Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2024 22:57
Behavioral task
behavioral1
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
-
Size
7KB
-
MD5
647ea27f3cbaa4a260f9b349431be8fc
-
SHA1
26cc7092a922367b56c0d3a7be4bc2c8bdf1e81f
-
SHA256
732008298cfd71dba174d801c1544630f27d4329aad84072201ae6f3a9153a7c
-
SHA512
6f84010260edb78ed6a892db3e36a4a8df5b9e76ab247728e5f88dec494d8bd986945ab6bf13c3cc912a1506a0cc82eaadb3d8786334a0dd5f4fd9b71f5607c6
-
SSDEEP
96:5mMbv5xZxkQuKBW7Dm4p8/UDqpdONfG7NpH1w5kO2LgKQtQTLIQi1XDHxMUA:xb12QuKByDo/m/NMsQQtQTl4LxMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/4160-5354-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-5359-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-9887-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-10802-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-11177-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-11200-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-11205-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/4160-11206-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\uk-UA\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_8a98af5011ee4dc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_1183fd0f13045f2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_51d6c57c66e3de87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/4160-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-5354-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-5359-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-9887-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-10802-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-11177-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-11200-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-11205-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/4160-11206-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_altform-unplated_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-2x.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Images\fre_background.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsLargeTile.scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-150.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlMiddleCircleHover.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-16.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-40_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\MedTile.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg5.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-60_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-400.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_altform-unplated_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionSmallTile.scale-400.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-16_altform-unplated_contrast-high.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\2.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\dashboard_slomo_ON.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-125_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalSplashScreen.scale-200_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\LargeTile.scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-256.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-96_altform-lightunplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-32_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\da-DK\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SplashScreen.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-256_altform-unplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.DSC.CoreConfProviders.