Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2024 04:05
Static task
static1
Behavioral task
behavioral1
Sample
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe
-
Size
236KB
-
MD5
332fc75edd44b84a3442e6f97076f55f
-
SHA1
09ec6163d085cd3d9c901d5f9ee9f72755179bbe
-
SHA256
bf546fd45bf5b341a89f60a6b62b02fe2ff9020e1ebf36d5fdc2bbf90a817fc6
-
SHA512
e0ead631e79839af59fac1b2a3899dfcf0b74dca875688770bb936088e78ca634919806f1f36df7b6b219fcb93b5e30c4471e16fe9c2b997e856b268eea55557
-
SSDEEP
768:d8fqgktemXxS6Wv8Xw0XYSoBPkwdtzZP6VBV:skYm9/RYSoegV
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
Processes:
resource yara_rule behavioral2/memory/1788-5504-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-5503-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-10274-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-10871-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-11198-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-11203-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1788-11204-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
Processes:
kod.exedescription ioc process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt kod.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
kod.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe -
Executes dropped EXE 1 IoCs
Processes:
kod.exepid process 1788 kod.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
kod.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Zh8yO5IGMxXepAi.exe" kod.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory 64 IoCs
Processes:
kod.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\msdv.inf_amd64_5c153f7ff7d0d00a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_c4c8f901e3534194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_2afbe7d3ad20f42a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic_shutdown.inf_amd64_bce6891915e70bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png kod.exe File created C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png kod.exe File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\c_hdc.inf_amd64_6e00e835fbceac58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_ddaa09c6103bc6ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_hf.inf_amd64_0c00f8f3a465c9a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\kod.exe upx behavioral2/memory/1788-9-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-5504-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-5503-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-10274-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-10871-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-11198-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-11203-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1788-11204-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
kod.exedescription ioc process File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-400.png kod.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-250.png kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files\Mozilla Firefox\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-400.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-32.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-125_contrast-white.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-white_scale-200.png kod.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png kod.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt kod.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png kod.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-48.png kod.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt kod.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\WideTile.scale-125.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-100_contrast-white.png kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16.png kod.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt kod.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_contrast-white.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\1.jpg kod.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-125.png kod.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-white_scale-200.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\WideTile.scale-100.png kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\LiveTiles\avatar310x150.png kod.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png kod.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-64_altform-unplated.png kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-72.png kod.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png kod.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark.png kod.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7739_32x32x32.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-400.png kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailMediumTile.scale-150.png kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Spotlight_NFL.png kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-72.png kod.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png kod.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt kod.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] kod.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png kod.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-24_altform-unplated.png kod.exe -
Drops file in Windows directory 64 IoCs
Processes:
kod.exedescription ioc process File created C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ns.resources_31bf3856ad364e35_10.0.19041.1_de-de_8b43bec67de68e5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_10.0.19041.1_it-it_9e5e5a424c96bd05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\msil_microsoft.web.manag..nt.aspnet.resources_31bf3856ad364e35_10.0.19041.1_de-de_e369a1c89198809d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..t-onecore.resources_31bf3856ad364e35_10.0.19041.1_it-it_210485a599d75252\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1266_none_002191d26b2a1e55\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ss-cemapi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_edb3724308de7aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..workcollectionagent_31bf3856ad364e35_11.0.19041.746_none_97a7d79a62bf3cc4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a3ebc1994b1c70bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoftwindows-un..keddevkit.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_c9d08284ca03f3d7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_en-us_f6d3d801594c601f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-windowscodecraw_31bf3856ad364e35_10.0.19041.1165_none_09c62bea6ce5a482\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-o..euapcommonproxystub_31bf3856ad364e35_10.0.19041.1266_none_11d8442069dbdc04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.867_none_554c9384e2e042d1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-bookend-cortanain-outro.gif kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.746_none_c7a124154e1d7314\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\msil_microsoft.powershel..ion.odata.resources_31bf3856ad364e35_10.0.19041.1_de-de_b0a2b9f38ae5b958\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\msil_multipoint-wms.skuresources.