5993f804251220726f4b
SHA25632cb863b088f4202115b53b44fae0a31a5a7792150419a6b664a11790ac8fea8
SHA5128d95aba942971a90e6ca13399b7866c74569d9e477aeacecfcf3c6c93ddc037245b483f180b9cd90f0746a6522aee8be0b15ce0d9b14c7a1a9643b7f076049fb
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD578efc593c20f42dab73ebb74be3aa8fa
SHA1101e7ebe08ebd65e1dc70aa79a5f5ed50f5c219d
SHA2565187348174ef1cef04e1a0079b83ddf24e7461f801a5f1fd0f18c52b3f71fc88
SHA512532aef0bf3a2f77061e5b4255287c2bfc6f57bb6e2eb51fbe6a5a4ba0bb5e80ff5a06e3728639ba9cf4e408b80eb016d12d219012bec227b0b05f450ca25ba00
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD58e6c22c6a2df4ff5592aed6c62955065
SHA173779757fd880328eb21a2708c9a404e0981468d
SHA2562fddba9ea860a4b1fc7aa22faa3e1e4248b9e27c76f643d3a314ef1ea512854a
SHA512757e0589d48b2a87b32e42efa4f6aecb8483b60b24862d9f31689c149e4d43919f25d233e9198513818a8354951ace59f002e5d03235409f3233d6cadfbbbfc6
-
Filesize
8KB
MD573146a5fefb0cee57df379c41b42fc78
SHA158d56cc1a4fea394b7d774f45399da2610d96a1f
SHA256481ec55bf5b5125af2845bbb3628bb2d51f3373e31cbd69db6904b0be2316a53
SHA51262972601076204553991444968ffe6f1cdb91f170f3b2048c8e1056c26c6dd4d95c89b2a13cd15ece49b52d62e7340de2a4ede15efd3bc684c451ec0fcada209
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD54b3e99d3d8bf7ce2c90160b3ddb5d601
SHA11a9286c33ff1a6fe32a887ab7fd05ae76f549899
SHA256b5790a75bb9346dca68c2ee5477077a7bb68a550887320690f5ce1e38b518245
SHA512fce3a67d9f70194c697b03ca1bb5544760ef4cee48502d7a79bb9539f4f7d933657e06f2a2ce2a7f0d25e74030ada1d7d74123f4c5edc2850fdc1d166ebfe5b3
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5214471646000ab2f0d8875703f75790e
SHA1c1d6b6e67ba91c8dcbbde0aa0a73b1779af501bf
SHA256e84cb87d5b9603f0855263ecea8335efc9a4e2cc9df0e774c382fe8cd62fe943
SHA5127839f339ba8b4eef8d8390e6e2af35fd47d51ea26795da985cb7dbf6687222ebc106f5b19884e0407829e9e52b2448ee3fe40d27bf19c11197af2e03f3d9a878
-
Filesize
880B
MD5277159690676dfe4cc55e30fb220e5a9
SHA1d1ad5ac15635388340ebc2e6421361008d6b75f8
SHA256e1674c83493e99cc615c8150f8a5f5d6e3de11ef960a97c553d48b9354cd8cd2
SHA512df0465edd644c6c3135f48bb6ee1ba57dbff423b1707229d41d25a5af2a1c7941a92869ae2366436913755f9a956eb32de6f7dd0ed3ccf6920ed75482642a11d
-
Filesize
49B
MD540124aee464e01a84ddb73ed8a151796
SHA1bdcd48451ac208842420110dd3cff431983f1c39
SHA256d6e22527edc821ffd4b2e7b719bcd642447dde4e5ae573f1094a921691aeec00
SHA51262d09dba01493e63047da44ee436da15d1ce8e008c9e232bdcc72f25deb4b8269a98f4cc9e7ab541a3d32810e6a2d915f0e711f81eda7c76c731cdbc0cce21a9
-
Filesize
1KB
MD5d37f9389f15461ac5597a1ed1c1cfb99
SHA177a61a381d7649cd7f1b2b0769ed0a887cae551e
SHA256660c772ef321d8d7ff922a2c028ccb6a9705229fd8c1fd72507ac248989eaab6
SHA51290ff18ef85552c17052f6521edf047bb6c9a6e0245a271281c26ddd38869f49311bfeadfa3cc318f8cf37f33624998db82e3703d293f7da973b2e70f85d33046
-
Filesize
1KB
MD5cfacc27d22f5ab345a86e268c5566200
SHA1b6286144ba179c753d0c6985476de7e9b29ff593