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-30_altform-unplated_contrast-white.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-125.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netutils_31bf3856ad364e35_10.0.19041.546_none_0e12549fa8e82e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ssmanager.resources_31bf3856ad364e35_10.0.19041.1_it-it_c60c724ea784fafe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-switcher_31bf3856ad364e35_10.0.19041.1202_none_c6bc9919830beaaa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\backstack-chrome-breadcrumb-template.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.scale-125_altform-lightunplated.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_9bba1ac5994e106b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-16.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.security...agement.policymodel_31bf3856ad364e35_10.0.19041.789_none_276d10a0a23858cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.servicemodel_b77a5c561934e089_10.0.19200.110_none_c3312681faab1241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_10.0.19041.1_it-it_87920e070cb0994c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.0.19041.1_none_9c0bf4fe819babcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mfds_31bf3856ad364e35_10.0.19041.906_none_83b2e84f7c2bdfaf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.19041.1_it-it_3e063f71f0be5330\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-library.resources_31bf3856ad364e35_10.0.19041.1_es-es_7d1c18f6a4da906f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..ileserver.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fa3b4dd89545c6b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wvms_vspp.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_a5be08da7fac07e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\images\i_inspect.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_de-de_996a620ae260fbb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-voiceactivation-hw_31bf3856ad364e35_10.0.19041.746_none_42bb68bd810a9055\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wdf-usermodelibrary_31bf3856ad364e35_10.0.19041.1151_none_cdb97472a02fc3c1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-100.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt-shortcut_31bf3856ad364e35_10.0.19041.1_none_efaf63248e6d4479\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_dd5f2e51b631fda1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_c_fssecurityenhancer.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_a0a72050a54ca11e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-help-clientproxy_31bf3856ad364e35_10.0.19041.746_none_a3434f617283f006\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-a..tionmodel.resources_31bf3856ad364e35_10.0.19041.1_it-it_ee317ed71d481143\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ileserver.resources_31bf3856ad364e35_10.0.19041.1_it-it_eeb7ee71a0d86e32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_netfx35linq-arrowheadsubsetlist_v35_31bf3856ad364e35_10.0.19041.1_none_25cf62ee1d7345e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..i-pcshell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bad1eea7f8969ed2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.servicemodel.install.resources_b77a5c561934e089_10.0.19041.1_es-es_fdd0c7d6c1835154\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-p..ng-winrt-extensions_31bf3856ad364e35_10.0.19041.746_none_4b6f731c58270205\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1202_none_7d4ea219d613c9d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_87c1b1ffd88fee0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Critical