Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15-10-2024 09:13
Behavioral task
behavioral1
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
-
Size
22KB
-
MD5
46f19e1e156b92cefc027a98963034e2
-
SHA1
1812b0a69a7c4af7761d3de6e090cf2986d513da
-
SHA256
1f1703a81fb5ce266c5830a4a5d0061e468f7de0446be7d99df6cdc87d357195
-
SHA512
51c663e30950b60ae3d9bb51692fa7a0133da69723130fbe1d99876effe556301f5d5443cd9e183666304b191e504da0241a1e0c41dd4371f1443050c103503d
-
SSDEEP
384:aprr1gkDCgSqzagqdVNGiJnybY5QYTTszAL1ODq77xbxb+7RzsnB:ArVDC6zaVyb6Q4TRZOG7xxy7y
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/1204-4692-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-4689-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-9941-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-10947-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-11126-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-11345-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-11348-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist behavioral2/memory/1204-11351-0x0000000000400000-0x0000000000412000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_76a0499c8a4b3752\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_5a503c811e650e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rdvgwddmdx11.inf_amd64_e8336336d081cc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/1204-0-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-4692-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-4689-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-9941-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-10947-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-11126-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-11345-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-11348-0x0000000000400000-0x0000000000412000-memory.dmp upx behavioral2/memory/1204-11351-0x0000000000400000-0x0000000000412000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Lang\is.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-black_scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_20x20x32.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-400.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-100.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon_hover.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\MedTile.scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\logo.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-lightunplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_PigEar.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_start_a_coversation_v3.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-150.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60_altform-lightunplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_altform-unplated_contrast-black.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast_retina.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-100.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-lightunplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-100_contrast-white.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-24.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_06.jpg 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-16_altform-unplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-16_altform-unplated.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-200.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_field_grabber.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-64.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-256.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\SmallLogo.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-72_altform-unplated_contrast-black.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-125.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\messaging\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Doughboy.scale-400.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_hidirkbd.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_a21192087deeb9fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\debuggerclose.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx-applaunch_exe_b03f5f7f11d50a3a_10.0.19041.1_none_3e722592e777a760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-shcore_31bf3856ad364e35_10.0.19041.1266_none_458e5adc0ac7b84a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\previousResult.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9956aae44c456826\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_10.0.19041.1_none_95f9ad3fef54360d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OneNote\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-library.resources_31bf3856ad364e35_10.0.19041.1_es-es_7d1c18f6a4da906f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_10.0.19041.1_de-de_27f0101638c29174\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_netfx4-attributionfile_b03f5f7f11d50a3a_4.0.15805.0_none_763fb8d053feb31c\ThirdPartyNotices.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx4-ilasm_exe_b03f5f7f11d50a3a_4.0.15805.0_none_5fe2df342921db66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_d8197ddcddaaf87f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_it-it_9847a9e1ceebf8c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.546_none_8af3c00eb74baaa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_10.0.19041.1_it-it_87920e070cb0994c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-datamarketplace_31bf3856ad364e35_10.0.19041.1_none_39c0c9e688c57fd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\needhvsi.html 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userdataaccess-poom_31bf3856ad364e35_10.0.19041.746_none_d17b3fa24d0e8fe6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\Media\Alarm09.wav 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_product-onecore__mi..h_hfp.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_20ebea060d3d0efe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-korean-hanjadic_31bf3856ad364e35_10.0.19041.746_none_e347d5f1a14ad4ad\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-fdeploy-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e7b674bdf46cd41a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_aspnet_regsql.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_55d0d276729238d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1202_none_04698995108ea6f0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-perceptionapi-stub_31bf3856ad364e35_10.0.19041.264_none_637e7763e7e8efd3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..rds-winrt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7420bb0b828f3f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-offlinefiles-service_31bf3856ad364e35_10.0.19041.985_none_e7a0a0a8c050d9fa\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_10.0.19041.746_none_1da55dc225237a0d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_net1yx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_3966cd5b62e026c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.Resources\2.