SHA2569cb2af90625dc9d2fe8e2055a3b5eb59c494531b61fee34b7eedf7ca4313a580
SHA512e0ab52c5629b5940a64c00e0e1de6de4c388c3388ed1d0216567cb685046cf7a13470d70ae6aa3116d96baedc15c48b5327caec2e3c4a25287faa7ed579fdc81
-
Filesize
1KB
MD53c070b18270f1e69e65a767fdb02505b
SHA1108902764c75ce8b89bd73d720306b20dda24c75
SHA2564597d94c8a75bfc8bbe1961e07975a5d0f7b880a42ad778cf92d6a6794692690
SHA51231e70d75398b578b9e1d74e012e20f864e1f334de99d4fc43f49a424e415c08dbefa364460a85a70ddacc19dbf38132ea497b86f32df9d8f7d16e2f2b16dacaa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5073bae20bacf3b794ba580ec7d76d828
SHA156f1894a40b0afa817601ca16941741a1b9b8069
SHA256ddf4220bbf385d850a5fc42d65aa3455b595f685939aa71835869794caf773a8
SHA51262a6a70a4b32409f173645474b9f7888eb1ede16b3ad9b09c3b968541bda593cd8960ca9aa1bcb6695d2c009cfd791b89321bbe8eb4cdc9a45a78fa65f6ec2be
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD58972d1d568a06027bea434d65159967b
SHA1f4d571cffe2872fd069e07bd37ff1b203551f297
SHA256f02cb3146ceaa8084166e8934ed0c52e9fc11154388c82f1dd65568433bcb13a
SHA512b91bb97c975b47e8b4bb4705901cc57a613af696b680a857c02a605da988b9ecd9790b98e8c2587439ad13e9345365df265d5225865c41f9f0a3e68dda183801
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5fcdb8fd993f0a8e90ba38abc911836d1
SHA1eb22adfddd37d5bd5c550dc8315a06e52306b82a
SHA2566877b29ac310b9ef983eefa0b6d5f348639a27660bc419c319413f5ac03b59b9
SHA5126299fc465daaa9fd77e9326964dfa7fdb25861872662e9892a4451159b273e57eabbf5b3d320c8d3a2db7e286dd4f18fb2427504dd167099fd8175f2a7b35a36
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD57f82baa12016ea8593b9be31c706db17
SHA1c343b1e09e4e16f0e168d658d4e34e9d82d4705e
SHA256bc3cb7421b2e64fdec7d53c0db3dfcd9a9b35d15dba31b916774319d888e0e14
SHA51238d6c1c1413b03f7ab27d529ded2d6b8b2259e9a0e6d2a62f4ef5d63cbbfa1cd9d65f7f45739c263490b959f4574ffb17b7107c8d990935aaf29e31dcfc1d964
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD59ffaa40026507e0a99117e2dbbb2cc80
SHA11f58e4c0c59b1b1cf8c8c3af61a24e1e35538bcc
SHA2567ed7cb24358f20e799f76935cb8a888990c9e5eaf5d900cad95c326db0340168
SHA512fdff3717d5d1267420f2bbb939682131e6b2e28807ef5d4e869b4900ccbda72e26c9f370dabcd9fd69661570682c62f93a19883cd6f5d077eeb5c4b00c96eddb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD519762847549cf0807848f278ee0ff330
SHA115a513754feceb9da62b61836d91ca97e387a701
SHA25660c76c2d65b492a439485525f100982443d2ed0484f2af4a809b973e18eef9d2
SHA512dc5bfe8ba15583acc2269336cd1580eae329ffbadd7439e1d669e50579dcbd13e22adfb03e756a7a2844e91fe68373d519a130c77895215029d0229e7d73aab4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD55179616dc3c15b4210cdc069e34fe81f
SHA15cfeb917f50e5619d97ff178a64ee1c2237021a6
SHA256186f4a12eeaf642d4b161d61f423d15dc4d4c149e8dc4630b1517ae06bbc5b26
SHA512f19061f69629a80f0a4df1ca06fdc510c240fbc20a0f5fa661d234a8f7448259c4ce2af33da22edce533c3b1ad022f127623249a958a3b3848a9a5af81022552
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD50fbf684afec71e45852cd5beebb94af9