Stop.wav 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..management-coredpus_31bf3856ad364e35_10.0.19041.789_none_f00b638561c37d1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fb36a72937c39063\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_multipoint-wms.dashboard.forms.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f56c777fba2ec12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-onecore-c..ility-authorization_31bf3856ad364e35_10.0.19041.1_none_db507ca7672be4b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.844_none_f3894559140c31d7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-oleaccrc_31bf3856ad364e35_10.0.19041.1_none_396fa7245b21663c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..olehostv1.resources_31bf3856ad364e35_10.0.19041.1_de-de_88d9633b8db4352b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_d72ccd84a9fda486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..revention.resources_31bf3856ad364e35_10.0.19041.1_de-de_ec6bf005a77fec0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_multipoint-wmswssgcommon.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_59a8e3fbb3eb0405\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.264_none_d6c18d8390c0cd44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-100_contrast-black.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d31c5aa3425aca3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_it-it_65746b8a557730de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_b2db65716f3aae04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_10.0.19041.1_it-it_c78d8ac729b3f2dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-xpsprint_31bf3856ad364e35_10.0.19041.84_none_a34640623f68b902\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-m..factory-handler-dll_31bf3856ad364e35_10.0.19041.746_none_ed35f4de621141b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..-wmpshell.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2c9b494d1183e4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.19041.207_none_504b6becabbef9fe\autopilotwhitegloveresult-main.html 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-200.png 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.19041.1_none_905c6a851ca62951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_10.0.19041.1_none_b977d9566df127e9\wmpnss_color32.jpg 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netrtwlane.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c153b9708952f016\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_vca.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_21d001cb7c1ed46f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-media-mixedrealitycapture_31bf3856ad364e35_10.0.19041.746_none_92c059efb71fb076\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\ = "CRYPTED!" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3XgLAk5QZIO21lB.exe,0" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\DefaultIcon 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HJQUJZLBLCMCNJR\shell 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "HJQUJZLBLCMCNJR" 647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\647ea27f3cbaa4a260f9b349431be8fc_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD58b8d049c66504bdfc1678dffe568a0db