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-onecore-embeddedmodeclient_31bf3856ad364e35_10.0.19041.746_none_4fb34254813d8ad0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-ipmiprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_dedac9629cf98f96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-lxss-manager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_82792589e32bceb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wordbreaker7-mswb7_31bf3856ad364e35_10.0.19041.1_none_8fe770561443d04d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_6192f53cf0f826bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..t-resources-mrmcore_31bf3856ad364e35_10.0.19041.1266_none_6a9928134b7702e7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.19041.746_none_c05346ae3e1a99a4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_97f80756682ab7cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_59f3392933473388\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_32a186b81ec1ac7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-72_contrast-black.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_it-it_3f531d0bf73f07fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.423_en-us_f07e1f9c89d64ec4\r\OOBE_HELP_Opt_in_Details.htm 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..baaupdate.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8265a15caaa9bd2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-regctrl_31bf3856ad364e35_10.0.19041.746_none_f8afbe5113672b1f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_201fab6ab27c4fe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..erbox-isv.resources_31bf3856ad364e35_10.0.19041.1_en-us_30e3ce35facb097d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-a..mmability.resources_31bf3856ad364e35_10.0.19041.1_en-us_adc0aa0cce242a74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_image.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ce735da5c081daf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7144a836d5e6a8a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-xwizards-registration_31bf3856ad364e35_10.0.19041.746_none_f71218d1476fc977\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_eventviewersettings.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f9fa7d305a9bafe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.964_none_bcc003ba46884d04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1240cd13c584c1c\SquareTile150x150.scale-400.png 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_10.0.19041.1_es-es_e6712cc01d2a66e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-rotmgr_31bf3856ad364e35_10.0.19041.1_none_e3d0085b562a5c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe,0" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.DURA\ = "DMMNYJYJBJCPRID" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\ = "CRYPTED!" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\DefaultIcon 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DMMNYJYJBJCPRID\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\G1s2XF2B09is2uP.exe" 46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\46f19e1e156b92cefc027a98963034e2_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD51ba59ae0bb89856e270d5c938b99989b
SHA1ddc42975f43008d9dab068a85f2bffd6f1abc7e8
SHA2563bd90c12b5700c2200e7c0b3c895812ae4ce7889e39fb780d4431143e83b8192
SHA51293cd7a195d92dd26b7f802f4da3083d3d4d4df5cbaae69f6dc45a5b8be246cc91c635f130c9ff4763e6411a7dcb04b3510b9d7814ae2c5a2e8e784174934a238
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5d50acf09e252ff2c20e901e4790fdb23
SHA1bfdf04d961bd29072d99df330bf6931a728fc4d0
SHA256fa4a0330585d73f3307427955265ef81e227f1a391ce464248db2722e75c2d8d
SHA51262b181cf81ab74e40f29ad4dbc39223593de1e3bad43fc2825863d3569dd4c550a280533552770927a7a3d120fcaa3ea350354757e6f55c43874184c5c140aa7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD584dd777d87421b84af384608e5a65daa
SHA18fe83d23436841b66ae793a67730a86cfe88a99f
SHA256fd53c9c9144dd5b867a70cf249bdffb2dd01872748dd7f94397945fd395d6fac
SHA5120718b9b8f253d07f0dcf58e04b123e9a5bd448b374f8b8545ed3bfbf240c3d9af1cb532a5816133a801100cf19819cd72e8129380b0b31c37ab96a1d9ec7957a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5d941158c783544aae85a49cb87caadab
SHA1a15f6f93476b59b91ce801bbbb9977d89a2b90f3
SHA256533ed3b67e6bee9ed79c8bfae849829d7da09f85962e6c219e6a5fe1cfbd0b66
SHA512f7b10bd98a956e485896161b74207c92d1e2c89b345967f68e1ae16499206b68cca00ca2608168899c48fe41f35f95c4862090d32fa1aa5b00cd77b507e25a34
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5f4a09def19a2b23caffd0d6830037c42
SHA17db265498e3b71fbdc91363b378203e1e305c037
SHA256360c9606067cdde4ad9f71753a97e90788c548ce7e88a8d4de3869172e7ca709
SHA512e06de5cd5b9d6b188dd6db93960f4e9e52ebabcd31cd1742bf93ead17a8a3301c667a0ca2f0dc1a6f2ee23988958de3f5d018187c1c376d1fc1df97008415724
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD580ccbb6981b789c09a866c0ca9a7285e
SHA186ebbe15e55d4b8a1cc3d7ba21f5f0ecbfbe880f
SHA25624d02f898a019be45e50d3b8569a6c0a61f5f5ca908b61a956d886184e94efa5
SHA5128ee1f49e0e677907b72e909bea669cd1be209710b9d67c5717d8c3a05162bf123079886e8f4805512da7217c43981451bda4b0c4869ac8830fca3035ee202a0a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5d7e55f4499163e1fac8e807e5c145294
SHA1c83799eb028e3662ac32ff4f351797a6ea503bc3
SHA256d5feef2ff0b9c922ca8969a387de001defeef3c49bfabfae1b071ce13661519a
SHA5128d359445a3d022187bdb957e99aef6c2b83728678c598a42f977f7fbda91bea41e9c2c88cdc41c3347d9bb2f65b7621006321c3549652e22c180f4e63ac7eb23
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5481a8ecb373f09abec32f48f0d71e0d8
SHA1b723aeab884c846988cbebf7e8a989c2a1caf0e7
SHA256a0cebe1955a90284c540130a2991d7357c66f205e8bb83d72c6c9311cb3a8ffc
SHA5127cb4a7b40e0538598e1c9553c5482448d78b6347f2a82732e551b859241612a8109bb873ed61d1135111d1ad7d60c293ed5f930dfdcf85b86df24e411be0e78c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5b325bdb4921fd63e8d8b61f77b40cc3f
SHA17999f09a895dfcc2240409f7256c4abc9ec484d2
SHA256efda913e0157880797eda769eb14b58e368db780307d580b22478aaf7e3721ab
SHA512e0c34335bcefd9c0fd0c3c74c1589acd2c23064a0cb6ea5fb5702e8af8420e9ddd3679f8f5b9a6f1203a7e2603d11068b2c06162f3c7e7b745229e4adf2fba86
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5c1df3decbd14f509ebc399e3f5bfc7b3
SHA16973f9c814cb6fbe8aacdbf02c495443bea29774
SHA256feaff7d862720fb0687a4ac480dc9c2e9e1c3f5b55e310e2a027bef355a69332
SHA512739e942fe274aef01208f80cecee88df01f67f69a19ccc6f094b8c05d518b5ce165b35d7bc0b812bc9189fda3b7a7000c815dfc6313ec94f953911d83e7c3c10
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD56464c58390ae5ab277fdb35733912279
SHA11a3201487e35fe5ebcd9478c857181a3ce9353cb
SHA256b65f48cf868e777d18385f892f079e2ca3d844db86da5a6b0b63b7587fd045d0
SHA512a8279af5e5e58aa2ef08c57064272b60a500d4bc4866ec12fc7cd125d7417904cd2696530b56e70a5cd7faba6c069923d3da3c13bc1d51f3c10b6219b0f29b77
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD57df8a81329b70a3285acf2651e581a7f
SHA155dc7efd7a8e5782fb28b60c824d859b8006b303
SHA2563210b9d89a2288d47f991fbbf937e770580704377454616fa721047a6bc6513b
SHA51275815025974c83c1b1750ac73deeeaaa94dc7ca90b546b11d528756a34c8986aef7b2168b00a9d5db21bcc143027a1e36611a53ef16d50800c6327c9e3371820
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5418116a5dc9eb9f26e8e32630d0c6c32