SHA1bfbe46d5f0ed88c9cab0a1423d3c1b6c13cf5299
SHA2560e6c1759278b8672376bb1e57adc39143516e796a34d8174e3f1f1e74bfe1d68
SHA51265b59fa664f5d07f3222e9e0d41d20e1dd4ea08efb4dc1c77faae10a470dad249814217697b52349a06f0ff453dc97af031735e515d26909f877b4aaf9c4c6b4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD54bc743924bfc740b63188aabefc7d6a2
SHA12d3bbadda8ca4ba6827872fa3f7cff5fabfb5a46
SHA2563a4b9dea8fcad6641c1f2dc541b4a4039e0257d88a09f92078237b3ec47c5c30
SHA5126f7da06825608726dab7cf2cf829256b91c82706b4ad84948085e35b00935717f5dd9d9e9ec95415084a05e9e94519b0a3685565b221d9b58d8a0a5f5fd149c0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD52c032610a226fe2bb916a29d2a0a8bb6
SHA19b7f0708e182868d17fa2cfcd459cfa27b2021e1
SHA25671c1c04ccf3fb9de6bc987a183a046c8ff068f707d8c6526f96db095a11fbf5c
SHA5129e3c66d978278981cc7dcaf4d9bbed62c11e2d542eeb767ebf38be2a22f4ccc491c95131810d15c14b817ad280f0d99f8d3bf70c113b73f1485779d61a5e3d1b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD500c3de463e3af24fda9e4f4ef6055be6
SHA1930446f2ac73509485893347f12a22860d25e21b
SHA25660039cbb416b15d80e49ed3ca114859c08446184e0ffd91d1cded10bb5f63a66
SHA5127d50b72dabaa67535195a9155c52700e934f3a7c89cb55c787e48173b14dadd7b6d1551370be9529e232cd08b06c578f1a19b01cc7c42fa97ec97490f9084a21
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5359274b73d37f83ee8e21d6d3e114e36
SHA1f179ae64fa6dca7db3dea6882bfa36ac7960362e
SHA25620ba399f73656e2bd46081c1921f3eb5197c9c607650fe11580d8e7487e6d5f3
SHA512bc37f81bc0a43c9535e52ad07431817620103f4ce71e255d46139cd8b13b30213c321d6492b1bd82cf2f1199925275c071eac1c48effc7714ca8f9b0887462a9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5c465bdaebec6ddef80855632fb68222e
SHA1f06e67e9ae01e1d126b75cb11f8b653f1a5011f4
SHA2563e05c5c5f25c1a75014604f6f214d25d26390fabdacbed70cc1be17aab1a1a7e
SHA512b21a372b37339efc26c2fd26bc6e12e2279aea9b56f731c5e1fd536aa6325acba5cf2135a11f9768d3e53db0bf90cb25b1c782e13c4b3e3ae11a752ad374952a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD56f4e3d38ba085f25d0bd3cf9e21b2b32
SHA160191f49eadce72cada71a0581862f3626324c5a
SHA2569a4cfe3a4244e023737f705c05e069f652b8f33ef2475f03e9107de857899314
SHA512ac26fe36e1b6764002165b9e18253c56bbca625920ec255caf8e8195bd8e55bf78b7081ea5156abfce03de8a56c90b226ce993fb5647bbf9eb921c22d54a65d3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD579a941539602906b860844be6647d54b
SHA1a1fc5229d8a5b7a9ab515d09e290faf4c9847ceb
SHA256da5b71cb898a3ad8f8630c11bdb99f384c7cf7de7c8b1a72aa0a86ea286710f6
SHA51227dc7469cc99c702ba33ace61e80b26916c2b723cba11baa337877932fd3f65b6fe2bd0fbd3c16ff610bad3b849bbb4ad37c6cfaf31292f3e9d423779c14be57
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5eebeb180fd9cb35351d84d0ae9781c22
SHA1e6a4db3c06ebe0cd75f9d55b569cb201af691d95
SHA256d6f11e66428bc48be4e655908007bd779068160a4ccb13f41490ca4b77df1085