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc4901fade485b61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.964_none_c714ae0c7ae90eff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ore-files.resources_31bf3856ad364e35_10.0.19041.207_en-us_a77e6aa2de8d00b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_25d6f2766f7cf9c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\SquareLogo44x44.scale-400.png kod.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3a3948f5e8f8046b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.264_none_f328f75868736919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1_none_805682e34c6552d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gc-kspsvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7e2e7925487a8e96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_caf77e29a46080a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_10.0.19041.1_it-it_715560277f8af039\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-v..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_d2df3e3d4fc57eb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\msil_microsoft.windows.diagnosis.sdcommon_31bf3856ad364e35_10.0.19041.1_none_15902374653bb7d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devices-wifidirect_31bf3856ad364e35_10.0.19041.746_none_7f74465c5404002e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\DisableAboutFlag.htm kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_sv-se_e60a0679099e5948\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_e7cd874ea1e56b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.19041.1266_none_8f272afdd624490f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.264_none_c4bc376754eedc34\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_transfercable.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_03dd0ed7851afe9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..se_standard_101_key_31bf3856ad364e35_10.0.19041.662_none_f1a2995bab4ccb3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_18517f20037fc203\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\SmallTile.scale-200.png kod.exe File created C:\Windows\WinSxS\amd64_microsoft-composabl..ropcommon-component_31bf3856ad364e35_10.0.19041.746_none_ff8ce67e324d12be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft.powershell.dsc.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a02fb2582dbb39a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..on-client.resources_31bf3856ad364e35_10.0.19041.1_de-de_dee5dc5f3cff6710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_10.0.19041.1_none_0c8c7a5954ab0dda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.1220_none_5ed127b3325de1da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..terysaver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_81b671d57052eff4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-twinui-pcshell_31bf3856ad364e35_10.0.19041.1266_none_670f6f14d5c78d75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_51695309b91402dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\Globalization\ELS\SpellDictionaries\Fluency\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_fusionv2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fea138b121d1e308\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSplashScreen.scale-400_contrast-white.png kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_it-it_81697890754a6aee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_10.0.19041.1202_none_40fa44d78c08190f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_nulhprs8.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_d07d1617712b771d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\amd64_vmconnect6.3.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_110ba8acc55d6594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_ec5eb439471de957\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-36_altform-unplated_contrast-black.png kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5376b94c84988935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.746_none_04fb1ff2ac42c9e2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-200_contrast-black.png kod.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-64.png kod.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..documenttargetprint_31bf3856ad364e35_10.0.19041.1_none_4a503e10081a561b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt kod.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exekod.execmd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language kod.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Modifies registry class 10 IoCs
Processes:
kod.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TDDXKVAOMIPZWWP" kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\DefaultIcon kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\shell\open kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd kod.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\ = "CRYPTED!" kod.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Zh8yO5IGMxXepAi.exe,0" kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\shell\open\command kod.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\shell kod.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TDDXKVAOMIPZWWP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Zh8yO5IGMxXepAi.exe" kod.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exedescription pid process target process PID 524 wrote to memory of 1788 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe kod.exe PID 524 wrote to memory of 1788 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe kod.exe PID 524 wrote to memory of 1788 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe kod.exe PID 524 wrote to memory of 2116 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe cmd.exe PID 524 wrote to memory of 2116 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe cmd.exe PID 524 wrote to memory of 2116 524 332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:524 -
C:\Users\Admin\AppData\Local\Temp\kod.exe"C:\Users\Admin\AppData\Local\Temp\kod.exe"2⤵
- Drops file in Drivers directory
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1788 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\332fc75edd44b84a3442e6f97076f55f_JaffaCakes118.exe" >> NUL2⤵
- System Location Discovery: System Language Discovery
PID:2116
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD54ab4fd5e4c990b4deaaed9b646ff11b1
SHA17e7f21c08d6681bb22a38c127730babee084931c
SHA2562270387b49d519befbfa12703d78c7f663679a36395ec019c8794c043ee69fd1
SHA5129da9dad959f0ad0fbe9f45f4a150ccaccff99f564a50c4de5acd6fc38b0691c601e11a63ddb539b1bb077f3635c645a3ef585a90e5fc14cfd985363bdaa68f87
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5db5582750d3dd71dbf33767c03a60acd
SHA19ac901ea51b5659bd8cde5b25bb6f5733f8c06bb
SHA2564a74a2dc57474fbd2eb8444ced9ca9cb6eec42bed41e762c9d2445179451f8cc
SHA5123a76a42103748bbce02cf45fde0ae839f2a516daabe2c6528789c177993acc08d67637da84c86427a6a022cd2727206e5f1c6320b98bd3a3d0e8a1f2be51e9c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5d1f4305ad81ea1a9de2200968aa8303b
SHA1886d44947d9c8627937fe4a7b202f8a8375c5fa1
SHA2568795d3391def92c694b3678620bbf45ccb0cb803f624b0e7a096e76f33725608