SHA19b1219252472fbbf1e322367c7b1468229d307c6
SHA2566cdf238984b5394c08095e067dc4f429f57c14f2efb502fa6fe07bdce7025dc1
SHA512a0f01f2347f57be5b4b6de38106287e700ae03fe66553d2e15362e17dfb9d243423beb7a515948a17158a55b1975b03bd17e8a75e33fc94f89380bf08a793678
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD506436226600864ac9682481f55eb9f1c
SHA1de98ddff17a441d5fad7e79ecec7bec63b848aa9
SHA2567fa4de5a301878c9a8ffbc33fcaed5d34cfb89c7c1b63b75da962aec5d921782
SHA512943d4ae6d44464137bd64261145ba35210c2ca946c91343eb7aa68c4d1e2f41b71b75e94435bf5ffc9036a0f8a5ee0ef9712b497a4ccf1b2a29856a2da41bfd0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD58efb53a501eba3588f847503aaf3fe5d
SHA12d56562b806b2f68a5c7595b3c93e1e8914568f9
SHA2567904d1eca415c78d5e9f46d7cfadd4c4bd3d53fe4b586d096e93cfc48962bf8d
SHA51212dd38aa4ff6d93d95fb6c495398f444346c5e47136c04009dec092868b65044f51b2f8958a8a316c2708ee31fc625e369353e1539d09a899e04f7626ef6f0cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD52d1b37c55b3be13cbe4659c3aa0a0fb8
SHA1f8d5f7e6cb7a297886953863a3cfba684d92497c
SHA256638a8ce3213e9e889e6750ec6f8f24eae96cc79ab0dc5fa898c68bbe6c4b07db
SHA512b85baa3477bdcb3bb0fa812a0aefac84d9bdaa2b815d3a5117817bbf9c723455ed4650dbbc5ee274db4a16fa15d3c0b0a284145fba4d604b0ae6937bb3db838f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD505b0b67368a68166f2230bc82d99a38e
SHA17d49deafee23ecd4d992791a3fae1bbdca10bdda
SHA256c2cc2b9426a02c09514d57cfabd3dd2078d2b8e2f08c67aef6b4a35c7a52653f
SHA5124d698736d8c41058cdf993613d7b22dcf81930acff884e4bbf11674e354c4e60f7f221ae67f014b64df214bc727373c14177e4855f59a25d9caa762a1a36e932
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5a7fdb9a59cf04ad0dbb64f225c8f2c2b
SHA1b6b9250ccdd349f2e3d9ca4fab11aa5b0264165a
SHA25670f47574346196f5d7b5af96bad834ea08eeb253a99d7f5ee1e9592328a15e64
SHA512b84b0cff52d20a0b8da70212a1e78e7b920b8b35e30685effff19d99aca19e2bd780f23b4a8b3fb3bf728bb69ca70437d150d231d2b7f31d15cf467a76678924
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5e21b6a391049a0790ac92e35655d2c53
SHA1ab87da520f88f7ba42efc50f799924394b5daed2
SHA25633b7708a59ac4d40ec7638b0361c25256d32f31b2d5b738759af5b2ff1bbc40e
SHA512d77a733047fb615ef592c0deca88f4d5c0f040757dee4f42de3e7c20c70019818f933b1d10c8b8cde272326945d32980e079521b697334629976eb32980f2d33
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5bccef4b71b948b984a4e99710f73bb52
SHA184dbbe64f8989d8135d0ed7576dd4f9bc653ef82
SHA256ce9fcb49b53987e17eef1b8cf7e58eb332114858a0079766f568bee6bc56fe7c
SHA512eaf7ff72dcfbe20469be6e767d6ff6725d256a8f3aa376b1f525d541543d8e6e7eef281e144d76b983f60d903de537515d4bcbaa6d57f73fb203080467003d8e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5ad40a91ce1dfab1bd1eaa403d9583d3c
SHA186095a01006ecbfd702ecf34dc2f5ed6b40fe537
SHA2560e71a93d951fe5b2603e7e72b8b336b4ce6a729ba29d45e8b6f68f5109d24e6d
SHA5129093d7863fe1c8b33021bf06a4e6f9f40253067800af2cde59f5393ff4621af6b8dc74cf0f3a347e2fc5d3268d72cca758239ad796c83a516021a9f3c508adff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5618c4f3cbb48f93546e475d7f89e826f
SHA1c133adb16a27742f8039cb43f2ceeb94ee73f0b0
SHA2563fdd6a8218d8bd4d642b0c34025d34fd0465adcd6c0161b9580795fcfc3c363d
SHA512aa8088e395fbce928b48998728191166ba55ac8f273366a6f59b0c61dee6988c71dd904bbeba7ab458f82fd91897f085068d5601ded546fe5d4835d2c8fee784
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5679c5d28f5e78143dc1f58dd20219182
SHA129ced8687f32e926588c018a16ab62dec201543b
SHA256e1e2b3418508e6136d5ce13e3cac66b0e1b6409e5d06e88b991c43047aa803de