SHA5122b26c2493a1190033ea5148b88f9e823b356137302d60dfd8f654d2a5740a0536a6b8066021c461d86e6c055e01bcab16a152106c0f3558abfa1df8a43d4a0d6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD52a90faed2820ba3caca23eb7ddc176f4
SHA1afeec710490ca39ac56476964dda3da71f0dcb8b
SHA256d7b3a9cb3212b141e5bb71f2f6d7c6ab761073c891b8f52a2dc8d669e42f4246
SHA5129d55af7d0c1a4008318faf215a1618e3eb55606bbc00d5e90ba88992f04da1569af41eade28b1473ee4e28f7d4859ff484eedec2a9e5328fff6186133d03dd30
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD53d2381c01271fc8f7d4d1df242ca8191
SHA1e65c1ac8bcf811214cdace323c7362b0dc33c293
SHA256ff78c74bb011354f8fc831b552842c4e1af4e23bc6d6d15db10836c8ea16fe4c
SHA51212d85d4e6f6cbec19ba05c7392f167504354773311ec64794d9b16b195fbd892bea23885c8196f2771a97db9eb1f89557d9203667e2847ac48ecb7ef75d2ec72
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5d43fc931f47533ebfb142b48ab48a0e4
SHA1627e1f65da4d5ab444313e6b53810b3f428013d9
SHA256cdb42cb1370120e78a2ffd25b46f2541460a691c660a2ad2114cf47a04efdfad
SHA512d2a5f69d6044dedbdb5804b528e2719f492f42a1b67a13511908e7b1511e0d19df317d3c1514c51bc4a00a86d297d77c7eb531ebb4197591f95334b173f4ad5e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD556afb96d8778ce250416e1b15495faf9
SHA1a16750096232f7f5f10a5c396794a1a88e5c8834
SHA2561254f71e3ce45bdaa67c14cfbae197cfa1c57a29acd1942a3275fbc9c17ad8d4
SHA51257b8bd7ef3f38b0308ff3cdd28ea4aa2e69e95c1dc3b59a26feda8841b50337ede1214ed6817bc722b58298ff87f03fdd8084122d371eece197ef6aea69731e9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5816f8f2a2a292540f94e999910dff675
SHA10715b82a4368563008b27605d4ec5f26841b030b
SHA2562eb60cc868880d6a6830a550cc6bb2dbf687b80d872d1c5ac45438130c637d9b
SHA51202f48660569b1aa8cae20bcda95227714515b03e9e9aed5c3af038395c8f7c22c97905d9ef4384760ce2a38b937264d9838ff4df840469effef32f7b5fb7368f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD55e414c8c5e3347d70bbc6dce548881c9
SHA19f0bec716cb87d4df614123699d3b3fe50a7cfc6
SHA25600f166f856c5bbcfb652b41f8b8db231adecdd89683a6b7685d05b7491ec68cc
SHA51209313bbf7931bc17b3b550e463f5413ee6b9fd9c6c1ae6bf3a71cb947875a966311ce29d57965e0b1ebf86c3c94d54ea28a28b023b566b47989dae165f3c2a1b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5dae1f7bef6d04dfd148db99d3e1895b4
SHA14c63eaf4a0c96a4790e61f7fbf5db5105deeed29
SHA25675f7145bbfcde6395708b440328711fa1454a196ad5f5c8f3bc541820c591e50
SHA5128bcb73e0b27ee4ccf0d3a486a19e7f7e7079ce7b795dd7181caedd04cef8490e5cbcc3476f1ef5cef6bc590e40574827bfb7d80cb55f0f7bd101de094742da00
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD55508615058596744bc97ea30ad9d6246
SHA1b82adfcb466d668462b1073ace1b71a672927f9a
SHA256149058471e92d326916b040c3fdce42d7f68b206873aecdd80f175f4f1cacb88
SHA5123c7b5af8f83604fa446f323d224dd5a08c8c6249e80205fd2f3ff6db0a9e17f9cac06e1c3e640137fc5724b13eac62cc60625be62a9a05a4f246e3f04c5a543b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5c37ce70bf41c90ce86d510b94cc52cbc
SHA122c7b78844eca3c89dd4c0d7abcc13c17c260076