SHA144c2500eef843bc55a30d2649629415ece584b45
SHA256bfc87ab039bca7bafbe149abf96fe8b11cc70950f653abf3f7159b3a384bc100
SHA5124a2d5f4044a7ff10180ccf277e5167ebb7b4b7599ad214f81dc5027d21eedb5256702e70dcc5cdc1469411b72e1da5e4bd3471f8f43eddd46336977a22c2d087
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5087af9a0b128ffe238e4dd905a3b434f
SHA12aeaab8ca5f5d8ef24160f2585971044416e2a12
SHA2561c799bf510f517d9c8f36df88bc9945c2de7d73f7d4bf1cc5faf02d79fc1a2cb
SHA5126d8606c858a4fcf288d799e1030ada1fda9b1e9f89ac59da97800ad502df92520b9f21fa427e768f06e2664c93ef4af7c3901a692516024325128c53ddf0f6fa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD594406db196236db3b02e41b69fa25b38
SHA13afc38235439e3b15bec81457b1adb9e4e5c6620
SHA2569a3aa5a91a33e0c18f512e5b715416b0f8a5498ceb34b48716b1ec1131006e3c
SHA51227c5898d0717413acee76cf50d244ee8ba35c74057908b4d5a8b64cf5573be98f6ac74334f3f453d5f3ab4872081f6043ce13793a5299e0a45d4841982a26ee4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5d5118d2a46a1612843996c82008a60bd
SHA1a9cf47e5bbbc3fd59b9f151ff712a5752aefe093
SHA25668c82b71fb86cf3ba2e88de2050739c71ab61b33ef852ff6a6ea3fb3410d480e
SHA512f636c1962407988bb2d7a41ad9a23fa521aea81213bc2f20bfaf0e09c0cfbf5b98d8837c34510c5c52520e553c3272a38aa392168156ce76f995acb25e053968
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5b7808c2cd05cb0701356ae39d0646056
SHA1f0c30855ea480383ba0fae087bad39103ace5b4d
SHA256a4a0edefc954026caba361354a072a11c88c583477e8d2682c9a98474e48fb00
SHA512feb5b8a6d273fe0dbd7164a7c5cf60f06427d3296f300d4ca4d3b72a70e136e08cea964380078af363dccc512da1aa92cfb7f1241093c3d28a3c432109c82505
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD58f0ad64187f81e1c78d8abeb4374f98d
SHA11eae2cff2cf48d706ac6a302c7074709d221c491
SHA256b9102c60631439c6bd5d9a660a59d5bbb0e074b949a7bbd96539784d308884db
SHA51275561c371ee71d3e6879f9dac31d9dabadc8551271081c430e7373eed8641ef7e8ebd9d5b431d06fe09cb10c387118a3e381b00b20b7c49aadeb8d6b2e619239
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5fc0af6d09c06e3470394f7f568bd6cc6
SHA18bbbd65e416d582da955973f170db81d9f815fc4
SHA256ea395a828ee6eed3aba35dfa5a66000743b9ee0e4c414738865d3fccb641602f
SHA512a1c3a0b5ca3a99822ca3fbfa5687c1cd2a9692f5c431e78936f1cc1e64894a1338a7a1ade2b05e2a324897b3ed7424cb61fa7b255562f5afa34907c575e5fb15
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD528cae27aa26f9d0629eaff794ca1144d
SHA1352b793f9c560f01c98ae1642f10aa130e6ec73a
SHA256fc5616f05b556596eb45f2e310e6dfd3f2c128352e8ad7d90233872e8e75e309
SHA5125081c244edbca8b4fcdb865957bdf72c5fea34915aa94cc68f2dc27387af6438bc3810cbea82ef307493a1729bb36518e1f65c200c9988c63661f71f01064975
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5fd35a8a2a1c6c2338a9f59d2f95845bb
SHA16bfb3bd377d5e4a1810c283546285b86a8df4e31
SHA256c7d2dbdc140255c7df46262539897e6eda0754702ddd1801140bac8e590d8a82
SHA5120645e8f814858827a035b4410ce817903f8082dfd655420a4efcd4e4473bc8444f1031bb3da84e228a714ee76eee053e3be66f220cec83d3734bf31fc6812a94
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5344836af8107346c6c34e53f809a6a27
SHA1884f69b0e88194de24e56857b7a95110d874128f
SHA2561d77d86f24e808fd2b7f3afe7e42c3a9c7154c71276888c666c62654ea9566f8
SHA5122ae78711311bb1c4f833aba8842e04e8008594576701d0c5b412cadf2393931a34d54176f11bd88e9dda752d9d3c9ffc8cff9a126ef4fb7641f5202adb6497a9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD56df985270b121964786fbd1c080d5014
SHA1f51351c808d30d64803666664cea38b8a2ab9ad5
SHA25602289753067d0096803898bfd6a4999b17e41738a083e1c7170356dbbc64a101
SHA51287a8391c5c2bc51979bac6133ecbf8286e85a48e5097faa711878ec1a0f095b43e95ca609e4fed41f044a8567f033b57f38e8dee427ba6ec42a06659f759107c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5aef6421e302b16d60a8cdc0a0269dc3f
SHA14eebcd3e1764b07faf836d98c40d9bf182341cdb
SHA256208696d39b4768c490f43c799086aec1898a0baeabc3a61fcbcdbea9c09ee706
SHA512eb5603941a1a8c1ff03834a01f2d551326e1ff85c44523cb735f38d3354b54e4d17dba040eecc67d949e0beb12ccb526d1004a0e16015a3252cc2084ab9ef143
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD556cf2d9e6d5c40031bfd7bb059e11d70
SHA154d9b7e5c4c761b06d1a8e9958d6f7dc6ee8fac2
SHA25630cb496734f4869ac4542b7e952993448191770cf98b937b541b50ea98e83206
SHA51233c9bf31cdd370ce65fe815d4f2fbef5ba04ec4065ebff33b761d5f07a37ea81d176cdc576f6cdf22c445bb0c55504bd65b51026b03f4e256822321209e9ecb2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5b19779ea64ea32e16881433c90b5912f
SHA182e8aa0dbbf55e2dd546073cdabf86ee87e16280
SHA25684b4301c401f645a99ec044c8b00c88c170acfc97e27cfd118ba634a24b0418a
SHA51252736ff010019a219eda6e7f382784bef6e15fa2545e06650404d198848c6b7d2f5ca8f9e8c42a002131b91594d9f1f8c5b85b6368b9b5549f4f1e96e6f437b3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5c4610ed7a6864b041daa914a9b4a6bd8
SHA18c5a6a148b2bec578f98fed8ad113f79ce5df7b1
SHA25669392d76d41bca6e68059ec210c70237dcb2f3bd328eb28ecbe4de8c6c5dee5b
SHA512e6a3f8a4834078cd93d673e3dd3d2e4ba1996562785c4aadc36b2faac2da40a339e259032adfdb4d2f974ab02594ecca24427290e8944e145cce3ab9f8aabfcb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5cfe17163e51047f63a60411bd2219b17
SHA189a33bcec32cb0d2201a0adb64cba8b52a95d787
SHA256b6c878c30e5db5d15f8fe56c19d13fdd8fdd386686af5a6b685d15f352724c1c
SHA51234962b390bf569cecb4c4a7bb1ed33c40566ca50f7a565c12a648c1375b6a07c7bd869bc166d0fd20ae82b379249c0647e499916d385411905739f6404ec8c3c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5588f594dc8f05ff225c252874d13172d
SHA18a57b945fb29f7979b52dc0739e538811c11744e
SHA2567afb9b90f5cfb6904f3845f494d5d68f987dbd5facbf5188c7ee07d6828ddfec
SHA512394a8d5b7ea11ed25e57f6bcae4393bb96f0b9f3280cc966c581a4f60b54653980d6e2bee64a9942d9f98104f0fe8ffc6f2ed64ff1b571a7679937648c63ff4f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5daceefa909d931be1b92ffcd10d1b9a1
SHA174d47eeb56ec15231c7669b243b5594d6b75e592
SHA2560fbb449670c12aeb62ce2efba31d341cf3b8413c5afea4f99439aaf7b34222ac
SHA5122f54539adea2c3d888fa893355bf39ae2e89de47ec3dc62f4e95bf760567f2f92f085348a57a22965ebbc4a9b91df5049503fa6c0ac32f37bd04c3e3fd829c1f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD55f6cfbb502fa9ae526c89a7415fc685e
SHA1002de9f8da3c4f411df6101f13ebb672f57a792c
SHA256880d7c527412108d61e8309fb2a61dad1eab5bf699ea5973673a5ae4c6c246d4
SHA5126d58465bad168646b3d18120148d1ddd564f15cb00813a65e2eecccf7d4701ec0ac887ad18fea8c933c56766761d929c814c052ff97d8e355caf6fd8dd75dfe8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5a394c77b673ccf7f126dad3f0207aef1
SHA1a790a768ea723ef8e0b40b4aa08993fa45173907
SHA25618aca11f01d8d555743222b90d92f132b062bfa32547903093640e9d3f89913c
SHA5127f5f60c52e6da52a45b8189c632a74aa8c37a03ba13a74b18e7a7a1691a3908b5448c0d34b3728def182010297950ce439e6eaf5ea516028f13d0cb358c6c691
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5bc47677f2e676c2876562abafc292f6f
SHA1cedde08d089ad06cda211f57f2e4a93cd820ebd0
SHA256f55db6e4e19eb5567c33d97b466fc9ec7a520a9cbeea97dffdd5c8341fe6cff4
SHA5122a7a3295ba43a3a446eb3ff354ea263fe17e191280493da8f890ec5b22b156422bb6c7bba35a6260a2af81b02d862eb748381e8834bde9eb3b98e128270723bd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD51998c932809bf0fc82df24654e172f2a
SHA1a1e610b3e3c76b814450fa30abe89416b130f557
SHA256738801b0680f25f8aacc4751eb1a7a61b2d5224976b03e69370bf8c327eef548