SHA51267bd41715a557247c79204abcc7422aa06a9d97e570e424e6b0c363b655b2cc2cbc28afaaf14ca775231214f7ea6c7ff69788ade6260b49dc2b9836f1819db9e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5029122e2ef2bf797b405ab29ec1b8f8e
SHA1299b443df2e5817060f1faaa8b2c689f6913fb26
SHA2564c12aa33bb4f89cab374ec3e212a14110b0cdef48bb914916faff4d4b1a9cd80
SHA51278a99b8e84b15432ef91f5f09f337147e236e3c8c8dd188bf614da4ac413a8f0be6108d2ef02c71b8bb9855f0d54c7669687b86d983ca53a9a32f57b9fcc7401
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD50288d101482c860bc3848554417d3090
SHA14b995aa8248d30ed49074c5695627869db7057ce
SHA256d45523415e76bb2c9bb496dd4a31f5c6023d06210c34285522c2e39a284d91c9
SHA5123f3835c38da14aae03c24856c7658da086f66936ae59cd37856a023c0a085ae0a53da0c1656d437f2ffe673dc7f52c2ba352da0d11f7d61d04a354bc60e62170
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5437ebe5460396ac7c62b3f9ec7add2e3
SHA1f7bb1d9069a36fb386faca8de30495c99da99431
SHA256b9248dea45e972354802e8a61f5d25bf63ec43a61e5da599629be5ecb8ee13e7
SHA512aa01679e893d298751fb4fe600a0805bb974956fcfaacbf6425311bd1fe37df092466e994837325e2c754cdbf65b4a899795c34943bda99a6bcb98421b9cbca5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5682f9e7f22fece0d9e01af1c649d0318
SHA15f4e3744d8252e355912572b2cae9f4e7f94b4fa
SHA2560488010b443bcd31428a7a44b76639931aa1e6dd5338fa9503b1c6e11b0e2504
SHA512128f9c8116b8397b4d95efbe40860687dafe276b2b9d6d9226d42a84d4be2e3cd834bef75a0b6e5845fb5cca3cb29ee2517547bbaa464c9a3e30cbdc7bb37034
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5f548c3a27c413c0151c795d3b06b7ce7
SHA12d582ab83483fc8f781bf0657f6a0fdf0b55b956
SHA256ac0500b0bec7cfea324fbd0a96bc2e9fccc2e0cf9adada83adde9ebcc071c561
SHA5129ccde8dc53fb22c2ac3dcc29d6dadbcc327918386b6dd07a342e05bc5f28531c08029e65ac6c81b08c0843c296b28a303cd1bca5deee2725c652963a8403fb87
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5f55c54c06c8b91ff41e46fad893a3873
SHA122c6db4a1eca104b6f4e593c82c03483a2ffbaf7
SHA2566c4b3da54290eb7507192d0403e12630522fde2875d50164aed2e4aa12721860
SHA512bf7379ff57d1b8f2bb5d73edc6b457eec6ff269dabe2bd08828e218e42297bc63b60a60d52f8362e0f4d8825cc671ff60583aa8a5589d34adfbb328b4ffb30c5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5d3d8b197af439af326fdf7c32894a777
SHA17e699d7163719ba2f416385f5efd573a63be7f14
SHA256d9f1221a7fb23882de114567219656116bac4b4f861951ae21f5ff239bb9adba
SHA512c8cd9a446d7a8dc96d00575ebc29e7d592660aea6e8f60c1901d2a8ddbe762518856c7d457922536b574bfd271a167a3ab5a8febb446a3d97a64a956188ddd42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD54d66243ae7e9e51c9d25c0ffb80f7ac5
SHA16a05fa73f42587f6a8b59fb2ccaa5a7326aad760
SHA256e43ac83a70a70b71434ccdce663077aa651a1d0e6e51b1a0ce72f16706a814dc
SHA512c3fba96d17864e23e37eed947923b92d66b5c42f8df716074b65b0248c236deb5dce82f75ebb3cf984d96c221cad15b8e329d2fb1cb24c44ad0835a165db8cc4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD56725912ce1b2743b1ab23681757d1dff
SHA1387db71c16fda6e6872e771acd3f2ca1934f6b00
SHA2560755af5e244cf564b2b582f6da787b9a11f2859a77f3800ac96947829c3222d2
SHA512886b457ac693abaf5a1214ea186fda18c61cadd08ff73cebe13843ef35672362b44259246d7e0cd2e354d2246a03eeb50a74a9af5e6b55c32c2f547dfac3618d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD52dd40b5c130fdbfe18030e112df7a727
SHA1b155a47ba7686a733391e28faa4b681cbcc2c31f
SHA2561a643f5b91dd4f3047021c91181b3e344d5ecb6ac11b0120ce3acebcdf89be3e
SHA51292e876cbadb129ba93f4a4ba0741c07e71eba2a9d6813dacb7dd6670f727d1a832fe68d222964a6756f818a5f8db40241f17e1475701106a88d5439495a34760
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5785e441466c6640c89f4d6f2c61cc80c
SHA16704d60616059475d196194bfd6758c5a1eac895
SHA2568064efc712b139d71c5882e15cbc25722a09a4fe56dd7154f9b4fbaca43ce357
SHA512340e1a3f09d21022c077e8907069dd7002263660231e6dd069b0826539f2e0828a2e1b09399891b43da81ff86e566b734c93d3629a693cd589a5efe9a9672001
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5b26eb8b9831f9a46c9d9e090a443e786
SHA1b356f32d732e6d1ac30f86455bd86ca43c237e46
SHA2566fdb573b0097144b180bffd5a00a7ee866a4c00c0d79199e5db8a80dee56e1cb
SHA5123bc65868a52a53ca37c6bf6642dd258a9f45d54b4ab8fdd35a447a503cd52d98dbea94e26a869e7c6b4856cb785aefcc273799059602df8096d8ab0fb469aa4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5a97ccf2a2a3e2411855b2433748e0bc8
SHA17cfd99f2d57497f328ab1e2a646acdcc039caaea
SHA256e67b8b319aa019d36d4f635021db850b28e15a7d640fd31cdc404aeca1e57d70
SHA5124f4ce8dc7ad397e09db1f3e1ce377b8e7320b3a9c1a5bc454c9ea0e8c651a371697ecb21d75de1ddb3f1e5f303330a3c962922a08cf7e10be74f95f0522662e2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD54e71a8d43b2336bc6508070e705c03b6
SHA1dcfd2e3fda270615c04d7a50c5cb63a4b24c5075
SHA256bf623ecdb83f0c59b8610da53c0ad32fed5dbac5031304d7e09be89899d2f192
SHA5121ff22da10dc030e9fd6cb3f36534759edfbd2881a24a98e135388725ab4e0b3c4d68be0d9876bc6728f31743078b7aae917aeddbe491e1c4abdca703859d2fa4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD564dde20f4ac3ec43f4f6e7a96135dc2b
SHA1055ce658789c98221df9fc4b861165c8d664213a
SHA256f1c651025d539c7ffebe87a40275c0782e7403c950d69f4152491b54fdfb93fb
SHA512d2364d3bfa352938117e16b763f7271cbbbc3467d45143025169b7153a5dc3a6c4c0389955e1d91e7218e843788a2e341b446bcf854caf94a752fe38c83fc39f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD50a323660e96b2bf85dd8f05f1322ab32
SHA158ad332a087ab716a136eef4f1c4266bed6a48a0
SHA256b424840da7517239d24cabcc234503b4003de4b88bd59f26cc60c0c28b73c73a
SHA512e3ce4dd7cddd1ff202825bfcdd2696ae7a2a997ff4f059375c7f80a19c6e20109d06973f1f0c95a03a5b358806076af4f86a923dca8eb084dd521567408376a1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5d4b2729714231e03e13e904275458c64
SHA166b38bad5f5d30d840b364394c2a93a6d8880875
SHA2566a0dccffce489584198e96429211e6fcb67d061f8a864f98aa53e3a5aaaf4656
SHA51260cae6bbd33f67f49dda40b11984f33409e27c0de0a35399ae9dd1bf8c18e90a8cf3698b565fd311b6d828893a95a1c3df20843fd855d17173f38496a1da8081
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5c84936b94384b0a7e21dcac393dc4eb1
SHA1ecd88a15df4f7be52b8747a37a5a7b8da19cc90a
SHA25695e615137cd767f96d8d896d6149b0144ab08ceb6d9f47863d0ef8bc949608ec
SHA512ae9902c90d8070c90b788ca168d5fd540d491cce1bd934970ba5036b23c781ea4d2fe57599f6a33609368bda1ac9efff9a2ef0551debfd62384075edc52340f8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5e9c0f920be16b40b0f40217d72b6d432
SHA12c239e9b898a5fe94697fea2fe206625fb4021dc
SHA25642d2f4dac7b507a00d6e79b3ae43f24e1bab1ed3fc4ed0bfa506c1dcbb2d85de
SHA51210ba0ea49cbc9633303217c2c8497035491ca0061dc690ddd3268156961ce8dedbe53531fbffaeaca7f50353caaad934ff10fea96d1fc5d7e82933fce98c1dc8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD557de3c3c6345fa9dacbe2c3366a16e5e
SHA11aad9a29913b96e7bc6824a57ae2d2d0407be953
SHA2565569f2dd20f1ffd083e3e0063e40591adf5261f7567f9f732bdca93714673c03
SHA512eae67f1b0ba25dad2fccb44d3c9f9706a79eae95212f422167c9bc3bcb3919c49d328387877ca61fc7fe341f815cae2171b8408e7662d57bd908dd015d8438ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD56abf088bbee43e487c49e3a301a696bc
SHA19a1a54a7ae7132032db6d7c6a51e6794c6bff42b
SHA2561fc0f968159eb3aa6d134718d19663829378f941b21c244b99aa91924d91e610
SHA512c1dbf57767fb4555cc05cf519cf2f16664ce2e0074df64207fda3e5c097ea629ae439e5270af5815e70ea4cdbc2ad560635019b29b1c4ed1a858a91db15738a7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5cb8f2bbce77ae5dd7d1b5fdb22acd5b0
SHA1cef06b4c46b484c7fa6de21c648b71bd5866856d