SHA5127433b8a7915aa47c7af54a32898064c2980e48f88b73f7a4d719754eacb81cff1787122d4e0420cb41a4c3713c24dd441d5ab300129cd28e9e910530db6fd1d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5dc2f04685c6e34955069a5345718dc45
SHA1e9c8f6d3f17420e546f3b3ad664a93d967ec0db7
SHA2566ec7427e439e64ca5ce219cf8431e4b1667432fc31034429bd61750fc03d6fca
SHA512c48c7de0a3bcbe43eb9ec2826aa41751c4f9070b959d802b25ca44e55a6229f524de0da030e80e2a3d664515c83f35c0331e38d316762810d5c5619a5eb63fdf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5c4c4b6f83186923f98728182fae5b372
SHA1329df9f89c75aeedb59cbae328ba4c248c0d1016
SHA256aa72c05793816fab9b16ff27ad1ddcaf1f4aec5c6cc1f2e4925ecebff1c9fd76
SHA512b0d16d47f80fecd983af9e0f90a142e47e0a57298f63643b3fd2d5c8293980f9e9003cd634ae84cb336b7dfa0f7298009414591f8f293c959d4b9033cb118179
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5421c88f266db7f9ace894617c921e1fc
SHA1e860c10300e4dc43f626420c16a19814085e5a82
SHA256db5ff3fee6b54a4288d9d7b9a81e36261bc55af3cec7008e9547da6f940f333d
SHA512efc5da7bb7a90db01712a1810734c5db794c83e3f60407003aa17b7959e501e08d75d1007671510ea4dc0ee1091a855e369a41b779fc21e99a5539a27cfd224b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5fd907bd5633ddf64dc686d97447cc1ab
SHA1db64d8abc875e0494735a08d0e2ad81573f099bc
SHA256c8a98db6ea7fab6629102ea8d56f870eaccbd6f6bb7f5030c4674aea2cd592de
SHA5121bff99b74ded3ec610dfc898d05e7859bff94d6989a8bd72dc71f14f9c0f7ae3209aa945b0b9c416789e48e306b0f006e5796fe4fadc54d2ecfb438989efec5b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD537a306c72fb6c81de395c40360f78aa3
SHA1d9b889eb278d7c85070b5905bdb3058b976d9a72
SHA25602ebff342de7ee035d98d227908cd40a61c6b329b3cf72c001f24137c7d9ff71
SHA51273c4594bd789261df6a17a617022abe9c75336f4b20ecda9007f42f69075df3ec3353c0fcb3ed094f73fb84c31f0d972b05e4ac1e078e1f15cbd47be1a327f7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD51aa5a77b4c740d514d2548dfde695e50
SHA183d7e97bf306d5826ac51a5210137a81ebe4ebb8
SHA256e9e41a7191e891324faf8a2ad30a87c839f1981606a0d2b01a941060b57c0742
SHA512136eb8b80ceffd5621b18fb7078d8d91cdba4f5376f02ec699b0ed9d9faf3e1423578483d05c7b4f5e519664d41e50f62a0bdcb136f72d0059e0196001e06606
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5fb1001bf348af67ef44f1a74a9ebbd82
SHA15805ec134fd77064d2f442c340c6b530f232e2d7
SHA2568be8019ed61e463ec0128ee9e2576c33e1538dbfb81b6d5225e05ff47ab06b9e
SHA51272f9fd42440c344bab240712cc215dada3ae66e7792c23d858d0330c4bee89d7ac7f89df0f4069cc917502d3aa731e19b44a6a6e09de8a1717062fbd18aa9949
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5e67365f803e5ea363dd3f41c039666df
SHA1d67b65b4ebe2bea44a8376ce80b03adb3bed2737
SHA25633907c4a1b049908105e3e02b8b5f858fbcaf713d6c2235d9117ca81e11895dc
SHA512e99ca4266c1833c38e5adbbbd9de18a5cd7ba15c21c5d9a1332d16f1b1b8bc38dfe3eb1608c7b8d247f37aac5991aa20d6d6283025ddc390852c9f78dd3954ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5fb99fc23abd6f55ebb64d7c973afcd37
SHA1ffd9f58aba2db5650f4e2dbd26cc1fdabcc87757
SHA2563836c000801966f5b45bc79c0573d7fc820078406a3ee36785aacf25a41a406a
SHA5122df6cfb0de75f008e1f7a2988b666ec002a63de1469c7067fca362357a2500770a07d0d0824e08b7036eaaf2c2090e7ed11cd3141f9c19c5b1af0b4bcecb6ee6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5f69e4d2ffae012511d61a765223e094e
SHA1011c54a1b32c8991a52d134cca96e359f76ac44f
SHA25656542e45c3bf520f6f070518f50eae4906a612347f6f3cc0279d4268f6012666
SHA51228ec54d48239a2706c5f8914584ee4f6330908404d05c669e135a13eeae8bb0b8cead8471f43bfc32ab318fc2702b278d0a07f7ac370f51a4760868b1b351a5e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD50202bb30e013bb8915e7a15a3ee1c518
SHA10852bc95918f6101c53f9a73d8d6722d5f8aa132