SHA51240723beb4c79e37448f306e8fd7822778454fccba08e410a28f0194cd4a0b7ea76ab1c6f94b2d6e80e2a7243afa26cd199475a88106ed00de11a72ce71b7a1b2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD59724ee0cdae300780b6e6ec9cb45dd3c
SHA1d6f6345a926b9461d437e4be4679984ae35283e8
SHA2569ac72b7aa7f9a61694f0d55e18c93a16b39988c54138ee5a9f3b5f0bf9a10783
SHA5124f8a43ea4bf802f0ce6503743503a513f0c07535bd057c5cf96f057933b7e00814383b25a33e03e73daa374af64fba305ab3c6a5688d46139073ce7f8578b046
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5060a9c07c44b6b2d1ff38c9704d6131e
SHA16d8d8f853016930d703fa367bd398828b2225b35
SHA25636f333316ea63f93e81e604f2e50b614d4f586e00b1af38a7dc793a5bb048379
SHA5128918fa381d7cb3ff4a0d8c7775a6a58d15ef1756a4724902d3358ade2f91bc15109556905f2a43a0b641417b9eaab9996b623f9123cc5677692cf026f9ef661e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD506ed304a8251ba730d7fb0610cec1ea9
SHA124fc96447b9f66b13af0c8825c8f36f6f76b3019
SHA2560ebe4db0fffe6acc8843b18846d3efb5df6c0bc8f1f5c8e426b30680640576ab
SHA51272aee3fd4a99e5c87d60385ca577fbcf0d72b78da81da7766c2e9537856f0c0de024675d747fe0a720fa30ab4b7171bd99fbf95f431a53c1e52d3b2bebf570f3
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5b6ee459b01899b6cca6b16d04205fa6f
SHA1e47db0cc86a514651208a673cbd35a5096091a55
SHA256ced0031d231d015ed2da12404236d7e61ee4cca21859bd2c4c17bf64483b85ed
SHA512dc660a2845987d457b411590391e68da181cc43e1281200b9d9759d2eba95d829925c40eee8f7df09cd373081d0c49304d521cb0927adc0c165d34b0ec90b214
-
Filesize
125B
MD5ad136daffb0403d7adb1f96ec0ebdb76
SHA11a120e23149ae0b27f00c198295a5783e2a11d5f
SHA2566c09906367b9f3b17251a9587fe500426ed53ba85e282adbb1175a45b8c14dd5
SHA512b6e1917226e385d1e9c4ee1fc0d14274db4346f23edd1320967b7aaa8f60f70ffa02bb3a9b69581d03353bf932a4dfeff880bb5aa59ba09a501020da202c2b20
-
Filesize
153B
MD5cfc385beac7f5434bfd6713d1332c4e6
SHA19b8c363d6bdd4341cf2ef6dfc5bde0df04b7187a
SHA2563231db480431a4cb157de5d6cb5eaa4773c9e2ff747e4449b24eb12aacea46ff
SHA51292632ceb7a51b5761d76a9299a1f3189201ba76ca1c51a2bbb5fb111aeb3664715aa87711cb7a185274308b6c3c6613d3eb3655791066c4cdf6be75934a05b59
-
Filesize
190B
MD51e57473b24f74df5e10a27e67f6283b4
SHA1f04c8c30da303fac8469f91c44955f148a97186f
SHA256c39b84041125f4d40cd519b56d8bc24dc3c2d64e247d951fbb795bbb2c947c23
SHA512274c20217164a7a8720ec3af586ce3c069013f1baf08735b88f6e7addcc826395f9f6d3098497d0063a870b4d0944826385e44eae1adf2d586a1a8af2e10ca7f
-
Filesize
190B
MD52162bad0329256b66f926e15744992c1
SHA176745c33e5c9a62c12e9bd9aaaff879ed469c5c0
SHA256273df0f31198bcf69a945cfbc9f0c78a954f007b6d89c231c8fa6d68c685e596
SHA512169592f75ecd8d576db1acc6db8bf7139f898bf84d630d17d2130e101adc74c955eb9ce56a10b9a4eee1a80b19b9b3dc6eabe40b3bb7f654558b87440bb98f73
-
Filesize
1KB
MD563179e84b431954a3f05185cb4c42384
SHA1826f30768ab30f02db06e2ed5b70671b23c27e88
SHA2567c77c36d1d14cbd66da3e324119dd1940b1fe3e2f4d175954dd771ee152985df
SHA512f2686b9d551ac2b327813d761072a883c06a8b07475c3c7661de7c761313f24b774cbbdf89454137754087312d8a905583fdcb8f75633997e4a43030bbff4ca6
-
Filesize
31KB
MD548329ab67e030ca764004ba1fe5defea
SHA1d87ec1a5e5c1f3cb839cb1702f2dfce06d044188
SHA2567815f45762c5dd949291c70ce3b4a3d23403d6ff4f30aa0efac4fc5890ef1ab5
SHA5121b6d9ecb5cbe38571d596ed5a695902ee26e908a2131d14632d8ca1d330be571ed1a7fd0fe71b7d892cb7b6a365e8ad29d1c38ec1ade06b74bf72db449bc3510
-
Filesize
34KB
MD52e4e6d2cf658931d904afcf5038d5025
SHA1bbb7cf5d2c2e5419ab519b9765065f92f0c309da
SHA2568cf1d21c94d732f256c5104c1bcab9e7f1ce719aaf1663fdb518d6cd14ef0592
SHA512d8ba8a2706997423b677f5640270dda44138b742a04f3d10d5137fd58828f4e9c755ffe487da4c37b0f5aee2624c19a5542a955270744fb32d110a52e7e12b3c
-
Filesize
23KB
MD53f81942fdfaaba9fa6ec37be5a0ec082
SHA111b8e4eb7219e1b545c15f19d941ebc4189d77b1
SHA25666dd26e93b20b78f2954e366b2ffac11abb854b541ffc75a8ecba2a5161dfb92
SHA51276b08895be31edb2d7db92580cb4336647d8474830d2a2d15bcd697273b75411e5342e474cd9ed0f008f9eb42d6846666118ed1512453556f1da41fef6def3b1
-
Filesize
2KB
MD58779b48918325780025d41858dcf63d9
SHA1ed364d2b04e9c384b4b6256e4d95c4aa382c0378
SHA2568cb1c2de4803597e45cfc24760315514c678877b9d9b7b7f226b1d326c61b7d2
SHA51237b5f47852f22d0c456df50d96ca459998b7759c69a6b1ebf0c054406afcf1e2b3a675140c33fdde355134e15285330393cff2027615c3cc8e4c84c9da4d8329
-
Filesize
1KB
MD5d7012a558d7e420031517906d42fc749
SHA1ffbe0a5ea3027f0bb508c79dd2cabd4f404b1f98
SHA25689cb875e2c529c727a41610ed12ed4791189a41d68eaccc8d1b87fb39d4e07c2
SHA5129c2518037ff8fc6868f255a469872cbcb388f59c48e12ff2198a628e1bec10ba2592d53211aae44169bb870dc3f265a0d631ff4f6cd7c59bc4cd0399fcc65856
-
Filesize
3KB
MD582b168aa330cb300939270f253bb59ac
SHA1147b685f6115ec5dbbc92139bc3a2672707fb0d3
SHA256b9ad6f8a89f42f63e222e771172c2e3b97a2c4bd62d4660d08cbb43ea492d92a
SHA5126cef67d5830ff0a1dabce0b71671258840c0e1d5475b1e6adea4fab7da1770c068ff6145c8f1e8b209e68aa223b80e58e4bc7d565b67b85a03205d9b028f8d29
-
Filesize
2KB
MD553ee3beea904b9e13f14a0f2b4c2f541
SHA112942fee27bea6c24f298973af47fe5e4b6accb2
SHA2560ff92f1aef35804dc95a5905e1bb1f0e537a4b357c5c3b7fe1048811260c10eb
SHA512d04a6c774a7a1d2bb774017fb86e7cab01aed140505c7f2b8e8f3809e999ff08dc66b1243018f9933fe256c898499b148db08f280e44512c645250377a353b31
-
Filesize
5KB
MD595acc8dba867cd7999f724617e5005aa
SHA1e992b1507bdd08fe8c29af65303dbe1f36ca0a37
SHA256c2a5a46a00ecd6e0f7494fe6c34a3a05017ba969494a4fdb397ea057652ba777
SHA512213f4277e3f0008b887ec9c26d79b7d6c228e84c6c6013cbf5889cb6391fa236aadc6cb7357792c17c10d2448eccc01b1451aa8e953e935ef24af1f476ea2472
-
Filesize
17KB
MD5d1aef8b6fedd0d4cac3181a591b42dd7
SHA1db2c9da5660d37a6b654ec8201d6b63f56183543
SHA256db118209bd108f0f334151d3f5dccffa1760550a09299e9ffeac0cea397ae311
SHA51256523f98ea76d5b1af95bdf55ff2e74fb52913b00c32b1982511df5906dead5ac2faa875d26f15b6a2a256b0e27a85b292d3e49fed1e3e499ec3e46747d085cc
-
Filesize
320KB
MD53ef4223234133a689e0010a22bd22126
SHA18f18966b04aaafe1d367e93c97af9eef540f36f3
SHA2561315f2a6a5cb5d265b8da6753a05ddf88f1ce73e097d733ad8cb58f7f5d32028
SHA51242e6287a4ae577b64c74f1584fcc19435b57d47dd39ed54fb07dc78744036c845bc6fb3b60774d5bfef94fea0ae107879159b47ddbe453dc2b50664f7c120d9b
-
Filesize
1KB
MD563c518282d0c4d914786180770d91618
SHA12e0861673e310a09eaa288fff385866ec6916b69
SHA256e4d1d3e607d3a2cbe73a61f4e4f40d46fb0b3aec55ab6fc05779b5849fa0d1b3
SHA512a1bea558fd3372865e633f8130d75a2c8dc2b1cb102f4d2ecf87e5bd388c65b9d12abd71af2707867e9551124ed55ef094964a0f5cc59b42a4ba72178ee8ca48
-
Filesize
10KB
MD594c3ff614bdd7499889ba826e485ec5c
SHA118a62ce7a13b435b89050e5b739f17fbdf1c37b8
SHA25630162ddc051a06df3309865451f3010d3a4197780bc97c32e8a76697963ba75c
SHA5128c5960b4da9307fd4b12642670e805c58ec5a019ab30dc0440c356d2953d46aec598a189b20894a377aa46378a9bd7bcac3b6f9564056a31aaaceabb5d3b977f
-
Filesize
3KB
MD505859042947452b6caac963c706458f0
SHA167b7528118a1dc3e2cf42bd869e71f74ed1c5b59
SHA25663c4e9a782393de3ba99e196a681c3611dac5268958a06e58a9132b48d272371
SHA512f7ec4f5412818e51375fba87c25dcf7b93eb5b126a50ccf594747bfa0be09b52df8e97dce5b831e99a9b9dbc59255bb3546dd83c9e39323af17999289e710507
-
Filesize
162B
MD5e369b803a2e617d75fc9979006902781
SHA11c911b2c90f5d0d2fd0516d32b43f678076fe92e
SHA256d3d50fe688f9aa1e61fa777ff6451ae754e58bcc1a9c15c63c657756c01c6b3c
SHA512fca04ae810e61aeded8dabf8815973d5306703b757020f78dac8cecbfc72e4e086d5af93fa7fb5dac7b7cc4e17e9fd8aeab06cd208c6fcc148be56ffc1e2932d