SHA25632239ade7b634f5b071f803e26411be1ab13497754f5cebeab24ab8e1d6298ed
SHA51245853a8c2d298fbcfc916d9e1976b5df771fb4004e3dde37c8ed444eff07bda27e9f5218db0297e9a739fdc709171c12b769a278dbf509f10dab3bbde21cb0c0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD55b578729425228304fc0fbddc72f9d3a
SHA18beb908085012484c6c95f851bfe4f124b60f141
SHA256d5132d04458a8c9017ea2f76969ad50d8f8c0bd39a0746c10c3157e7468af107
SHA51232496b541186f38fc8137a63dc35af04e32d652df46df14a2a0fef053c773daabea9c8ec857459e18fc406f16f73d045fcaee32010fa1f70d7baf2b13a7efa1d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD52c08187c871bfafce8894322309fa4cb
SHA1acbc28a3a24a7323e3cc0dd3424361f9ba0e88fd
SHA256dd89b3f7e5059df4b49e7468d9bf0853f8badfb79e1ed5b415d07852cbbd7152
SHA51288a171a89683ff22ad11cd729c913a3b3e0a0ca94aeff79a1f5d6dde5b260f149c79ec7c6965259774c3f92d4eaf44a3ab533291204e597edd182169f688584d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5ac15bb9354a014ece7e6faab05f6beb3
SHA1728dd58c0b4916ff1e49fd8ac3c639a9a7dea419
SHA2560215c34d38684cbc62e4244857b4526a8329f4c96fd0ea36febbca1341f1aec3
SHA512b5020de7740c28b6183999ebb90b7118c2d976cf82afbbbecca60c58aa0e3d44583150a16989e80aeeef238a6e553eb4a2065a35550ebd436e9ce0f20550b440
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5ff6c9981df922803ea498f2a51d211f0
SHA1083b4f7177fca39bfe68d86558fd13bef0dc7b4c
SHA2560066c0c4c442650f1d0f26d1e0ef85b1a680edc883763f2223e77ff51ea0cb6c
SHA5121155879868f43dc674862de2afa4acc4307010ca2ff9094588958ed0e5d39e63f4bde5f636b35e7d03c024d72e928d5121c4a772d9a5192b894e1b7ce24fad76
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD50bd8177bff064426ebde4e7820922090
SHA17a58fc5dc532ebe2249ddd8f6b741712c777fee8
SHA2564b9d2fcc268189a743454bc464c5d3f1b5d01a11a6967fd6afa3d5420aaaff21
SHA512789e0a3220fb9c9868f554162611cc40b39fbd3c158d2cc231d1154a18c1947ac6c859d34406319c7de8f2e246aad045e3c980904b63abbf1532a035415e0e63
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD59fa96203a8f0e8af2d2a1da1d2d2df56
SHA17b540e0bc87829d520cd5d71efdf69dd8bb86117
SHA256bb7a578e0b32bc2c0a743c9883b65e7a0abf9dc6793fc76aa6621a4d697dbb08
SHA512bab3120265655d670b48b575e9bd13d37373ef77d44384b34615630682e47a7f91df5a16e18846816e55080ab26ecc1be7b99a740600f2e5919c63a28cf7f968
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD52660a4be9a7704d98232481466629966
SHA10d57ee5a2b6162b6b6b0e42a8a0422fa93988c83
SHA256f66f162573b276efc7e60825078f0c5485a5cf4c5795a3a8f6bf63e16089db85
SHA51236d30537da10ea76ae83ae8d05d139c6274fe161ce07f6a10b76e536c7de5089177795ee59f1989af995ef67365493f3e9adb1126168a283dc7ab2fef4b0b1a3
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD503962140c71f8f44f6474baf5e34e3c6
SHA1a3f091e75607da2e6fbd8889c83ef00c69616021
SHA256c6b71e16ca7e8879182ac6f9330505526af21bf6aec673d2c459567c30d61b98
SHA512119d537224ab30c4a48c1ace858bc250b561b033b960d05b3a4c93b274d3ae0e2f43793f6e01986e6ff568a2e12d7c85fe90bb664d70ee189e635e6115624759