SHA2562102379882899e66007c964c465bdde979ab0aabb1908d673d30a210123167ea
SHA5127429f2dae228beeb7a02dca3f311b19ca1f6e8bfce2066bbe774af4929a180320e400a19c5a4559a1d616538ff1d472b8f45b57a398d292898c3a39076c79201
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
Filesize19KB
MD52e2ce737c9d59a85e85a136f57b625f0
SHA177cde77db4f594b269f6ee2d8a2ba007eab06e4c
SHA256f092ad0b5bf0b8808b386766bac58c74c78f0752d6121d9063c389abf6da61e7
SHA51225e1a63b3403c7b00bee4215c32428e1613c54a99f4895ac63af0168f43921e82563062ed7f1c5e6374568074f116d1481a196212cf589dcc09f832b88357e24
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD534dd18c6c6e02fe1f417e21353f28467
SHA12ffc3a60752db104d6be77b5c30f1cc3fc084719
SHA2560dc7d13e6ae5b7e2d515895e6468cace51f70264fe592c89c6ba685e34ad27b3
SHA512d7a95208a3817288ae6ff946390ecc758cf0d22e67df8d6194ee16453b09bb0427c5f05e21f29a31bd5ff7523186cccf15622128c7f472a8dc17866e190fe32f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD51bea1d0a743bf2751f4d4afee1474ade
SHA15925e61d5bc22cda5d5c2591c20e4060f9639d12
SHA25662a4e74100f6057270208ba843ff8b8513c06b78f2c4f4594fb130b64946b5df
SHA5125f84a3f8cb097c1a16b2b96111cb96280a81df8490413a18077e3dbc1b6aea4d11ab27bb1ab998f963e22a244a36878e1e1f6ed1c093a6dd0f52ee8c06da4ddf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD510faf5be1aad44bf971ebe5b9444ecb1
SHA1faa5337c8568cc043669da64f92eebadbc2ac178
SHA2562cbc28dd1998d30d307f32a5add1efe01d1916be033c314856f40d384a33938f
SHA51253cc91d77402154273b076bd64e75c70a7924fa32cfa725807cff38ec16ff9c71c6d515941695903d2a20a42870db899c29d93b7d7afdb39c127ff0dda019b28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5d628642f911c1f15ba3b99aa6e9d06fc
SHA1d6bf7bdfb310a0997465c8128ba07b9d5328c285
SHA256d286f85b89231a834728538a1753de6b17abb33939c1783c31bbc912296bced4
SHA51248a1705a27fcd22a43c111184668446770fadea5bbf80f4fd9e23d06a41d8ca217cf1c24135f2073555ac3ba034366e65c7aa34dd50aa599cd5337d1bd683bd7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD54122c2ae8578181051d6508070025069
SHA19809965781ba9fb3cd9329904fac612f322353ed
SHA256f2eb754d20ec029d395767c0719ebc8258418e644c79a22fa12738e3292b8362
SHA512575c0df1076253fa28ea137271dd7ef41fec06381ac2bf71e11cb1dac51e0fa6a18432d46ae14447bde3fe77fc7a4fa99cd82b277b3cbaa33ee7086060eb86af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD50809783803298d2f6ea8d9898b529aae
SHA1a41e8a71edea9c9d47a9de6ea51370e73353d009
SHA256594061d1a8d0811e6f9ec56f14ab3f7ed348dcbfedf98ecab84d7b42c7aa6dce
SHA5121c43e3e75c13eb8647e3d80c697f7ffad23ae882112ff16244203acd43ee51cdbc42874786728210a2b3139074b5dc0f67addd855c52bc9606f918687ceb21af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD59c9260204c21fe000234418733d7a800
SHA16f4b46e0f6e193ea815bda9c3060e8ff1843dbe8
SHA256dfada79ebb9ec8a9a9f676250696a219f29e8542c9c65175d68e06b212f305a4
SHA5123378ef1d094b41f804073da6bca4956a2accdc63425e7950938d14ff1e355d68c7b34b5b08f78a0d9ea5f960b20fdb4a38c0beed8a564d68cf03f452bc4f9d7b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5e17ecfb6fc5114e5826bf23ad7f0da14
SHA1d7a2e8e6b1f272eb4768144afa41886968a83e54
SHA256180f5e473bb9dc9f0d378dc42b26b40293a3ddc3b14c19f957e6f7dc774598b6
SHA51245989f5f6124f143d30e1f436ef8bc6ffc68544a7bc6e539f4e84b75025e6aa33c5b7fb071fd3f43975bc1ee3f65fcb6406a4ecda0e2ff47b960b809e812f212
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5bd6f6d71f36a765183b5e37812deb732
SHA1c1ece897a5cf917cc717a7a3d5b451b6b4b69858
SHA2567986bd838bb73f6dd5191fb8101430d347be237d8ee99a4d07757a63b20b4bee