-
Filesize
1KB
MD573f006a352eaf56886c644d0aa1fb0c7
SHA131d9ca83d0aaaaa041ab1c1d1419ea6807182563
SHA256655d740decac78aed370cf4d003b41f4d1a5b8d7a4067183fb16b98e75661f2d
SHA51270445180dc4a3e7a932a6f59f99a8c3a4a2bc8bd77b280023ca2eb9f4b5490a52021c2a07608d0269f63ac79fe5263dff0a979d2b7337bb963e919619c3d302d
-
Filesize
3KB
MD58073b80a8f2e4ea50b76d92ea2493600
SHA1db67415eb8367dac1808b44e89aab54c06e08418
SHA2565bb600b319b329fa8d4631527777b93c71bde2661deecb81c98437f533445ec6
SHA51245d0c9b543b81e16e02d30649c798ff6009cdb9c00f0c4902cf7a03d8eb81e6d5e1c5265e790ddf6bb7674fd5158d280abf3a835e527249176f634314064df68
-
Filesize
1KB
MD5562979c50fb355e484b5f42c30a75343
SHA1da54c4bd45aa1ac9182489943930acd938ade87d
SHA256c1526b4bdfebe213329cf21e8a279147e8226034df1809f080a4ce97797f72f9
SHA51233c27f6e683be0e92dbeed4e0f200cf9137b0985d9d2a10e8c550aa5256da640ae7aed3f1e4b86d5fc670b6e5aa2cd13bc6f95d05e1e5a5a164c4a570643d302
-
Filesize
28KB
MD598eefb531e98ae7f23c93c0f883e310a
SHA12b79cf774b053bd21c3b89d1d0eca3c2325730c8
SHA256807b104f75009a6e351e0d0c2ac91106c97e2610c6b294cbed0876679adccaf4
SHA512c9a86f8c7156c2ac53e2c27f1ce29f875a11babaf8795162c45bec2bc5c8fce79a50717d1b8b3c8db72d2313dee5e51efeeceb57eede51fae5badb540970d6b1
-
Filesize
2KB
MD587a6236a6c2805f256eb63d75dc83f6a
SHA11a1b55114e014e542559dc9d9b638628cd98de11
SHA256292f3cbf4b7c9b7c3430ac2049e3d36bcf8b7d0c922b24de13e250a62dc9463e
SHA51277a6d0dada47b7a7f01c785e8a9af3f66f48de882124e2fa64593680bdb4a85f4cde38cc27b573b9142d9fa204a580acbc9597944704856d707c325b295c76ec
-
Filesize
1KB
MD5a4a63524ce0231bbd7a8ece5570e8dc0
SHA1141a322fded1d1ee3cc3d1998660f277407cbaa5
SHA256ec53c54700b17191f2ffb3d8fecfc5a5a4938c4ff71dd731a94968407946d39c
SHA5126dff01738ccfe350d614e3b0257d9b706722a7e5b09410b7bb2bb700c963ec230a11917e23adc6b1dc2aee7f49b305fe2099b323541827dedd5994814beb4ee2
-
Filesize
2KB
MD50bf20f136450f40c86a461fd0b754bcd
SHA1b20f9dd61ba3a65f29e869c9f2e29177d68b7b84
SHA256ec879718968ba340218bfb5c894fffc6fece01eb97fa99abc2dbe8905e7ae0cc
SHA512877b290fa92f68ba95462755cd2fe6f99dcf78a391e0bd425cac9bde0e4fe931392ab5bc7aa580e2f5faf5e2a7fcffac89254bfcc7b2dd4001ae46d8e5c637e0
-
Filesize
1KB
MD52e3334aa35f458b5d6cc386769e5595a
SHA1e5410931806b5ba57b43c6cb352178897e4ef156
SHA256957b06a7ba4cdd3b57fe8c5c8eb1c7f044565fea508f51efdf9c8fe2c0909808
SHA5123248f7ad93062a010503d419473b687e4f00538e841848ecc45a8e6c87112db4da897121740abc2a81ce32a3990adc6e4b49ed8f36dafdd51fbde5be79fa64ed
-
Filesize
1KB
MD5d60758d17d477a27cb11d10f3310ed73
SHA13ed5eeae28a0fc22afbda48e901387cd874345e5
SHA256f31ad237aaab464dddf803a37f206b13f66fe8736e9077132ce2c63a9ca85ae1
SHA512add06de16f88543a286ccc28ee15146ad448c36c5df2438ab6c9c10d263bb6d4d039abea2e01d1acf04515f6e892e8b0e343dcbaa330a270bfc4147a6f993149
-
Filesize
1KB
MD5219c4a8a89d4bbd3e81611e1f9e38049
SHA108fecdd9a6f96d831fa8b380172e782f21474772
SHA256c200d3d11d00cb6937eab8cbe3936774621c1f8c417088a6ad7371fe1373fce6
SHA5122581450711fbcc04a514c4e526951c785b8c4b1608721dcd73807618d581057a069da4313a3e44340110d4353589ece464c261b3519a259ef732a115e86a3a42
-
Filesize
3KB
MD506291e2c7d01d873664f24629f013219
SHA1ad5691187a9e882ec13636c962b9493a63e259d0
SHA2562f584b49c4cfc2e8bfc1d194a89c2af106beb231395448e4de4b1d5058f69144
SHA512164121ef825737cd81c23dfc98c9bda1dc10c04a31441358a0d6f0691d79463aad66218d091079c7c8c8024163a5951f953b606ba2cca858c3996611eb4248b3
-
Filesize
2KB
MD5fda34143c0391a4a31cb33b985375e1c
SHA1b9f9d983f6e7b685040dab29e9074c231ef17999
SHA256c13d650a041655540b5cd12a59467fd125264cc12580d3da718984c63b240b18
SHA512923797124c0981a76bbba1089387eb527eeac8e30ef8e3c66c9bb1e087821f375dbec86da768a403e3361ed1512d3b2c20f7d3acf70bf877fa8597a9af7a42db
-
Filesize
6KB
MD50d3f21f9377860213c8fe573cfa9690e
SHA15d4eaff8167a49263820c5e9be9f9bbeb988d327
SHA2566b9a2f2da5edde5d35534b061e9a1ff645f5c9caf064e76286a5774f58397e09
SHA51285373d6dab7012dabf5e88d3520e3ca036149af703a285d529d83b25ab23fe72f13e99ae1b363f8e1253c227ff585dcf3e89c30153d4b307f65afb531d2845b8
-
Filesize
5KB
MD540fe159015fd9b167447e56c2ab35423
SHA1f4de7ef95ffe09147a37e0054ad2b45b59a9174e
SHA256ba0872570d649a15622710fef09ea6251ca6520b87ca197c8e1c14aafb5a84d8
SHA51215ffbc4e0d5b4fab3a77003dd9ce9556c288a771e887f0f672ef317e599c7362ecc40ff51b2e92754403ec5396261dd2bd9c8cfaba589a520ca6572f4c6e8034
-
Filesize
3KB
MD53b2c11325ab8447b284fea54ccf9e56f
SHA12a89f0d59f80a0f5e94b4cd6d1b9aae5cbd86562
SHA2568395c23f80ead2c7c240299c9bac278e31a102bd11a27c01b4b1632fde092b94
SHA512392a84aa27793c4c7a10d951ba474e704e801014ddfac23be7a619a39a74202b21fdb9331e4bf4ccdda344844301552f553d72f5832fa0ff39d6eb22f34c20b8
-
Filesize
2KB
MD5889fd534e3b8ce2c1771c709f60f41c1
SHA1e71d006f7c6a02f82264e84d8f6b57608bdbc541
SHA25681c9b705806677db5170f5582b1d54db0361a30fcb909e90bd464b3f74946d27
SHA512ae4770f6d2e174ae41fc2afe0187d2fb6a922a891ba0701ef04468f1bdf0204b3c72b951524c27fd1ee5f34583e577aee576687af6e9c310d1523248ba3c0a5a
-
Filesize
2KB
MD532f322970f0e054ecd88e84eeb7e16a2
SHA1a911e3e8bf2bc859ab75486d791d6577b158c23a
SHA25608f5ad30b70e499e0e9e47d02c6b309e55a17a73d452944774d9555263535e2c
SHA5124e453fe416617ed4aab08ca21f9ccd116dba76cde973bcff7759628aa1680ce05b7b5833a1c6770b94cb55bef2fab56c88d21a57fa51a562d4c3ae94f38ddf9e
-
Filesize
1KB
MD51641bbe368d0f80b442d61b9ea157876
SHA15349b4e5b06bf2bea77acb08e65fdbdf2dbdb08f
SHA256a68671b7f97cf14e61da8b366690894f3b5d62a9eef1a1bae99012b5be95864e
SHA512998365e2b753508ee41a0bfd5028b1d0b757d270b3b8b17036ad4e630b06457431da1c831a574ba549a2330e126f8c8ecc18d1e35ac3b5cc973443b239a4d956
-
Filesize
1KB
MD59b9f8b1fa4fe98da481fd30baaef9c7e
SHA11bd30ed27ddeaec5d059e386b6b568a1954ad404
SHA25667c80fa220e5279a729dade69799614b55a8fe58cc53ccf18a519783dfee0dc8
SHA51250cae498aefa07b11b8bc5cc3825e46cb2af4e1655ad4cc8afe20704db238246957bba93fb486cb026d03e3e15aad3ce8983336a47042fb01a104af41d37caf2
-
Filesize
11KB
MD5132d96f4b86bd3ef244513cc28bc77dd
SHA185a2645e4b6144ad0d745f750d5b5198528fae39
SHA2563edabbb6132009ba4aa7ade7afb0c0374f9f6eea22053e3afe4a76b02aed8dd3
SHA51298d165ce66b13b7b2ca9563a444664d57fc6f846dfbeca7d18c47e40c486965d5f7f15114cba57bdf282d29aa00ac369bd8d50af69b7d4463771ca70f3fe6d21
-
Filesize
1KB
MD5a7c65dea5981a0d183d80785973f6592
SHA1ec59fec4f06dcc692647cb838d7ea0e0c9c4cb5a
SHA2564437fe0dba6dcbaba4857fe012034270d71a3eaa3f3c0cb59199a16b4174379b
SHA512dc402cf03217e6f13d0ea4ac3876d0826e3f439d4d6dfd283ea783bc7da903f8e6f9e7a7b17c11e5fbf1e40e206e93607ada7a69cc50e2b4e228f3744b095e3e
-
Filesize
2KB
MD5981ac8ca87c9ce5d12e875772b1abfaf
SHA1158ea85e7817312b68cfc9d350e9194c36549cb6
SHA256e5b4241e7a03b1e5e601025121ab8bbd73af0b20994014ff0b05337211bed2be
SHA512fb529b7e065e9d5e6caefb916782870ccfedea9b6e53f4fcffb134657f00b45077ffb5af8e309ed307930832b9f81bba8120282a81c51dee6b5aaa0b54202ea6
-
Filesize
11KB
MD5f77380778502a0ea9db38f5acfa3f6aa
SHA1ad9257319bad86e6555b88069ee396a33498d12f
SHA25620937b54a0ed4abd684fd38ebc3d2bff39a1b7b6f9ba9d003e323a7044e9f63a
SHA512c5a34d61efb69e61f776b0eb06183c34d648414863bc347dbfe3e7ad11e6b4ce2bd2677fdc05e2b3c222089391b42f8e1647e739b4fe1ae16d948d07e74e5a2b
-
Filesize
11KB
MD5e5383208e87e49e7b1e433d314b80327
SHA149bb6639eee33467eed0c3c3d2422c3e861ca3ab
SHA256bb6a815e87db8dafdf0689c414befaa9124eaa1a70fce60cb648a33b073de7dd
SHA5123a9f8b4ffcbeca81b81390a42fd92410c61f948bed9f7cedba67c66ef1a462879252ba8e45c30812a0dfea1ec7698347a05bcd06841a330c12a2a21e452f070f