SHA25612ae51cf134e3954d2fdcb9ca147068f2817bcc15f1c5cd7d32f880e795473e7
SHA51247fb3e536067e2b30e575f6a5543e5686d7ed1eada0fb4b179b0b61db1a8aae65258df0de91ad402f995866948c2bfb22ba9da03eef250012cef977524e6b7ab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD58f0614b7e980320dba98c3c9db7cf3e5
SHA114127889fd50b2ff3c6ec8aa68b4ac5d0c960ff7
SHA25673f9bb893c174a2663b1424a1d057d3386e052a3c9bdf63c264bbd57e8ecb9cb
SHA512247c3d473bfedf02af3f1e75cef6b013ee8306de9e2bb72d889824748b6d4bf7a9e2cc0f7ad1fcff9304afc0734fa9d26c67318bdbe00f455fa6656fa85e5dbc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD53859aa0a370112cb31da044e3a3a4953
SHA188a131f436602c026922861b346b47a4f0f2e68d
SHA2569b10b9fa0ffd5077f7a623ff5278925ee5db8f2ac255fe38d702e83c349695b7
SHA512a69288be510c24ebf19b628d2cdce534f0da7ef651074530d3397ace1dab9ce08ab93907ed0d175e771fa95228a802c63dabd85275c40fd128e47d819a897cf1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5e47af440d08f39feed4d74dd1171d2c3
SHA17d20b67d0960d4f4ae7e24789e1a0f00af692898
SHA256113ff4561871d04633c418664cb9e8c0d3db5024c867358db1a3a2cb989bf032
SHA5129ecc84b850ef2f450005dd8755853961f8f8fbb020075956dcd80f41e72ff62a2c4f763c7b348ebafa7efb8b467e7c9e1bfb0beef5fe9294a64a3ad699227bbc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5f71b3920e65bb2c8f5a4fe1352e8e916
SHA14b721a76d608c67ba667d4d1157721e4f9e742dc
SHA256ec720947a3551e246eb0eb429d6f106b54782d3059348697548f1861090af186
SHA512e77d135a5fc8b0a1d604b036b6844101103699a9204e6d5b9bab1e3b6f16e23392d723560817966859108925109efb7c10b31b432095aff395f9c254ce1a73b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD500e68ff633e5dffd57552b3fcc8d5ff7
SHA17e490938db446b67d6c3ffd78251d5208122e35c
SHA256900612e930a1da6262e8c2f1b77b1431e77c1026cae83bcf1dd3c31fb8e42d38
SHA512d6d7f16736c64bf38ef01a6c41062deb3515f9ad6c583a4cb94f3eb91eb7ebfe74e8041c498f517bb6e7a3f1f759ad05d14fb46751f49a1eaf2294226609c8d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD560bab584e3fd5584ac0072632eeb81ac
SHA1e99829c9c4c980f3f557d8b7c3920d1776d7921e
SHA256d1551383634c571cbc5a6952d8731effefb1cc2e3e544355dc7ba2f282654628
SHA5124de19e9e6f847026860b227754c02cfc1740525a97dd531b64597026a17eb48d3267340e0761a1d6a98459d033bbf48e013de76320db8806df3983a9407062e1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5ddad23fdd6f071c98fbf87a87cf3ef70
SHA161f9b4f212d675818a3a586f5bb1cf9239549b27
SHA256133ad0a0d1ee1f4e572d63c762068e490f92addda971a9b154aa83da229e7e65
SHA5123b547e1741c825e1ebe790c9ccdacd626afc86435e4ba785829930b9929f7b6420c9a12ffe75fc3bc2818e049787d45c7fea4e542525c1426a5e7c049500f986
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD51381c7751787f0d956bf1905f00a0264
SHA15ac61a6cb7489715b11a7cc8671617de455419c7
SHA256acffd35d04750268ff568e0cb8cf56c322e399cbee9936b2c00e54b2ceef3b3b
SHA51216b64293b4a2bc6f090b83f9c5939ef64587576ac1b232b7a4a82f811d284070b858b26ab1794b26e00b9b996e3a43ddce54e47435253a0e202d499e0ef03a88
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD539304d4a85ef766b6239538205072644
SHA110b30b98e4b3f6cf424223fb313044e8d629308e
SHA2568f74fc2437e97b7968c84df6c459d2e80f8ec116c6a4c33213a6d8da8b762280
SHA5121360dbe312a002ae2017660f910a5e9e9f728d9fab64ec1a0ffd280defcf7b38f3a8becbab0faf764360a881f87f250c183958a782a4595f6db53af50318cf7e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5a9e532d89f2678645dfe36a5b721d9c4
SHA113077b7c66fd0a5b3b9cc7f08678019fa03d03b3
SHA256a7b5e7835fb44ea59c6e4bb4f044d5acca850c19675a1bc5b67389f0928f9066
SHA512190c3b2fbf2417d6d2940070858347c2adcf573fc39b021598530910e9fecd3a36898dffea8e0f837ef1b142e837d717294afa36236ab16809c3c69053adbec9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD559fd4190c5f32a9bd127bf58bc8ac363
SHA19b761a2677b18f19e490057826215db58f2114c9
SHA2565249126f1f1491ffbba05120df8b568c929b82ee26b4f786886d4bbd19c388d4
SHA512b64c15143c4afded393816bca6e6d4dd6664af31779430cdfd0015324699da74e1962d66a80bf64750ec45c61b4be2f210c20fef82b0c21bed27e6289cf1cb42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD52b012dcf490c4150166fd7e849e0a475
SHA1282002662029c848b996231a1cb877c6c8b4906d
SHA2561cf9a4ebd0567a26ac4abc414742235af722fafd19ac8d291abb77a79c86d52a
SHA5121fb52db41e66486964c475c2ffdfa796ae02ece5d16c9f44b9c33e377e99c277f85b9a512014a9baa4736b98ed1095df37aee87c5bfc93f99b7c9b5bca0a27d0
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5b7962adf599d1885da561940bbbcc243
SHA1d313d96f3307b2751d7146b5312d9fabf08c5a0a
SHA25643325668c04b5b434003237483b9d35fa38af5fce1afc9b42fcd2889ad0a930e
SHA512905f6f059c7ed096b0fc11b2346badf04272a083009714140c79a52df242eded330be7a216106473db0ab8a3b99c8947f87102feda5ea26f31aa680ea84d589a
-
Filesize
670B
MD56bbb4d89dc1da9cbe4bc61701d73e7d6
SHA1440ad1de39414d5574201b5fd03ed1dff496f2c6
SHA256ce643805a86233be7ccf3b4340370a9f25a3697a1351ac8adb2042928f747615
SHA512a30fd332113dea60b02be64f3cd7df9c0ea081ddc1dc526ddf153eeebfe8a79a8640baaa5848236bc09cd1f604619eb6753995fc1130b42df42d59d6fb14617b
-
Filesize
153B
MD512d094d717e57b9ee0f16bb73ace63c4
SHA157d5dc04a605b3a7e880de81aacc210568353ba7
SHA2568dac2295be785d584a47e89f79f46ec346f7f74e5001b15b24ba7aea0349e8b1
SHA51209ffcc20ee10ef1558bbe5cab7c8e51aa8b9588de2a719393b92309001100147a1b52d4d7d2ade0094deb67b84294f8eb568894275a116ddd3eb164e68ba9a40
-
Filesize
190B
MD5055e65176c7c5fa4dd99ae296ee73ee0
SHA16738f6ad6079e08f13909d7a847c82be91831af2
SHA2564d5d263a059350a7c2330301bd5e2742140e13aef46fd0ed9946a7f283cb1cae
SHA51227664a0a1ce61fa105969e891077ecd774e1e6edfaf5dd868d54094f45fddbaf312d80393093d963e37228c13454e186dea16f66b8750990aa85ba84a37b94bc
-
Filesize
190B
MD5c97c932d225d86cd9083299ff251f680
SHA1463a6c68929d6c6cc0bf87c246760bc57d78dce0
SHA256d54acefe640f0ec7d9406d9b6dc0097b63ccfa53141831c97fb2616045bc162d
SHA51271fd48be833bdea7d1dd481ce409aa262d2cbc67cbdf8d931b5e9e8166253c743026e7132495cfc1e2ec9b6a8d497f2be1362cb6c9986b16fcdc223bd85f0832
-
Filesize
1KB
MD510b4d24e1f36478c0b62f789baf4634f
SHA12a2a5c6baeec78bd6084145add27f9a5baf3a964
SHA256c9351f253dd6a8acbf3813896b5ea50d649aab9234ec0351b1dc9099e98e905b
SHA512650f127ac3274da233523df80aa905a7064fa75df45f3aaa92cc3d26278a5fa46081c41ee1f69f36c5b34b1e14fb12883c98b86dc36681ef8cea3a90fdd368ab
-
Filesize
31KB
MD513912f707702db8d31b131d3625c5692
SHA19a239843e1dbca3c105b46e654febf2c2a66303a
SHA256bb4d5c3ee41cbf9ae6e6a999d9337e8a38c4e5b7057d510b245fdb4f31f27371
SHA512efc27d48371de0b2a7bd052e0cdc0328e0c8a23aa3fdd826173717b6afa059f17cff6a011170de06d312ee931d56b2d0442b92b3975012e2608d10224f28f1db
-
Filesize
34KB
MD5bfa4dc834c3c7a62455ca4119038145c
SHA1f2ec986f2fe2c8a9693f7e82a584d8b1694a0b31
SHA2560de3c08799e308576c5086467b995f3452523735178c83cdcbe5c3fbd3dec3a6
SHA512ba1e036c4f1a85f0bf6446735a863c81c160441ecd855667f4ff51a1c91805fe6f862e4029d2c7f49308465813682a786c232e4bbea0570cd1bc31c14f68b1ac
-
Filesize
23KB
MD53a115a0dffbdc4491e8989a3728c10fd
SHA191fd114bd56b1fbb5b0605c943c5f258008804bb
SHA25679de8591ac1a82eaec0558d1d6eccc8f25d1207f75613235a48b813c54e47acc
SHA5129b415d990353827a0c02fa8358e77e581cf5cc21766fe2e3223201e33c9a6fceb4e4df06fc27876865fbdf536df556a7a51f5b9139ecc72e8b7fa73dfa3e2fc6
-
Filesize
2KB
MD5d9c176daf017683df6a5e104460a607c
SHA1ae61d9de457b3616b8a6711a5072d0d1b73548db
SHA2560539e2d1c85c41c24bc2ad84234b2ad47359ab01f206d3c917a3da3d48681bf0
SHA512cbbccf8fbc25c54280204343a56e67acfc1e27e5fc4f4cfba4ccbf842562a9b6db22c3b6ca801371727a3706df721883804be6635a24f350b8ac9a6f46b2d8e1