SHA512f6e0a48ae0c97662f2f4ca6d4e654ff3615efcaa56b8cc61572ab13c3476b7906748f4deb2f9def0ef1d410061e1617027b74f5cfe50e22df7855716d82c3dea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5dbb405de31778a8845898ae06ea316f2
SHA128896b143adaa7c19692ca6971d6e25a0c6046a1
SHA25683cc00eb5fe0a9dc1803b6c14cc7b8c4b37520d0622741c2363bf53845a195d6
SHA5129c44b8389ffb36376e431880c5db5e2fbe8dce451385a732766e604f6024894c41c4e5193b931c34b3c93f588186006cb8a076c08683122dff6eac3bab9741b2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5b07b0ed41733d1b5083450d4a760623d
SHA1309fed6b36ffc0d274a6876c29af3709ab857594
SHA2565cfb6a75a8a79920b86ace23cb6a5f87da178d43bb1920d9b6ebc62428c6099d
SHA512e7f56adb32f7042e42e542281a1a2bf8f7ec1ee17d73430fbf5b84d60beec25eebc69d4ca3d2af183889e561fa64e1f37b618136815f9006290c5d50612da106
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5c198a08dbfc67a61efac93c5683c589d
SHA19ef1547e03a3d909a245db5b7ab9a3f139da931a
SHA2567099f419127398190501bf51850f8db26a97ff8004bf049d6a60e7602e8dafd5
SHA512917ba209b45d4fd6831e081ce81f9ab8a851f568b7a38ae7785c953614c84460405f9aad72d4feac15a6cb004d569b35028fabab1fcbd67ccc8a9a3dd96fe22c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD51b353ab0b1236d196bbd4fb4bdc89cf0
SHA191b03e8bae0925258dddb495c45f09b22d177fe5
SHA2567de64953cc8ef2693d5e87784a77f4a5f3bb3175af1a1ef962be0fa7c065d4db
SHA5126ffa833f48b94acd1391ec775fd2990a597ea4fa0b5bcf3edf7ff2d8b6ba2ee68374a1cf6bfc47604622fa03175e7120a7056f7cacf5ddbbf8a4f6be11216462
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD554e292f735b55aeb0a26c35a4fbc0dcd
SHA1b3c6ee3bbc2eaade610cce8136d270c75fd7999a
SHA256f00e059ef40d5993009294286fa4a9c3b9b748c05c6d318c43f52af376adcc95
SHA51293e4285b9502c07e236b6362fb25cc3b753de4e29dde4b7c23382d33a2fd28a24e4e5b7282171e19504af0b34a484e92c4e206d16813deea67d083dd13450782
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD54d0f2ed428b98a2d7b9ef41d343e648c
SHA146430c49b01353511143dd054acb48d40813e0ae
SHA2568c3f51cd7c9d223cafb11653ff38a857eeb35f39b16d3882140dd53dc7b5e917
SHA5123afb5d7967ef09cfc0ac75423481bd5d97e75ce6127db17621fdf608496b91898b30e4e0f4e8f8ed099958c097001f41b1882e12c975b9481d767d1bdcb1d853
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5ceb2e4cb8781db62d7f2fbaf34a1f324
SHA11a8ae511562988abae084a4f0b496a0c7de5a165
SHA256e367f1604326475adbae6df67d98c2c601927d94db8e385c58bf633bf186295f
SHA512bdaad30a17dc4b7749446a2e926bfbaeb4914c2de5d4a87b2f77bff65b8d511a8dc7305e9a94ae5ef20407dae3eed2dd08765dd165e5dbc18437443a8a523dce
-
Filesize
283B
MD50798f82786161ca795dcd6a0999baf47
SHA1d304ddfc3bee87e23a2a2ad8d4f08b8ee557234c
SHA256a8e24865a0861f8281156eec1b3acb9e4a2e5b705923d39f07c860286510969b
SHA51280b9d7fd8ce4b66494bd27eb0783c8acf832dd6c493a280e5e64cd2e8a9e0411c93015896fe965a01fad8c974fd2bbfa0d187e9fa1beddf4089d9046615edf26
-
Filesize
153B
MD5b1a295e73a5b5f6a55a54e0f790e63ea
SHA1cd29e9e01272f86beb2a1f138a1d195493b04460
SHA256f606f6edb2f72fa25c3c7ddf3ed0ce203c65af45c8e98c0eb8d9beff8ed4725f
SHA512f7ab05ab1c74f5eaa13c588d7ef8eb2f822beb7a80ea2b1d76aa2fdc862627948be76261f772a754094f1f1941bf6d5aec2150018488beb30fefa1784d43bca2
-
Filesize
190B
MD5e5c63471d5b4b6d4acefe1e88785342b
SHA14e547f4e01de5a840790d596b44d29ffb087f26a
SHA2565df774981b2cd6051328d216c1ce6dab0029ba7ed5b12f46dd95e2be6a5c1196
SHA51266b965278faf2a23e1d96ddc922cc26b849cb8d656c2f7abd5e1337e4237774215ab505fc8618edee780c105f6bae63c3529ff76e463e450c827da159c506d1b
-
Filesize
190B
MD545c0b5e6f5ee4bf38b73906c44668adb
SHA11d6ae4975c73524dca658031c141c15e1c554e8c
SHA256bc3fba9459343847a2062c4d85e2155c2b086fbf0571b1cd91ffd1789b59636d
SHA512f4418a7da1f3ef2fda242492ff41ca6e5e3b6cdf7c21814abdf1f486a2a32cb0492ad7d486c733475bcfb742af76c0dae36a35bae6a6dc6cf15838160dc227e2