-
Filesize
11KB
MD5566792af7baf3f721f788ba96a6a24ea
SHA159b957ed957f65d5b66bdaa5b166914e4e7b034b
SHA256f5e74993284cca565e80734a68a6c3767b45af46f355ce27952a3be6d388a31b
SHA512159d984ac0fb07d36a74282cee6e86ba4e1f78c8ca9a1a0afc8bd0ce1ea612d4c3accc0a9afe7054b0c23007c1f0a30fd11a9dc924c1a12665275e60f871e1f1
-
Filesize
1011B
MD575011eb12aecac785326d220d09e7bb1
SHA1971be53ff54951cf83fb7e20b7b509653342c7b0
SHA256df119dd40091badaf29456c3d5bf73b49c6523b4931f298adb83ba6b36d83553
SHA512a3bd734a59bc92ce5ed3ca053d1c05fda793a1c15a3b5d8cde9770422a67ccba71cf3f05058cf62872d120ff1787526c8a77d26b1728dfc34e0717ffbd27a6d4
-
Filesize
42B
MD526d7ee5ec69c11827dfa6dd3b8477756
SHA1d6fef25fd3c3a5a7ceb8d9aaad073198c7d0c30d
SHA2569d79e732e05c75380e3dd0d2dbf5fb97ad039e860093d85c9bb6cf24c054d715
SHA5123967635c9090f91e50d0eb47f116adccfe84423ca5b8aaea64f78ffe7c2ba7edf188cee2eddd2e3efd725a5aa8b2f7b13dc8ee7c866ec030c5004a009bfc61a6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt
Filesize77KB
MD5778da1a0639fb388e84c35346bc0d426
SHA12fb6c0b9d0160eb0d9add90461cd16685e44beeb
SHA256aea5ceb24b6b58adbc7b44e144c7ac4438185ad1a6f248811dfd6cac0fb8d3f9
SHA5127273cfd2c5f1ca1651ca9525008359a020594ee89bb989c57ce0bfa651f2f974c14d8aa5f8b037ddb34a76c796e120ddcfd464a1d721b00380fb5ca44c576013
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt
Filesize47KB
MD525f7873d4634f772ef45e956925b8cc4
SHA18e36650d939253d9065ae174f6bbe1a133456c9b
SHA256353d3b54c7b3492ac5d78081bad1e8dbf25990023887f7d41db1fcc528a60054
SHA51255dfa5ee85953dc9f3fd2c2cae0420cd87090d4f5f29d20a2b741270049e6a642f1056ffcd417a9613491e5996a1a3eb5f1419bd1295aaa984f6c14820cde51e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt
Filesize63KB
MD5b6e465f6b97eefd13d192348fa195304
SHA15c14489049c523c07a1c6ac6db572ab1f32e9ff2
SHA25615b516afc8224b25809695a12f18b4122dfc986224be50b13b1b8143601e5114
SHA512cdf6f5534bfd8516c9b30050641090eab5bb57b2227047ac42241b36d1904921076f3d448ffbe0cd2f301e02e6d4dce6510b483fafe65421f6a46a9b0aef7600
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt
Filesize74KB
MD53f6185504c0292679526a52095c1f5f9
SHA1237d884434dc3a603eb17cda8edfd80715a25bee
SHA256284df3b34432617d21581532629da5bb4389de1cbb87c621dd4a8f5849facf96
SHA512b8f95d647c553a9163f5e1ea8270c3875b6289e5e0d96ea70c12c98fba04e87a8923b0c137ce0e3af69e42c2b7d152c11eba3a51950d89ad34323f7e89c1e276
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5dcfcc4ce47aaa67e1eead3ccc5e9f1c0
SHA11c5f6ba2edb14b120bd03d6fafc91b779337f108
SHA2560bbaae0bbae71e82e082322c15054fa6da870261134a5827d46106ad7aa05baa
SHA512041b71d5c140375fd40938c49ab6f7572d602b8c99a012626e6dd8fa791ccdd5312f54a5febbb680c2776f42b9c5f8aafcc1dd8ce0a37c82b61fc7b226f6c657
-
Filesize
21KB
MD575b43460f50846b686a8742f22854a47
SHA18e06acc6679050085f4448176d7f5f7005a39a64
SHA25649a14f9917f3a8c0fb2342fafc61281e75d9ecc6f98b96d64ea227c5c60e7581
SHA5128b84aa0cfbfe21382f68d862e59f7714ffbb1b7b52650ffafe3ee83339784bb5045a0650e17f2da8a31dfc04d906c525a47b739d680670c447853e32ddd209a1
-
Filesize
1KB
MD552d8d1bd36dbe2a24c01bc608651303a
SHA15d9d56877940a93dc3e989c3d1f7f1a5c5bc8d8a
SHA2565c9c78c0c41fa781a0be1c103361173f02d321c78dca1000f060c75dd22b3744
SHA512d94cbf2f3968f8433b2ea4b190bc7a3e156b72897f8a9b683670753bd7cff585e2192fc30612cefa1993ce93a9373cb9e630013a8d459824a6368f10bb2c2a39
-
Filesize
952B
MD562847d71635f39842e053af004597f7d
SHA1ffb31261f5d0bf4b0b839b12666850f243de0c1e
SHA256ac693d4138ae7f78ac57590f95c570e42e5afa304db50b2e8135cc8308adbabd
SHA512afacff400c901f86d7be708bfcf634f278ef3a02c629a61f10ee460a6d02f14edcf49fb24b03318abfec79c256c3a7b697f4bbdf1dfa67569c716289ce8a3254
-
Filesize
121B
MD5fa98f9eae3cefa61cadeb10dbf722bba
SHA1cb865773a1be8c026a039aef89b2faa697592708
SHA256200bc152c0abbc879ca964960ee3d2e8fce761d40e47bc87d404d7b7049c1813
SHA5128dc3d522e9ff00d83e6df8a51a498901236181b92f3b5493396dbcdc0e91e92a441d7124b0a71ac547706d2d7a709b904b53c4e4b3bb982f91b015c9289e9d6d
-
Filesize
1KB
MD5a5a61724fdb88a7020ab3b50dbf2bb64
SHA102ac15e8c7bd6551311d1031d792f53dc34c9559
SHA25683b78308d1c904c310b2813335ac0eaab0ac7f68102ac77721baf2069af5726b
SHA5127e8b49087c70820bd044a5475b0c2c4cade72dfc6e9bfabb3b4f54015377f53b409d876955b91baac4bdb18a800f04d2fa4e7d1a26445747ef81692bd29d86f3
-
Filesize
8KB
MD563f4841854acf4e6ae7cc3e5158ca96b
SHA1fd26a642499f8f58adf72afa743206413517c93c
SHA25652d011d9059fc326fc16979957955647ffa804f24b9ed31051d64c189c83f95f
SHA512ad0b133c18efc9738ee454f92316edfd8b2b7075101a7bf16b319d34dfd10f45a5247e68e44583689cf1b21790273a8387af49e234d106ada1c1dddaec82f8a9
-
Filesize
61B
MD5b2c1184e7fd1dccbd27da645b4380da9
SHA130badd4571f375702e1ad91e0c0a0091f88442d0
SHA2561b21a0a3303bd95044f19683d6488950b5479987441c7545d10a609a7c0f3059
SHA5125fe9b27402d7440e3154b5954d1608c12aa7f46c338059b3f6ac113ee671a2d2a725aa18bf5018d0a65f17f3e1a9b92b248f27249a2769c2e25e643d2eb2965f
-
Filesize
914B
MD58752dad203d093efabc8fcde90bb33a7
SHA1dd2f639ee6be8cce370cd3e625cc85fd60df7054
SHA2561674086cd4c1e20570a6f22f1c4136be5b57dbad39cd45e943c7f5b4f8cca39b
SHA51297e881f5976ad661c7108d390f808cf7f06eb1677fbd2133a71c2889f635df55fd4076d6021d2034df66b1571baf84655356f20ec6d02f8daf1016ad7c291004
-
Filesize
90B
MD5ae55b0d7f6db42451534ecbfbc08a620
SHA101883721d27e53edb773ebdbbd16471362798ab1
SHA256fdadc7a2263a6c59d55fbd60d5306c1b6e22e6881c003728b9f2d7c1fe00d55b
SHA5121ee105af2b640dab244df8566173b06799d4911a98ecd81bc7c7717c9cd314f48c847e8114fb638a4300e1edda1d59b69f699ae6d6b3cad143942a43e81ea425
-
Filesize
90B
MD5c78bc2ef6d81925bff54fa113a18ed4f
SHA110991ec46692fcb92d56fb39360cc6faeb20c33b
SHA2569997bd274c82c63118bf6aaf4afb173b0c3e0b8d932fab09cbe66495f476ff54
SHA512ffccd11a2777d5c7eccd87c19b99847ad5563218578057a3c9c7eceb9f0e1bcada7817846d43de9dc26a489c1ac3a2db116af304b5a2634dffcf0637f44f3580
-
Filesize
328B
MD52f02337e7c12701c0a53c008d21e23fc
SHA1e33543a392152d4c3dc6185c13d451ebc9ebbdac
SHA256a210086bd8a479f92b0ce37f91a0a3d58c68e1d4aa0b098b36cb540f481d127a
SHA5127b6e77cd05b88fec1e4ece7ebb299e6a76852b96a0da0f4e0ad44189f8aa90c49b5d31f0cca8aa83421eac24fd7a1fadb52eca22d10ac6fb0e0599d47d82483e
-
Filesize
1KB
MD52eb823c83a0846d4d0593ba3b639069e
SHA15d055b5ef912e0484d477ff2ebca3d3bbec8ed05
SHA2563609eab7ad2d5275bdc974586df7af98b593a316fbbf49f3e0d4cfb8546232c9
SHA512acf33b59527b61c9a172b5952613c3c877be893c4616185ea0a56f6f6ba28bfe928b17265d019afb2e952b6a3eeba89d26ad8fd62c6db9c7ef96bc12c5ec69ea
-
Filesize
162B
MD5e9a2a71275987a87b7c5983fab2621c8
SHA1d243ba959fa6e6e5cbdba813df74f39593b79d8d
SHA256e5db18e48ceea8e372e4efda6bade2b974abfba6f1032d5c0352dc37366738df
SHA5120c5269656e302046f32850efed4ca5f6d4be56bf01e247a23309db35c7bbdd50f27219a02e2aae83a37801024ccc090a2db468974c4ebb8e08e10d0776452b8e
-
Filesize
586B
MD517cede4723ef6d78b7c6c0084460eda9
SHA1a74f205836097cbae757e3fdb5b76a7dbc087c5f
SHA2562ff69d5724468368fa6a51cea3ef08ddcc6a1aacb454c9268738a5db696dd38f
SHA5126a19e9b321af5d06d4b922e3cfeaf5f185f233fe85cccc48ae1432630c4c992ca1c60147df0b3b6523890034ffc558484cb0d268e66e8a17ee59bf81065e2b01
-
Filesize
124B
MD59198f8109c21b7a0056a51a98b416ee0
SHA1295be83288154320bf7c4cc0a89a4e0625555d26
SHA256ee5a3fdf11bf281225469afd0c46cf00195a3c964d7c80ab3dc9a120434fd465
SHA5127d81ea6fddf3751a534e0d858f6f3e49effd53aa59229c72dc99c99f08a277b8747b0f0ffc41897a21d687259e9247790fab39ec2676766195c13bbd54c2680f