-
Filesize
1KB
MD50899cfbe14ea6ae038d0e27b27db51ed
SHA1c14ae006805aa9898c809bdc3746258439efe862
SHA256be200985a4d00119fde01843bcabb67f6c912bcba99e9e827f50e7453db975d0
SHA51234cd3934ae7a7d953847f9a9de2d785176ef36d8d03ee061901966f1e3cb47db8928e185303a63eda79ac183c3a2b64d3c654c778f5fc82b3d980e8187864600
-
Filesize
3KB
MD5e0c3b5acb4caa233669737d9f11c9b01
SHA1e230536d318afc1c49139d7d606a529587394b16
SHA256515595989957202248a58f210be9370871b8771cd24ef6ea51379469ab0e6717
SHA51209d1404832687bcdafda86ad105f1df107d76c779ef517b4a38431f41f8145773fc48d8239c410b083f0b9e2d315312d23f6d8fe058d2d9239d2bc6b788504ce
-
Filesize
2KB
MD59f26cb71bb1c150fca77ddcec1cef98c
SHA1229eb0d707ad1f7626d965e72f2c594a83b57c22
SHA2561ed5ab97f5ccb53a0ba8ce10374e4cf12deedc45d65395613a400e7f378eb645
SHA5124926ebe5927fe2d50563ab791231e88a51c4c7f770aa11a4d9cd0519d175053a74bbb3b20b486cda5e9e2d41f541252b6d99664808d587bcc29536ec210bb540
-
Filesize
5KB
MD5200d9128ddf72257925bb62be4ab3026
SHA13d6db8ceb2d18d20d62031696fd022a8d8b202b3
SHA256a4904bd963f8c4254a5528a549fd7e86454b26b8623b264439e9dea69ef8697c
SHA51233ddec573d9006ff210d57104d1d5df5445ec5ca93e7639c369f5d7ec4af7d6e2db8a05a948d734014333bd908b1c898aa4ddd29c6f74df519bc64e1bcf92aa9
-
Filesize
17KB
MD520fb3ecae52c18ad3726f648d2fc6851
SHA1c5b8f526db6dfb1b7ba0acacb9fa68391c4b4b32
SHA2566f68046dacf01769a83c351ca5aca5f5cb7479b198c707ef594b377f952463e6
SHA51298a8b1e6cdf8f4b764cac35191bd9a41db7706c0a3a84a3a7b5814415a6ff24e69318940127ff3d9cfe79e81affc6f67b2799c6de4469421ea073ab537e4dacb
-
Filesize
320KB
MD5daead765955f118b8a60120f353c64a5
SHA13edf4d6b1058727f71c6b3e5d761c6e27aa3d235
SHA256994822fa113c9c1904d2a1c9c30674357c3a681e69862395f1baf26200dc9c5e
SHA5123a643e0058e2492ccddb8d9475e27b3029d1b9200bc22c0d8f5312a02953408716bea8421931ef225f6604a3df3a87cc4794d27e92c55b7db7ff9a96484b9419
-
Filesize
1KB
MD5a0163b2abb3b3e90b6a8e3eb0ef1e55b
SHA1b6411ed11b898451ff7269116629f57d877eb0e6
SHA256a221aa8f286580cec9ac2cd5a588c317c093b7d40f9530d985e05b7217344723
SHA51204a0591d340c17da9bb8b7586cbae99c229d84d2a18f8edfe08af9dd5c345e5975073b06836c44b44a0b703fd300a0b1973840aa200f53ed72613b4addce0a8b
-
Filesize
10KB
MD5a9e7a9310cce95c6c0e5df33031eaf37
SHA13cc074b67643a9d7eb9bac0131134d86ee887c2b
SHA256dc67334587701407e461ecf9d0532f6931199958ea202dc1fe41d28cf3905a8a
SHA512f0e4fd83cc851faf2e824375c4a44cc3cf416fc9a443b0f985f31fe6dd4a2b47e1db364172958049c30438fbaceeeb5515bb172aac593557fe51b88029a58f40
-
Filesize
3KB
MD5313ec3dbc6a796fa1d5373e3c2b473b6
SHA1f10e258611d59d32ff7c215738709df4e498f18c
SHA25639dd47628e1dd7920a46669d73a55213031d17b6cc7ece385fe88e76194c35e4
SHA512048a15dbd88f19f19c070946a3bdd21e2fb18d66f9208f5acb4ce25a927dd2c890772c6713b9d04de44702cbc00d6ed391676802a484b4501ae77f441d49cd39
-
Filesize
162B
MD549cfcb159a5fa8d41a154d37967c46a7
SHA1129fc0d95db37c1726808ce066d92ae79c3bbe35
SHA256457a7842888d2746c665f2ea46426913a17aab3181ad76435b85d1b08d6aabae
SHA51242c15d7d87ebea8379cb25e91f57c7ce292b7571d5d382354d5406d3211e9852cdb106eef2dd57a3201452d3351758b16a234cd98b3fe3362e3154c0248185ce
-
Filesize
1KB
MD5610d3032fc6910049bcadf5f6f530c7f
SHA197b679d5c0e6321e4fb029ec89e0aca9d5705f2d
SHA256abda6dd6a642baa43446675e3619fe80810c491d7411775dcc10f99827db5ff1
SHA51295bf9f4b967b39c6ffabcba71d1650171f44283cce06541638582f8f1e82178b3e55397f6b7456a5fda967d6c4eff13b0c545c5a6f48c3a1effc2fccc35ff044
-
Filesize
3KB
MD548acd90f03a6e7d9ca53111ee6fb38b4
SHA1916fb9dad49cb780d7467a7882fe8b5ae6255354
SHA256718d742aea15898567a0811ac71f98ece5e4d7e393e3928eee3bcdcfb6d1e35f
SHA512f6600147165c5208ed919c1c0282a8bc7b9ff4f1fa1b3f8dab2650200f252b9347f372ea52dbb9d3f37b1e70c444329c8e28bf7eeb4f80dd15b947b5bc96a5b6
-
Filesize
1KB
MD519e3e5572e2cc81db05e2cbd690447bd
SHA1aeb53ce535c306048c870c7627ac4f244f1cdb8c
SHA256daedf55f8b2878ee3bb707458838627422d1836368260440e03d030e683bd6b3
SHA51247871af4872843b322ed00a8b5235892f429b61137ab79e75d4756b586b35cfd9667aaa461516c747e69aa74e187968f624a06ed742992a101e20292af39015e
-
Filesize
28KB
MD5dc40bdd70417812ccadea7e25987a42f
SHA19b40205fae51c88566d0a4f76abc1e0c77d9ba10
SHA256f18cbdb53207175c887697698f36bbe53bb7661264c27aa77fd81b4cac9ca2a7
SHA512df213f89edfb748ad7d96a54b912464094f56d7eab6932f91a7c65b26f5a572e7231c24561b5548aefa8b566dcce98b7f487124190ba9bef61053cd33b3a31c4
-
Filesize
2KB
MD5160e3884cf7c57905b1022a97b5cd8dc
SHA102a44f32f5189409c313a7cae02c298d662f927b
SHA2561cbd618e2a08df7e5ccb466e61cbd87d5455c7371eaa0ff7c285b8433c48f0f4
SHA5122297d70097eecb2320df6ff19a80fe680e588a72dee3502853836fb0cbeb34736b1df24e150478034f8331223dfa16e4d05af14a10e7cd35988174bc6afd85ae
-
Filesize
1KB
MD54196281131b7a5ebb2f7ef3a27923f8c
SHA171261745ce5078fc8c6d6e9113d6d397dcb205fd
SHA2560b848cfffb3f5243948df423d9f3290217cb299cd5abe8ba374d76cf0f4b4ba1
SHA512e8d78b57adbd543b224550f5f185eb060d3c4b4e19da92431dc6dec4ab7ed45318c877a06ffb672e7c2b538c05d754fd1802c98b58883f1cc4bc3a0b1e804784
-
Filesize
2KB
MD54dcd0451c44092d7af7834f79df1019a
SHA1f24b01392aec4b71ec28678b3828a501ccd86f7f
SHA2565759c752f79425df555c2a4d82f5289134aab3e41f06ccd4916e21ec0b575662
SHA512675d286ed58e45dcc8624de01f4af104a45992e6d41bada8bee415a4d21b48876b45e4a62336c96c850c25f666d3fc59babdab87fb26a595306e706c429be3ba
-
Filesize
1KB
MD5c761ad2825eafecf52267cbb1ff777bb
SHA1f2a7e44bfbfa18948c7fe408f6d65ee8f60ef9ec
SHA25683fd638d0a4037efd1860a4913ca28b0ed0617d13d3bf8b1919148f38dde1066
SHA512d19553d6057eee492ce547a81e02f56532889d0852235cdbe466db6ba58168ec4001e7e30f5260ce0bb13f72c2d50aba85cd0b3d7e3b7a6a24785c301f3bc6bc
-
Filesize
1KB
MD5a2fd6e5eb5234b99c929db8c93377bd3
SHA11c4795a1c1b4d536418025c78a5ac3347d43bcd1
SHA256ee92d91d2155f0f3d2483528ed33103a98103bd5577e4ec97a595ef96c95b665
SHA5122d7c773b1a8eb0b4af94feee9da9faa865829d91c9d4d2b1d8ceea7424a32b66690c5d6eb13151c02d18e74a27381beb6ce58415b771e8aa0e91db46020b25ed
-
Filesize
1KB
MD5596a8b307fa6eed0211059a8a8002257
SHA1439975da02caf8512e5c420cc38d78dfc0dd468d
SHA256a2942b3835612e62b64b1302f70d36a9fa37ceb7308db563eece0d1907b9ab23
SHA512206a0b3e03882760188238a05b16b39d7d051f9095f2d3f3bfd7f44642ef26c19386074d8de7099a37479056d4e344bff9e35b4a626e35955d4d0edebe4c6b96
-
Filesize
3KB
MD5ac09266c8ed1a8d1a640af3679b09ef1
SHA11b2896a4b44331bdf517d2ad4ba1cf96291c64b0
SHA25699cff614c7e91aa40debd45e92c5d623846ba84827d41c49b1ff3eed2d85ae30
SHA51295bcbaabe70d0e4054a6d041d814800334102124301ca7fc0b05ccd5c1f4e804fd96c0a6842e27cc34db09043eecd109c03aebc562d632d358e5ebab783c817a
-
Filesize
2KB
MD5817b6646fb356017297b3d8f99283382
SHA12577552253c93a929d4a79f2cfc872a1a7da6870
SHA256953d9ce3cc40835c09fb1a9f638e8f3f8d16f7b7b6a171d03d7fcdb92deda070
SHA5129cccbc7eee30b2134da7908e9de33a429accaf88c0e84fee2c101ecc9d7489dc35f9ab2798f145835d70cf7b6b69eacce47df5ba091e04dcf622fafa6cae7e6d
-
Filesize
6KB
MD5bc45f45910fd3321b1be6bc5ef982f7b
SHA119a4c74754bd353e9637a8d9c3219349125794e3
SHA256c8a7a43d40761abd1c9fee06f7e5a2ceff5a157149e7f3889968b46aad5d9d5a
SHA512cd1332e653666129c4dc7c96bcfc6e4ca94ba5dcac46644962c8e2a9e50ff999764c022fbcee96c15e69e2d0390876bbe08077f636e89d0796b6b318685e3df7
-
Filesize
5KB
MD57cf57b91c7062c567a573cff5699037c
SHA1e47f92dda9444a7b7e07fed430b32412e398d7f3
SHA256a603c1e5b179e7cb74a1e7069ed4694c6d60eadc8be5ffe43ccf6c8fd03a0686
SHA5121b3600dfc7d2f4fe8d4197839d3e6453f698c7c548b4169b261700ffc11a5523c67f238ad85ea7a811a0b80c85da98bd1b884b64d2bb57e4f5eefd5b9e7c1a7c
-
Filesize
3KB
MD56570d207a77c80355c6bd265ee4ba1aa