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5f8cec8b372f6292d53888152fe68cc64
SHA1aa9c341bbb50f368540abb34d05fa65667a38787
SHA256b8f669b9fbcc631bdb9398ab7e8d1d810de7a19e420047fad0e2c5234badbc98
SHA51247ea7dc2ec4888b9039cb86b21b1faaecfcdb20213f99d98696fd635db47e2a240a55d6bac3aeca97f81bd4abf2e43a7b57c25c35fd1ae58f0c780397a701ac3
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5b86a5658251dc236e7d4c4026a0238d1
SHA1b0dfb83d25dcab7d803488c317cd60ce97b8b079
SHA256fe36fc47b98c06394257f38bccf4cc95df201d9233408e5ec3f773bcf834a21c
SHA512fd19881f4bd43fbe1edabfb977867337bf5c15f7ce91b0e8eca4442d79fe9b017e4c32e934f459c8fce013792917fa2015d5361d7097b925110d0e748a43a027
-
Filesize
8KB
MD5726403849e45a9edb39e58d905009c47
SHA1929fb20ea2dcdc17c6c28d29eca76343c4f649fa
SHA256f226c02009c2359602600e64b8feab279308c1698bc57a426861e7d5a4368c9f
SHA5121df27a3321824248e58cb9319ca8e60ca9a482b3e26e27b0a91d960bbb8d9c1e4022efd1b9dbc6048f171188ef63171c5743175990368020c27072d979c9b1fa
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5a9a2669e3482388891dd58adfe1d9764
SHA104326a5d7c3d0118409734f9245a46631435b667
SHA2563924d719ac7d798230770a9af0c0884a824f96a7ec893317ca410ea5120d0fab
SHA5126621e4d4d7f7cde6d880e5ac1283467afa420f34c88271d8385c456dd4409f8c55e793a8360a780d8a2d80fe8e23f2e1fbbdb0c9e7f4129a8f50156f5aa473c9
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5f93b53a2fc2ee036f37e7b51773e9688
SHA1fe03bd8e9fc048fa4daad4063ec0357d445e541d
SHA2567092d09295e072afa81e9495fbe665c50baf5200d2597de1d7e4ad78f1daa2bb
SHA512478bad4d70bddc2e22955b2b633de6f01b10da025faf06c1199fc94fe51bc9d359951b7f82b7f9d014e44bcf151d9896e6d7574878ad5639008f3ac8c82290a8
-
Filesize
880B
MD5afcea2db8d5abd95d8dd249583993eaa
SHA1464072a6ecadf7360d8f4d44d9aba0e574d141b3
SHA256fb4928ae6f3d318ae50cfab0bebd677a1ff7ec533f2d213c134def21bc099c39
SHA5120e769a9f07d886cb7ab47bb680ac0803637c7e007dafde256c54168a0ebfedb5f81671ead3b1e551a4beb0613a9b24ee5ecd4449dd68f77e3f75a26f3f0cfce5
-
Filesize
49B
MD50b6c8ae97f124e9875d27564dcc0ecf4
SHA14c84bf5c64120ea7acc508550d8c13eae79c60f5
SHA256cfd561c3c8f26f7dc7398196897ee383db2b198bb69584f6db6da9dbd3d6e030
SHA5127c5f67947b9978ee00056620b26a677deda19e574852a324a9f6f4012b478b44325c507465eb845612527fed3617a5cd4ffd855126779ed3123602d023cb36b3
-
Filesize
1KB
MD507ab590f7cf749d966ffe6abdb8c24c4
SHA1f824eca1cec736ec9139cf37e100262698d4bcfd
SHA256a1148e7629a97df5626fbfcd4350caca0a6aed9b8f467129d46111a565205475
SHA5128b63f15b267459a76ecc6a8bc4059605500a382fa5501c1d6d8b6ba277b21db4c573c2b33f6236cd205e0df7e373248f434ade139ff361bc1e054ff6f72b6e65
-
Filesize
1KB
MD56fefb53ea6344a9e2ad32c1cc303dcae
SHA16e9f46a950c25a657c54eb2e502791e809635b49
SHA256da75ae550f8651cde048f3f12282ab8fad11839af1601e1f8d5fec8840034c52
SHA512692c815974d485ef158c70bbd396ea96cd165bcbaa84d35f3752cab88e1ec87e1d66a93b7248d2347a0b6bd2358398ae71377e80b85e141468dffbe8c3214ea1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk.DURA
Filesize1KB
MD5fd4ae0091b6d8d864c8dbeb91fdc02f6
SHA1a3db1c12bc9de01595e0839d40e9549adf0fc6ee
SHA256b9acaca30fa72445d204d14f5dba0e27b5745b068ad6e44d1dde7529a6fd87b5
SHA51277b60f9beedde88ae80a0f05fbeab99266f74cc84e92c9d7fc366340fc81b0b7e965b02674355d87cae6d91d163ce01e5e5437f1fba2f44e3861811c55130293
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5121aee237f0570b49870764bd8557c95
SHA13cea3b8a83f859b0acac835f2d2800f2e7ace416
SHA25606078ff9937a237cca1062741c21d0f1e29f3c6811d5118829f3bebded561639
SHA5123c74bb87a6560bed5f5649cd3e5646034d4d1c3e39b9e25a1afa195174651b879f0934816247d3cc1915f486107988d23ef104ea475e136550ec391ebf8eaa55
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5ca7dabc0c4462b824c9e82cea3acc31f
SHA15a8da8bc8c127f5e770a5edba7b0e02aebcd5451
SHA25639104c2a5e81d72f8027313f4688fdac99ac6291a987729ade61fdbcae4d1609
SHA51233555e56cef473aee4cc103771959614d400a6a24e3b75c896135021eb6d197cc53e06650bb007744435f9da93be784f4eff899af6213df1cbc2b19e25ef8d2b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD50312c2cde89d5fc1a56eac3b0e4040c4
SHA112aa3711be6a2a4197815b820dfa0c473fffb0b6
SHA256639c2a7c42f21a3956d4063e28595fcb5f45a369c68a8d0a43219694f1eb79b6
SHA51290ee9b94bd3faa58e73fe1f79eb04492b0b34175813d0056e15e58edc44f48c6b7ed5c09de4eca9f34fabd107a4f9d5c8316207161efb322ca79ce089eb372ec
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5b63d12eed414cc99ac76d8519f5ce388
SHA18943c4945cee9b6020d136ebfe45f7d8bcb1c3e7
SHA256ed25114f3f43994fa37a6dfd60930f0ec2e330c6088d39bda6e64876806728b0
SHA51292580f185538448fc7042a4ec479a8b3fb051a2f1d0050da9e0b7bc041671b35b3dda2549277fbcc18958686010a604e4f6f327af6f1a9cdf56df9855a7e52c8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5c984174231c511d4af6b2a6ce0d04b62
SHA19b41b594159242ebb2cef6912f04b7853db94734
SHA2567f569d1ad9e280f247aed57442873a76e722c62501b01ae06c6ccbd73d3d0ceb
SHA5120e00f56f28b82a4aa1681696352afab92b4e506558d384ba49300f58fc38ce19a58c997c6d8639fdda3735449e218138b51693cea0b0a448b8523d68b75c9476
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD504d5eb2881a7fc9f101f3538c54eba1a
SHA1e453e6b34b3ab7ed3ebf1ce34c479c0ceeca6aea
SHA2565cc430364120243ed99e153de69a19e936b4d32a5f7f3b9179315287868a5929
SHA512f60954dac6f092a4de8aef5398d3a09bcca54a9dca8f01f1ce7fb1f8d6c4b10efa9652b8d1b8ba3f5776b2be3bbbd45a18e00e39125e066ea293141e6047b318
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5183e86c0f3cb7265606e729558b9c997
SHA172786907af280930c6f96d90a184ae1190d2ae1d
SHA256507a34a56fcd41499ec955927772c9fde51b9c7048d752cff3698a0ea443b04e
SHA51299d66a57633b858c2b4e599036bec47ae0cd48dc6720ce2d37bba2ec4606140e8d23dbb478f3aa432b90ba3b95515926a61405b3954e158a1f474363431463b8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5d9c23b5d89f4d991d983d96d7a50b264
SHA16c409acd851bd3ea1302541cbbb1f9be8c8592cc
SHA2566c87dfc4c9c41d7d2c470e3983404549c9dd096af9dac70ed7ac24ab0c490084
SHA512b0cb12d8277a8ba2b11f84173f8d1277ddd117a76e88e60d6d2e465789cccdbf4e5890b2eecc4a164ce76a7809cedf91262da5f16c54dac446f2e79684029677
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD58fc221c60641a5ea4e2975dc8fde613b
SHA168493c2836684b577c78724b25d96318b18d2c11
SHA2569b769304ac0111a6fce7512b0b9e7ddfdc83e3d32e5548c43c8c94123f204a33
SHA5126e59a6adadc76806ca552acc8d62dc1bc708bd7ae5eed10822e52a8a4efe43e6fc5367436a5a543a2afea0c3982051b4dada89e270f48cc41876fbfc4f3aa1bb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk.DURA
Filesize1KB
MD5a3e7c82d351c7d5b9b0706c222ff2708
SHA1b8bc67b5af05bc1e0ac5ddbc22a64a293f4d5357
SHA2566e330cee7c0ed39c4634c26f7888eb79d0945089b9b0d091341a37a585779314
SHA512a417bf29b2c4751718e5e7ec80996b0eb58e6d87ad49cef2640251ef60d0203a9ecdde99da1db0bb49e8291d7cd23a3dcec24046a1f03971e4e1268ae409179c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5bdb55c22a9d97935054284546a4709f5
SHA174de0f0753bd2793a96eb3548e491fc16c4e948f
SHA256dfe771130f37970b9c281c044152461149a1e491532cff664571c435477b1a89
SHA51295954425c4d9fff04cdf14d142f0c7e3719e361fef3c47962c08b370eaf8c7b1eaeed4f7d72b1b3f68fcceacbc29420adaa4390be5b74b42291e8ef2371281e2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD557288f4ec04e6a115aa7883b5023dfde
SHA190d431d059f9b1f6434a3598290de3fdd9f113d8
SHA2568669644556454fbd218ab835f912ab82658ce4e9b748927e996c26dffd190061
SHA512dcc663963180dc65b923d1bf3814e4bd3f5bccbe2c91e48068d119547dcac0f2391d1a28cc3c03e9f057e1a1a74f9a1f91a5e176b91df52dd75b1c408d9ff2d8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5d2928419e309a3a83a1cc58095bb88a0
SHA10a4ea5b39e7122832fff2fd66f62669071d94ef0
SHA2569509da77a8861bfc25ed65d5aa1d3c45dd740fa6b5d5888b9a228fb23e69c0c9
SHA51283f0db056690963951021695370dcd30396fd840d960e5f2c16094483060b287f2f66c91586fab4092d874381319ce7b0196e1e0f2c1da226da1582d18f0552e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5552438d767f5d73e6e0bc8a8c72350d9
SHA188530f24463d308cde4998c5d8dbe40c1d226364
SHA2565c297f1e345bfadb284908d1df0a98bf817a51876b36b0ad837491d9814233e0
SHA51216d0dad5a2eff44045b059322df5cf347fcda1584576a569dd569a43b1f5b11439e206a8f1ed0e1483c9cdf793f5789b03de303b89f6853c7fe767797236bd1e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD53e465d70d283d8fb552def3ca61cd078
SHA1ca2c64ed1dee4799e6d010309089670c20c0e5fa
SHA2568434ce289b3f024160e7d3088f7a129d8c83d6eb066c2d6ffa437ee3afd447f4
SHA5121cb4530414f2a458a43b8e3e111ad607b73b5685482bb41a0ed941b3a97e2d1622b5efaccc5243ae42f75f45cabfb3877444a40f61e6d134e1c6456c262a38ab
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5fe76a632603ab69deb23b6325cd75552
SHA18834cef035f9cdcbb14fd64c590e450c1cfea1b0
SHA256ebff19d376653fa8b3b250b3ad67d27689a909afc7bb403e300550c1cdd7d6e7
SHA5126a14068fa0c53ddc2fbc0a035430ab2740a86ec99f8970dfed8cc9b2e9293daee3266dee65085fe4619fde104391f5cf7ea3354bf39754509e55b4c44941be1e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5c651f0105d3fea4d377449bd3c93c34d
SHA187df285a1841dc68f29c18e8ba9d2fda64a57777
SHA256e44058e28dee319160f549a40e2898375fb1e7b0b49416ccd11398d533d87c09
SHA5123e3bec762f257122a844e29afb78eb89d67dfaa8261e4f4d7523601cbe047a3002b8c6b98ea5b779e8500b7a765d8874088c994ae90f4d45e1d43440f5c6f288
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5afd8cd7d8c5a24b4a81315f7960e260e
SHA1e4614b6bf6d949bafa839187d24ca606e62d915d
SHA25698841bbb2a64a2c15d95b3118aabbde1b34f5ecb0e8aa04b2d84b7f3405f0426
SHA51287a7ab3e3f00f2795f683468ec23fcfe991b99c39cf7479bb62831ffdcd47e1c75aa42c2e85e34fc305ca0c4906a6f81c6689ff0f742adaad2017778a78f72f8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5c9ab349fde25483457e2f0b1e81c8d22
SHA1c5a8bf0376e6aab8921e5ab98397faf9dcb363ae
SHA256839100a9394bbbf6483f347fa0959217677815f653dbe5f345daf7ced4d04b30
SHA51217a2103f94346ee444bc5f8684b2aa421e0ff9c9ca3730b751722938374076eeebca015511ed65975e7c335a8d6291edcfb32c45bf93485a7e355fe70686f0c3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5b9152a4b65bf0585115f5f6bfc694579
SHA1c02ee0ac3e05c626e7637a596cd1b3a1d96f9127
SHA256f7b3906db0dbc5a106a6f4b4943b51e4b6a61732e88fcb2ac57634b1c679a6b5
SHA512a5c453e83d1ab3a33540e0bf3fbe8719a32220aee13c70b0e975eac0b9c342e6edaa396a42397357e9554decc7278da80685e27c08883c2752eb33d423b1f861
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5ba490142b6d8201ae97862ab8262bb17
SHA1c47603452c6ac9f1e0e2c7a35d12e4dbd5755ac0
SHA2561c9c3f6d3a485004f50ee2a390d27aeff81e674df2782b3b0caddc06b3be617c
SHA51277d19e1b9882e730b381a27fb6f302532fb4af0b0e0f0a45f4d0d85ab36b0a17ab47ef04095f9a617b58204300ca76467c2e43d28e56c81f41959bd95592a575
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD54d55cb02751496f5ac8af86772b72e4f
SHA1be22743b8efd65b012e96f5336764182311b0740
SHA25681e3d0507cc36908458b461addc64b12d7543ed47b4a2d9974fad1d1549268af
SHA512a591bb15b5481daf9dd8965838382edf9e8b3ce3eca3dfb5c2aa5270cb1d520a17cca8c92848d3bffa0054eb31b066e0261a59c56ffc44c399bdfeece8e5dccf
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5cbc64d8cb9188e28a1e311835eac56c9
SHA1e6ca3530a86bb4f7659c5354c530e9c4de3163f2
SHA256196832fddd8cac89c9e5d7ea8467bb387ee1125b8ee702cdd0e5fb2adc7f0a9e
SHA5126e61807e2effc3dba873e509e3b328a3bb811cd73d221ed42515d10abdc41a0e3fcccf9e7bbec121bf3221a86eaa50ba0f609603de02b9dd179d5c25a4e84c03
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD506bf05c84cfe68c9b213a7e699d48e55
SHA19156119b1a85744710c484276144e7fc8383d8c0
SHA256929fbac4d9747295b7f343ee9ba5121fd450b2c9c651ed38b2e2a7604a4dc0de
SHA512945e37911b9e2eb058a58f65addee8a7e26ef2210e163f712b4ef54cc0c42850478ce39875db46368b5f3e4f6751706be6e60faaaa4734da6bf7b6e85c11ce82
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5d8a813cb49915431b0dc2348b160a4cb
SHA19473b555301409ef82e929fdc392aa9852aaa04b
SHA2562f768fccd72f87b2d9227d936cc785cfeff7e4786dade9b7c2ee942a475bd035
SHA5127938b353dbb744362154bcec0f26a6e27c080e7cbf17f8dea1345557f8c29dac8dfc6e8418f84542053951f408a2bea35cc0133def4cf10b692ce5887cf41c00
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD547aeeee1eba275918a9092d93b592d78
SHA1f4a7041c77fe4368f20abb5b98cb073e3aa16825
SHA256f8b6460df89b5a969f99e00dba61bd86ff6ef55733378d40a3c803f950fa6cdb
SHA512ef0706339cb67c15141b499db282c07c1524e9b7c6ada800476a8731aeb3eb251487097d04cf32f5dcc36ad3e94f9e8d3a3c99da2d37f71c0992d8e9e30dddfe
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5b4cc3b319d817b1838ac1f27bdd61c51
SHA1019115d6d5900eb71a164b36f1ca6c4e13ff8679
SHA2569b3ded03c7544b9d471bb00a7301a4dafd5cd34419c725de990b8f6c4b20664a
SHA512da7975420bfcec3869c1da52cf500e6f579ae0aa6e236cda264b94d0a5929a63ff6f96d6e1cde28f989becd590d4cd073f47ba8cfc3f9762737c0e757a864456
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD590093dcd5e5f8812400bbd2808a49d3a
SHA1155822a76b8f5b791bbbef2eb6dc6113a60c54cd
SHA256b76735a91977057dd593ce4d50622988eff650b71061d0eb049bcd760c4997bf
SHA5129dfde78ad7fe62caf4609b60e2c1d31514842608c834948a2e258592bb752294a971afd3fc8fe596819478cd8ba3e72f1562a10c8cf0422704e2f0e3463efb95
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5cc51cf3baaae5d2139b37b511a2d4dbc
SHA1abc0a805c8f88477d24793a18c24154e82bfe1ea
SHA256af52212164ca621c8952faba2ff37f45dad110a6d60313f9b5bd8d23835537e5
SHA512430acda34f8736a4b6122c2dcb0c95b37408a70fa150965c938f9823fc611970870e3eabf9bfcc19461da6958a757e789e44bac080dde7ef7974cabeb811557f
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD583da30aa7ecd18b8f938e7be6971a997
SHA13f5c0ba2b42fe2ce430d3b7a05bd67d1d62e59d3
SHA25643178b603adab5b59ab2d2e4a2746bf5932cb081332f61735bf1e0f4989b503c
SHA512e33fcb2847e3d1da43f6b62cf9abd0246ed57b98e423d3b50c7cb05c51315302ebc048499bc0975ae85665a59cd3a6f492163ea2a1ed27580c0c038cd18dc149
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD54cde88e64d9a12b677731fec7c597e7a
SHA1ab2a54b27ceb885a8edb848c70b752eb462d4146
SHA256088602a116930196c8afa836b892818206f4806a0924cbb27ea0c1c23eb313a7
SHA5127bed211b71698e419539188962c5ac8fb737b67b4fa64f00a92b8f8a62b11422f2d2140db3cf55fbc2d609cf21e98944a84551a9a1a8406e776e53f8d37a4320
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5f90ad039e2503fb939410c1be4ddee36
SHA1e9859a6b3965a177d69aa134cb5d4ee2b3e40df7
SHA256791d177f437008555e7e44dac96aff4b8590a4257d5d7bcaeb6826d236cd52de
SHA512d609983910b9bc663e19c753434420cb26aa5a7020cb5c5cd992799d652e5e9c6ab8e3c34327bd222efa519d92c8041583316153fbffe6c7a546ba4400741171
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5c98247901dfa4c89b50755df639b6e45
SHA16fc6e5c4bac8697ecbf07d8df7ca7d8d1f5879e3
SHA256f8e071ebfc574c161fdcb593e384e411e3177807fd314690c5aa47190645544f
SHA5123ff128a34f7a1a43130cc03b1e221bb1a00e8795814c16f25efc1c90a6590244203ac240101bc3ec70a664cb8154185eeac67219485920fe853fd072f0128cc0