SHA1085710484534d4f2d28f6e8ecd962ea458ccac83
SHA25683a5111c71d58b5f4629165e318cfdd713e1b47393c89c574a56a363ca3e6875
SHA51283cdef8400bd82b1fdc45c2f335d42ae63fcac0c9da475ac48f84252a05d5c066f22c5215d01e8c57a924e9c9e8d21a51738c75e838e2610c288eb851087a74e
-
Filesize
2KB
MD565a0224f8fb5f67c732b950032f418ff
SHA1197cddfa8b684f8c5d65492808943c857177ccda
SHA256b57e220ac9f219bdfac607116c7440ca59ef400c47905ad96cdbfa891e6a48e6
SHA51270b64aa76599aa8d0e430b0257da9df93e59a64489f181fbb9dafb3d5f4199e8b3c298b1c60ae6af12454b77c8c02910312bdd67ac3ca40ab7fdde1f2681dd1e
-
Filesize
2KB
MD51432b76fae28c4f86e85240e7663609f
SHA1dd88e63ce22d34bf28543ab9cf08f78a66c9320b
SHA25646b44d5c80942f828cba7af0ba93d4529bccbf31ab27818feed50141d0be8a34
SHA512a4b76137b27e2c6d79165494b627b21aedcd60dd1d3d52f3552d503e3f59b5b798537fdde66d60073a06d13de30935c6fb32177d278d9efb340174ef377afce8
-
Filesize
1KB
MD55c523995707ee2bb4d8566eac37f4d45
SHA14657f1b05e03eb7f6d9346e7a1636cac54d52d51
SHA2568cf242d90414a7a2557faebb8612a1ac3c03762d837a7aedb069851ec4692353
SHA5127fc68b77979b6b5b6518573f209746a0e9bc95b9856648eaab0c13d4d384e1c44e20c3860967f822a4244d1414f6b07e257b965c671c97926fd0efcbee65dd75
-
Filesize
1KB
MD5000debc8dbb9c2d6897790ac4d71d1b7
SHA17a9b143424eb2b6c14e96fd7442f1f8d9692caf1
SHA2566d9013ffcf04531acec1fe354dd93f9e2f26ea1a8e49a56ca19f75e515eb1c92
SHA51214f3d83ba41300e77446773ae33e00d06b5f32c3a236921d706eb2658e8cab04552cf20035395158533cf8e001752ee6f4497675db9a54728f3da57a443289ad
-
Filesize
11KB
MD577a323957f5ac0cb5fa6d75bbae69198
SHA188d261d761b53d816fdf325b7a804f2d456aba51
SHA25636d56d9759fa3324975602cfc2c389348904e993c6e5839eac72cee477d116ab
SHA51287908d7f571b4467a59e39854054a3512a13bbb4df3e0241277d4ab41de380e568a5598fd4c2c3185c8367dcd75d5268d063ea0d5bd36e351252cbf7e0dc9373
-
Filesize
1KB
MD599e3ce576ee391bdfa3411f19ca11b51
SHA1d7aff617d3fe3e0e5191935b55ffc22c68d9f324
SHA25686bcbff243f6e10ab78355708e5752b7a808e0e64ce1a2b798c9347fccc1bbd0
SHA512bb873349a1f976ec644dfd314a911b4baae60dfe10fb220ac7292a95ba907e8c1d91443e2b67dd53993dc1104c3a2cfb64ec65a7dadcada13ca98da0a6c395a7
-
Filesize
2KB
MD52c8965472813395503b1eda9208c08af
SHA13bc2b3db92d2afa5839cc89e1062a3b2cd6d8c77
SHA2567d8a4cb3d78532ed92e1ef4b34764af9f6a597840796b3b1fc5e0c1f44f00708
SHA51220687dd3db139da2c70367d548218ee6911ac06709825a8b9e5a0c84a911ab676b48a76e3856010554e33b08891925bdf0192b45c67814a5a77c988736eff489
-
Filesize
11KB
MD51682b2c1e732533f2122dc59553016a8
SHA122ab4fa23829a88497f79ad66fbb04e1163601e9
SHA2566d62615c134898333fc63370a341b4f1e2e312b5ec34dc73e219914e54c93f13
SHA512b830a4e86e6a893224ebc3b884ef87f070e0eb913d23fd0cca25124a78d9766d108839fcf04f1ddf85c0ef966883d3ab5356550547d8f4e00a481f8b5e488cbb
-
Filesize
11KB
MD5a38de526b19c8c3c23faaadbf46257c7
SHA1ed362c7d9513f2fbf764194f568a44575397df66
SHA25610d2e249c1f6ca70c84886b22c8feb85292aa86d2c71ccbec48490e13092b56a
SHA5124e6109a8b34b662ce64ae6f458120176fc58177bcfe20a226b3a5c4020248fd95f04a017d4b94730edbd5d350c29d3e5eb32c157d902b24babd26d46e28e3c15
-
Filesize
11KB
MD583252cccc53d29eae00137672c00491d
SHA1dbd26743c5fd001c9da74f95d731fdb3eb0de8f8
SHA256f14dc10d0d06c5d8e1c2c04ff3ace99a5eaafcab2f3da235268a36a0b5077c5f
SHA512da7a686ffc13119a17dd909afaa1733cf600c38e0b62510a5e00348ac8293fbd462658be7c9b164712c025b11b94ac32681767ea2c06f7e5f041867810f10a7d
-
Filesize
1011B
MD5bbd75d373584f54029f48d979ae51165
SHA13da1d48024f30a913c4f91a3e05726c2ee7709b5
SHA256b98faf25977f6b217d9297189bac24177f57c92c871ffe3cd34289eb3516115a
SHA51236e83b00b748c41d5caa9de4974ee905d7a63852fbc106c94bab8e28adb2791b5e133a6203d8e38e92ba79678566d5ed32341289a12ae4ef85f539a21f3453a1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt
Filesize77KB
MD5ea1f4ec79c748b1ca6c0e2f46146a0f7
SHA17edd19fcf4a874a16d64c4590e375fe7d38d9a39
SHA256a422d6d6b7ec6d34f600d922dea9e40a448aabf6369b9fcb869ab8fe36bb8675
SHA51249bf5ddd1e5e59a4afd4bb7aad914bf8bcfb03d54402dc1e661ac84afd139cef6faf2f74bf7cd539838a227f5ec4970b8cef97da277f7551b848905814583ceb
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt
Filesize47KB
MD50748d825c770b2cc348d49706326ae2f
SHA1057d3590c2d852231c819a12e63f08a9643c84bd
SHA256b48724c3a406ff2a992ee28046aa392751430ab5739430a6200ca509f4f5f3df
SHA512fd2534d61fdfeaf1023d61c35dbfe89b06add2e323548c68c6bffd2d8a1ef3313565cd3740afb8ff993cc74088415223d83ae236a0ae1d0a61e1f9f6e9c67274
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt
Filesize63KB
MD52862e579f078cd82bf90264a0007390c
SHA1da8c9222909a1033e8e936c20186ef006e58435d
SHA256246b3a6336abd8d09e0ed12f099e4fed450983aa79c200e23f7f1415e60af61e
SHA512aa9c5ed2273e8ed31913efe83e539fdb43e1e3dda538b7059ee324df80e05b31763b8bc682036ea72d6be752f2c9590bd769c45da73044ffb6d16aba3aca9cc0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt
Filesize74KB
MD543e322cbc1275b732c489c0acb97b12c
SHA1eced4db02093ece548c80da58f10d50b4a8f4e62
SHA2569475e7a1d90581da982959cf0a1db743a9a7d96c1774b3f66e1ff08996516fc3
SHA51235b60eb9aaf3578680802971dbb15415a5c2c03fdeb2ef63aa928c19824c560cd68b4a23cb80571a5f2cbf135a65eb011473d68c19282ef19bb87302f2699c26
-
Filesize
7KB
MD5dbe9a0e8a0f3581128d9cc4002fcd8f1
SHA1ff196b5453f485ae4b35e6c46ab1aa38c627fc20
SHA256f66404a3041ed40e2906ef1228bf5b7532b8ac44e8f8644780e0d310abf9a07e
SHA512384ebd9bbc2491e01c63ab129ca0e4f27f8f5332e669e2efb4eb32bd838ad71f4b8a0f9beb042fdd66010a9703e2628728fe84e9a2b5f4a77074ae69854d9975
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5bc0543feef825989e9272341de01d292
SHA1bf45748630518a1761e005d71c4ff51fd5b93ed3
SHA256457be74ef0df12dfd63e662c3ff921a2e6c0e455fa23827e4f16ff7ec30396c4
SHA512239d334ecb624b73091e7d688404901f11dff82e8d91b5a9d69a5fe86f8dbd234334830b77e9ebc827163bf65ada4eda623e600aea6e03436c06a580696ede34
-
Filesize
21KB
MD51d550eef416d4e2ccc0c62d77195eccb
SHA1a3e579ea7af45c8c9fe0dc3809133f38d1692aea
SHA2563963c9551108e254ce24f279841252b646ab303b9c72a1fe346025542d2316a4
SHA512de02e2b58719f71032cf36f1fe319adbf23e56e6a5bff66eed6cceae517a06658812d8dee102dd139df4f51d540d5a314e22ac7e2a13c82422b3b52f87bab2ae
-
Filesize
1KB
MD5b47519529e24511ead82f4aceb27f649
SHA16433c14f4243f25e765ca57a316e7ee6c7f506af
SHA25627d6a7a39fdb3a11940de3b3a16cac0cfc86788889f0d5393812ed7a1b41ad65
SHA5121d84e093518b4de27109b3cf874130e386968253edcf5824329dfdd43ba814972e8dc3fc7c25ab75d4f69fce5a22b2d253fcaeb4909246781fa3c3549f4418eb
-
Filesize
952B
MD5ae0e012745efc4cbfa0206cb22b68746
SHA11c94558899976959f43512bf3ab84fe110e0bbf9
SHA25642221bc39107181cbd858cd2b8754a93b52c925a6bf2bdf220b9261d628ecb7b
SHA512409fb6afcc023d5a163ef0045ddb496cee59c84c8877b97727b27f3f896d91cdb5bc621f9ca68a4337c84ceff136f5b5e64ebc46b97aac999fa296351f34ac26
-
Filesize
121B
MD53e3c7c94974d18a9c224a8c1dbcd88bb
SHA1f33a6aa5f59f6e38c6a80fcf107364f2eb53a133
SHA256e867f90e50837943993fc09be6a630bafb1a5bf95327886934ce98e3156f02c5
SHA5127413d38ceb0060d997d5994a1e63835213d7d682ed8ac383199554aa3ac4f8751723c59f4203b9a3556060edda92c8c492991cecdb336e33d4d82477ffdcdbe5
-
Filesize
1KB
MD59b1cad74a64c630a6592c798c380eaf7
SHA16f2a9b73e83b12fe891013343ac4b757eab7b6f2
SHA25603ebb076adcdb0c062743045d9ff83414dc68e78c0fca3eb7b5235e8d8653051
SHA51253e05eeab3df374def129cdc97b6249ac37a6115323a8b53e6fed6a1dd89e46b7b24198f6da73b72029279c53a12811000bec020fc32bf55a166953fa2f876bf
-
Filesize
8KB
MD50204342a86d21c37bf24653cfe330980
SHA1923fc65d09d5d63ec5be906390fd1a1088f97720
SHA2563cc4e1c687396f716ae961c8ad64595548a76aac1617b9fa1ad576924a53d844
SHA51279e9c77621b5cf7759d67b6866a712fd0e16f870a73956e507e233e5d528fd93d88bd948d6081d1d53867e00ff0a0880c87b344101ecc2f48b3ef7ec948e9da5
-
Filesize
914B
MD549699ecffad26438a52e687f5f0a4189
SHA179dc42d0982ef042656c618378a2e8676dc88962
SHA256bdd0c6b5093730c4df29f2bbf5f9b007e97b4dfd7f221ad8347cd27477bdff0f
SHA512bb9d4b4d544c68d6bbd5529119025d3be89816c1b45f7afcbaf16b89c55e0d368d5f51b2c2d89463f7c4fd113be3fe456d6016f4ab4fd9c39850b0814a19d0dc
-
Filesize
328B
MD5b751717165da6e2f687622dbe20e5791
SHA1c641b642cbeccd287a04522d3290ee8d6d2f6969
SHA25661c27a9d473cabc210445b6919ec0dfb931b256390e930c963ff5ae980745ee4
SHA5126c1a4267bd58c27ae3fa2c0493dd23a9654c73d3b351cd61f72a12b04330e31e9f5103573241727d975275774c799f3ec652f3b3fa844e6f66edccf3146476df
-
Filesize
1KB
MD518f58805f3e99546c67a9e3e76871d69
SHA1abb5cad137f91cd887c4859146683d8e24cf9394
SHA2560ec51e097c5facfa0cde6cb97f2bc26fe67d389d8c0262762dfe2aa813200933
SHA512ca58022db48c993b7e6ce7ca58c0a512242abd65a1d8f4720050fa2f2f54444674373f1cf153a9b5d0cc3e88e17909fb4f0eed6ef6cd27401703cbb6c58073de
-
Filesize
162B
MD5fd0e5ce8fa77f25d1ec08d459c452cb5
SHA13ecd2051e7909522863b666c74188e8b5e8defaa
SHA25663f290481de7a92626a314a18e6de78fd3e25a64add26a372fd89c5331318970
SHA5125f3893b6e9346e109c879633f5645c5a372081369d54c49f97429fe4fed3a7a0dbb1a073a7187b7369a1d1add7b9a926eac3b11c4494258d442f1126e8e1c9a9
-
Filesize
586B
MD53501830cd803c99515c67fe23ef843f7
SHA17fcd940b57a1fe309971011fd217e06a7562e5d6
SHA2560a498433e21e3e445395fd62e63c2fe8ce53e6acc581687ca7996ef43008ed4f
SHA512ee3def38ca3e2573c816be0eb456ed018007593dacf7e288ae42a9063ea0ec520de289cd7544d3d5f5237e308c76e8d7112ae0dcbf3917df641d6e5cfc5e0699
-
Filesize
124B
MD5db0248a00994754df9072639d7ff92e6
SHA1dfa8cf4b694ebb7fd6b8c2e39d26377346d65a53
SHA2564c213287cee23e70122282a42c399c626e6147983df77d8fbd9eb2d2f63784c5
SHA512d2dbfb08958b1223100795a4a1721b721507fb0c7415ba21e52d5e097138a5c4a4bb58c6876c9ccf45c62abf2f55eaec5197f3df0eb1ff3128f13dbd0d428480
-
Filesize
8KB
MD5bb2fb37e20c5170c769c90b81c58d35c
SHA1eec56868920024d27ecb4d47ba0a86d4b7c95750
SHA256429a85bbd9bfbb5032e01a0ec0d7a1376231025e7f60c64651700af778a119e5
SHA5129e5c50547b3109e03bf6bc6dcbc64025f2451c16c239787f71fa7601f1e3cc17c8fbd8b58f8eb4878226407b10973804317b9eb194e294f174cd4683f282a2a8
-
Filesize
880B
MD5ab9447db67233f45749e3159d6643d25
SHA17a7233a58c5faa44c37c8ebaa21a92443a583dcf
SHA2568b5c0e32f99a361acfe5b1782f547259da31192c1734c0f81915f7912fdc452d
SHA5122bb480e325ff56c08e32fcfd9bbfa32583ca46ec726dd0cbe5359901df0406e581e5d0b119b71dc3882a3308b84ec19715531854ffe777b6c7a3e0473f56f4c8
-
Filesize
1KB
MD5c16ec737bd948953a7163450e500cc07
SHA1f3f073e012df1ef8bd02d03a573d9316eac05cb8
SHA2562971aa567653d64d876eba4bb8228f753b453b13958c2cfdac41673156e28433
SHA512f6c21f1abf3871decd93ea5c23749ecb85b0d205514d4dd3bb665afdc6efb884b5535c57b09f8383e9bae46394c6700aaa2cf0c5f8b811d4617dba779e759aac
-
Filesize
1KB
MD59e38be37e7d0b2d4e7a889ce7d8a05cf
SHA1c887d92b4c894ebca5d12e9eddb9bd1c8921ec5d
SHA256a20912eb25676ff6d16fdd6d2ddd7508215dec8403678dc25e8bc02fbccf2995
SHA51247d16695cffb2e5630885e9051d665cdb9bd77e15ffa86f6054c8814f9ed360a68879efe4832dac9286753ea16fce662351ead72bfcfd6e06f8ce2c1df577e24
-
Filesize
1KB
MD5857ce9fce4d2ceaa83ab7e0ee85e4bca
SHA1f1706cebc185560659e41aa48454fa9ef43cfca2
SHA256bf99fc663c360d804e3ef49da5ea6161ca0871f160708827eea0b891452b0b73
SHA5124bd637ed3bf7395f1df8250d4c5ab2b9d23315444cfcdc88b77fcd7fe3f68786d692a2c9a6b4ecb3b0a00b0e8327ab1ab8a6b2d543e5732a6a2eb3f237ce55a4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5ee221ef20cacd976b7ff4b7c6f07e922
SHA16cded95feba5b656a927dab27d6dc8f563079f9b
SHA2568f652534e1e6ae3b5ae6418131d3c9a4c716752e0b219f257d346ea4d69ee8c8
SHA512357c0a6e93f56df82ce74788d4e075044fec39c5dfcb953d179a79a5d3be5f4791d6e69df443d8c913b8d7ae98e6db82a718e7f95e3aeedd5ae2418562b4d3bd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5b4202fdc83746aa1f6bc3d1e4e047409
SHA18d6aae0d92976428c6cf38ef40e25e650ff8983e
SHA256c19b7531976ecb9bd7610d5966813b2880827a6d087664647712194e1e2bab52
SHA512469a0238e9692055a2d6605413333f53014737fdd5f46b665e5a3d4c5af31d2200814c68179b2c5f6bb5d1a687999e55b1870a01012d19c520188ce7590d1706
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5e9c66de2dd7f49ca8e40ceb0ee298f1a
SHA1f2d12170fb93e5dc7b7b0d740873bcf7fb8f74ad
SHA2561e573fd04628033a85a7579f7bbeea48dab5da826e8b4d2a765f7b0ff0ca4dd2
SHA512469732ff2284acc917c59d137b5be972821cb03927671c33ac4a09edfba530c9ee615d6b7a0a9dc2b9d723692e3359326685238e7c96612cc76b29c37c26a192
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5da178ea31ab43a9841d4e0889943d5d7
SHA1c0f786028ba2acfda696565e2d945a3e7e99b58b
SHA256640d95742db1cbecf5ad3af44c3ad34b82b43958f5884ceef509fc3d6268daea
SHA51213009c3bfb0489d230fd9c8ee5444c7eff4ac4d18713b56f8d52ad81f767e3bdea463ff62b1ff113c1133ca90c6c0e0844cdea16fce57c70deebf3e348ff909b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD51c7a30224b77775d26e3dba317ed56f2
SHA197b0ccc66c056b28392bd756b3ccb6d03bb56066
SHA256eeca18f820b09e5a10a40c0b57fead88e6b89525e4dbb07b3763b1ff8e2b5a8c
SHA51278e16c8bccf23744ab9bc6219abb3899d3745869a5e12cb2c034dc1308d0f4a07a47a01686524686062f64bfceeb3d8d68429a8fc7f4610c6761c36d068b2e70
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD56178d96df19ee979c0f841a41b3d047c
SHA1ca02c88cdbb0b4361a9fa37a8e708f12b5fc9176
SHA256ae7ec5ed1f760b0f9b12758cd0fb8fa0a9ea2f95eded4041cfa56cf1a907c074
SHA512c3b477ea155a5229d740b35351e7ea6f791ea22a9bca1bdbccf2d1c81fb112025ab150573bb5b4eac6832ac1a7c3a682c5f8fe94e757324e5b0a02a311c240db
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD57a07c9561836a252c88946d28f6e0479
SHA12e1a5b483afa3085dd53a21e614a8df26bf9cf8c
SHA256a58770c005a35721fd9c5e9ed3e9c72a994ababc328af3008523b7f603e83399
SHA512a4db87d2c416d49302e22f8d7d35e3de4d014733e1b2aa424046045dac890b33f6cf9c41a4479bbbd782a0375ab9e6cd7267467e56266e7cd574de7d1957a498
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD560dd511b8dd6312dc50026d1047de0b3
SHA10e59da7f453e7da0b9f0bb6905068802a248b225
SHA256e707bc26615d7867ffea60667403750a10e3f987b50f6e8c9fea78081f04852a
SHA512468f48a6f40cbf13daace4e9202f43b172ccd11f95e776d65ff4b1a17662b10a654563dcd4ed9b51a7dbe1c2fcb2a691a3fa7d92c2685687c70e66c7d118f31b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD52a750cb87ab92317f39388a86fcc17fb
SHA1be8c80098b0610ba2973a93067eaa8079d291525
SHA2560ad12504709b5608ad13867b281bb0c5a3a3b0a151c8f4b949caee24f3bdde58
SHA512fe34e4ba37cf218d61c6d9f8b208ed672293eaf2b9944cafc2a1c9924305cc1ce90c1bd2e86c5698f370d3c462c58ef3cfeb295329b351da38b5c23daab4bb08
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5484f828cf872617b14682ca823f13abf
SHA1e244462464c71120dfd7ee2507d81db75e55f2d6
SHA2567df8809ad0a18ecda4806ba1dcf9eab6c8deae722fffc0ef4dbc4751343e6c53
SHA5120c1e9e71caad98eb009a9bd95cc3bcc6af1a7597591ab300b16a65f5d522e04fb43f39d86c26a09feb1eb0fdc16ee20f2cabbc0049ee01510cb3d37ca43d6a70
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5e7f9dc88aa919f68ef3e985f87ec0615
SHA179985e6222d05695af97d86c0565e6df2b02b4b6
SHA256575c52cfbe5135c018fe0b9ebc5970713004aab9fceb4716bb358888906a8161
SHA512370c8e47adb976914e5d16600722481fe62add47002cffad6b005a6d20ca8ec28d26aa4bd901d2be07e9ec23b11a1db2d0e49c2a8919837d8c687f4df1c26c55
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD538a1c2bf8ac22274b657744ccb221f4b
SHA1b40260fad63f732520c8d86663002e7ce11893ca
SHA256d131b2165a47c32d6a44864ccf957c68954d706724b51078ae0d04ea5fd24da6
SHA5121396ecbe34ada2b4688200114e0d0dbad86dd97060ffc6145318c81dd5cf1d238b72cd475509f0db09816ffe21fc2477f705e6965efaee3bbfb6e0cc6d2df939
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5add2b89a97e5baac673d23ff1c5da76f
SHA1197c7b35bd59bfbd6db1df795285ad1067d737c8
SHA256511c47680515bf8a6f7dd52a4fdfef79cb1739dccd0cedddc20c3b4e8bdecd4c
SHA51234c4d9fc035f7baa4705957e034ee5b22e210b664eba2d46d8bdace48078f1f5a9fb719f3554e40ff55b5b75c375776e83f39f3b07c30739e879856584e93eaa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD57d5b3c69e66f3c91d5851cda1fb73f7c
SHA10e934bd62b6f36ffe90853a90b843a4c72f06d2a
SHA2560d77776be3d4a0232cc5e6061de4163f7980234f5e24a65bc4cb5653a32cf2dd
SHA5126bb07753ff23a73a9d0211b0a5fc4d3360c6644f1aceb2ee46883e3b0b255096e3e8d7cb0762aaea2c2e97c1c42467b8aa1efe31a0e5994cd41080d14b5a2de9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD518a1159b9b2f742ce2a9517127a22fe3
SHA1408ecfcf8d95bf724c7f7fa79a451872bfa6c19f
SHA256fd886a171b524c7185a42632be77efb0b7fdde152170e647d44817f2504e7c5c
SHA512015ff5c35b866884f116615f33923a258826467069b22a9383b7716efce13998f1409e7c4606e7dca9d02bd23d2721848f0b2fd4c403494496f83f8a20bce9b0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD54e9ad3e84ee68736d4fb6b21634c566f
SHA1079287d952cfebe9187419060bffc6c6a9aec938
SHA256e1729965fcc842f6db6a6f2cfd58ceb25871c1ba58727d4b69409ed5ac62cddc
SHA5121329816d4e14efa99b915e0d6ea78f5bf014f51553c1b0a50e6107e8228c35492d0a343abe75f62fba4d2b6982d7f07136ca33d7299ca1d6febbff559cfa64e0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5b1bfb9f8e53fa6805fbb0329923b0fd4
SHA1793ad3dba02866e1e8145d96e507caf9ed129513
SHA256ea3a0c5a7f84fd11cd3f6c3ae9c8faa918fc10818dcedb4f35d4eaef55797578
SHA512f7fb8f6320ccf9cf2d79ef96e2214ede517a4287929030b98f533c6a8e478479291387ee453650aae76fc1a6a6f5fbe772f56ef6ab366b43f920729c237b030d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD59a8011776f3ba8e6a2e4b32a4810df43
SHA1c2b9371f01476ede6b4712e9a2822dc87a6ce498
SHA2567764d5d6bae944defddfa1a1b41a77978ce6b90060ff91065f40b3a72d3f4815
SHA512d7363fac025935b0f0283af65c55e933cd299de2847e6b46b0f99ea073b29c5d4aa95c1efb3059a9e4adf0fc10a3d74bba654f59bda5835fe5718e4a7b405bf5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5e95e6cad84527d3991ea0ee4181cc9a8
SHA1fada076b5818baa28ff01536795a038bc9b70fcd
SHA256d242e267036f5f2c6c3778ee70f3b488e5eff6954fc8dbe634cae4c0cbeb4f73
SHA5120bb069c454c92b224f24d26a86b56aa09063dcff881cb16c7335129bcb01ddd6f3a057a5ad6eb172eaefe9552fca3f244ba7bd4b146704285481e582f5311208
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD51129f09f6f39c43d5250269f4ae20801
SHA1a098377c74ae4d01e2f1adbd1ddd15dad02edc23
SHA256d7d2c442f5c352c10f005000b261b701eacf2a8b3c0b7b814d7b387b076dbe12
SHA512a771ea33f2930547c24c1d23ef06dd4cf896c0447ec5dbbbad48851ccdbaa1ce661e492cc7e9a3f8d335f14c9233e16ba60832e66f4f8b74042f29fc7bc9d685
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD58f08910ac2537d73dfc4fd2c7bcd2b97
SHA16106c4f77639c72fb5da90c36285d5b2e3468e22
SHA2568b6d5f80340b0ffd9b8204a8e556c42690826791b2b5f497738088236715db6e
SHA512597a0d5edff8973e576f94d3dba1137d6242323b4d27d42d57f4c76f9f9175d8b4e25e4787a2fd7c27619354d971cd554ed06cc0dcdd0aeb8b98b7bb2f3542a8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD52bf8787e1e79ac7849b81be3aceb5e5e
SHA187ffbfdcb3288ee4251c73fe0c067b543a04a381
SHA256d9b100f483c1767cdfbf4e034cef35662e5dd1bce32fdbcd3b583dcedc0d9056
SHA51266b6969e0b47f57cc23fabd2bc3fa8320f328e5c803d1af5e46b461101ef8ab635c6abbb4108898d95b5aebca6fffe55974018bd7538666677cd8dccbf8ebf40
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5fea4219b65005292d5b7a63f1bd91e00
SHA152ed051084720997271c12188f3daddf4ee210f2
SHA2568e40f74e041d1d05957514c8b111b6cb55b8976b631d81527f3ba6d62c2816c7
SHA51206c7da824e5dfab25123e8e81957dc206c6ba959debe8fc7b0cb9994783bd29bec28fce0f8e41d39d249cd5308b29a6ad531d5b6b912546ef208e834db2e2a79
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD51a42c2109c79390382a052f09825d0be
SHA11414e870f0cf3185b1954d25ccbb7307704d5266
SHA256f60b80467dabfa68977341f46f019fa16de079a085b6fd33bc36ce6f2d32b6d9
SHA5128ee854f90cdd27478b53c884e2d1e222a5f1cb77937ad84f085b9b0193c8081439c7939581babf54256023ab22cab93df4d5c365c6889cf59df26174db94f5dd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD570d2f36425b958820a672afb6ba57cfe
SHA1f7e0dee3dda8760f30cba5b88c22af7df2f3c6b1
SHA25623d034d64448111a48ee53b56f1d9154d3bb56b4b733f11660ee2d0b44b3d932
SHA512710c867a2e9d010f9d797820b0f46336b7d7dbd9339b81c1203d71653b8bf66127f7c4bf91ccaeb032498bd043f6639a2d77bac604e65659a9232b0a12914edd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5500e2d6b6b43100cc14b2dd2813358c7
SHA117a984850224c35bbbdfdbfa5a4465da282510a2
SHA2567ac19341530902700587a414dbcc12cd6c20d9422772a8647bc27a255d2f260d
SHA5127b399b9b65151e7795544215f8c07b228ada7ecc63768d9f1954903dc211a9a7eb2ec1c1c6e5313905ffb9690326b8d884606807e14e5b0ec505c794b9cabb97
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5119983a796ab23ba97882851e3a4bc73
SHA1ad9b48235713da34100f2279a55c6f2840c15885
SHA2564262a8b406aef0a76c8eba258df8b61d19a2da0f753e292beccaa9613edf6139
SHA5129c9ff429ee079400ac288594c923e26eecb699bec0961695bec4b2fb05d18b9c868c6acf4734992ffdad4455e6c6af68ea468312660b0058e1556a9b97d0dbee
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD518ee2d72ddd1e19ae0e65ecef421cbe5
SHA12fb769beaec6db51e66049e0233309dc64a798f1
SHA25632627f65f77f547027d4a16b8fc54a3006f22f8b327e21785abb3881a6884cad
SHA5129d26e02b436ff5bbe09f6033af47b66790b3f8edec73f210b1afd5e8c8275e60a36d40ccfb216fabf511a15e0cea4f9034fe8ac4c4ef4999966987a6c6bdb691
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5a00e203bee7e91f85ff54f405b0753c0
SHA1f65cfcf343cacfec42f4d9a693b0c9b3a84c1007
SHA256e10d7b9cc44c6c4ad6689eb2436a851a78cc369b808638da176f824965d9aa0b
SHA51282ac0e7a51609a229d1b2f4ee7f75c83d7f03205f5cc2a513f8a34e06464f96e67a8cb357164f0474b8687753e5da2b1b35591d2f4e4c974e678a56aeea0451d
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5a02a98f5bdf54ce7269efa8297e35de6
SHA12ed69c0a918614ee7ab816893f722a267c919ab0
SHA256864a5e762fc3afa17cd655a92ed7155532d6993c67f09150453d9c595f5ef4d4
SHA5128854b4d87fe07f6cecd9fa4a97f77445d67570f20f5a572d2598ad2a609c3d26f4a3747dd1b7be8b1803bb6e299a69e91eb5561b6952a352f26b04b48a9937b7
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD577638f8d17c59f60a6e68d94601e3934
SHA1e8a12145101b2781ff4a79ee5c8a9664307bbb58
SHA2562c7ef7dd04489cbf22be865558ea354df3c9767161bdeb8dbdb84dba9d92d6a1
SHA5120715be17b7ff90a6270b44d878565d7a7d3c6f719445316a694ffa8f02b4af0d44a66b3e195513cd5630cf588daccae6c5a1b80f79a521c6670ed66431931b79
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5ee04df807f402cf86b8c8d622e02bf9d
SHA1b4192e9dfb65e30a0a39172e2f1da230d5b5de4f
SHA256fd8f25a03bcb169589ce18956b4ea0704f4a544fd223d45d5fe8a4a3f2ceb38b
SHA512277015e9b3af8f5b1b6a11a4bbf77e6c3f713e74f7fa90f1498d161489f1e45f985fc8b60d144fc6e7664e70fc06eb3a859db327cf717ab272c44abfb4010cf0
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD588e4b8ecd6a0fbb93f29c1023cb54db2
SHA146fb27c783106e33015f51fb7d3f3aeae7f396a1
SHA25604651f67cccc272e095ce099f35678c564fb685eeb2beb3e73eda8f62c53a98d
SHA5121602d86912953c62a37485c2d442fff01a5c1766d9d5915626a7c7915684b262543d87bda21093a550921853f04140106e739bcbdbce55a338a9865a6a737b7f