-
Filesize
1KB
MD5b13a76e2e3ac1a9da5203b219b938128
SHA10c62b321cbc7ef072a3290942e67823d8b6f40ed
SHA2563576e0d2a34ce861d2e74d083bfd784d5845a42ede3e99886d9ae705a61ae9a6
SHA512d6c9e9ed0a6a3bc25618c42838fe31c5bf6320b1bbad78bb34f7e98951f3d66ab697ae83b6922c6b7bf5a4abd880deaf4fcbcc9af82976904d5e08440797ea81
-
Filesize
31KB
MD521b9fb1833da9bd74530a7ee4f7476a4
SHA1cc567524a86d73d7d16239435deb4ffa102c9cde
SHA25614fbbd9ed9ec9b226d877ef66964204afed5be1439d24b461577bbba8e54aded
SHA5120be803d686f2cadb87fd1e3a5fbbc5e87606598f0e98ea5bafc7afdff8dc1606042ba614384bb25fd80c3c3877cd8249f4e0a4c4bb7e53b9c36a08bfcb4de7f7
-
Filesize
34KB
MD50f75dac57e89a893f84174c93d05d1b3
SHA144393559d25c0f76938e8af03de037ec89a53873
SHA2566b43d99792d874d04f5bb34bfc86134ec94a18199bd4822656db5769f45bc517
SHA512e7a0e237195389a922552b5a01ea93b941bacc06e87e34f88fa497ec1146c1df4b7f0216ef7469a225afecbe0f45773d90c605b90477ea03e41bc028dd2487ae
-
Filesize
23KB
MD594bc9616e4fff829474c82fdf54a0119
SHA1bcfc410b81b307641fb71270c829eb79a23264da
SHA2560aa902f83841f5a339d525e7f660885f00790cfedda060c5fa04da8eec24d291
SHA51281fa9da03b41c760e30612208dd2acf8fe632e84dc079ba29c52a043e24a27b82dfff4075198cae4d0f9808abe4bd242b121569c7b1e9116b451e02af153132a
-
Filesize
2KB
MD549de608feac34dcb7495ada0d3b94e29
SHA1244b825549d5a5ef7796d71670736db18e5d408e
SHA256ff1a4745f7056cb477049f133dd92f4a1eac8de518b66723ff900336aad230a1
SHA5120356264ad3f372383dd37c9c7d2773691f062e97fc33a234b32f407f06f0fc9c4f43a036c24847a369aef8d767af2987816edcb90cb0b15b8ac8015475553c75
-
Filesize
1KB
MD59d778b9be9ad9a7e284ba032653aa478
SHA176c846f4c26370c30925b00472bdd01422b239ec
SHA25640f69c6befd7e979820c5750609a795e69da3e2a35cd7ce1ee3a01a14ea962ec
SHA51292428f5f0c3ea8ea57402761a45edea928ba4e16b87fa8560b5d6f5f4eefbd6aa9789e94e975b6ff99e8fc4b7835a4fca0b26c1235950a68181201b0c68e9e8e
-
Filesize
3KB
MD5f5a602aad193ca61bafa833b93543969
SHA15b60d2d029bf6b7ccede44b98d3a572c959a29b8
SHA2569d8f27bb6beb871cdc64bf61466eb7c3ae57cf39a82213c318bc9fe1de9ab6c9
SHA51245274705eb3af580a2b29563b712b0b3a0aaaa49ed0c1b9dcd5ae904f818a292b13cb2b9f6c0c692eed626dee50824283527796acc750df938d806943d6e182f
-
Filesize
2KB
MD5a7bdec1927687ae8247602d657196a98
SHA1fe80dbc8d805d885c3bef345a764f76d41269ae9
SHA2562c32824c7c03d21e799bf3fc1c31dc69b64764443d947a0bb685c73764a99291
SHA512dc129170ea6245743fbd1e4fa6abdc5f0be9843918f3d7a7ead5f23867cad475e98cac8ffd6a8827ca36ed8a3baa2e4935c40659a5127fa026076858f4e11177
-
Filesize
5KB
MD5ce92cf72f12dd1e1390994a5b3b6f105
SHA1509ea4f29c54c03dcd9f1b0b23e6c8ce7ddcbdf5
SHA256d460dd5385e57cd561aac2b2663b2ddbcf34b88d6d55783d1759d1908974d1a8
SHA51218309fc21c3a1f1ac3dc01c7bfb565d63cb3e5f1aab9b27954c09bf5a690470f84cc9b4e1236057be8a198c64f8954a134b62eb0eacbb7e92ada23f449d0b255
-
Filesize
17KB
MD5cae9d33ffd0f01339f5016ff0d75fb61
SHA18897c8d0605d9997d74191d2278a614847e7f1f6
SHA256650b70321d9045354c2c5ed95351289eef3899801229d035c1ca55b30b6f623a
SHA5126b7a7b6c0aa6f2412843c4378e697c44d9c9bbdfacc9916beb69b9120eeb30b5b3765bac2df41a8de02177a9a96f97027850c620ec59c40f6bf0c8466dc7d65c
-
Filesize
320KB
MD58c6994496f4d9a37222c1e48668e6d75
SHA10ab69413ef3f1969515a4a514ab621e18252c2bb
SHA256a9b35514548771604a3cee1a63c30d20ea66e1d78ea3f8f44b08da77ae080981
SHA5124c8d2c6e2880a04d1c8e4f0a2bd9d0da24be5fa43305fd614a76f01d6dcfad803de6592b8857b3671c4dba45ec8e06e15bc5a349da932299d5290f9a0aa12480
-
Filesize
1KB
MD5d4b6b336dab0540e514e27dbb5124855
SHA1e744ab01e7ef123ff559ecfdbe55484d9876d8c5
SHA256098fa3144c54e9722908ae380178a9d0aabff10b55416cc7252a1f5930057308
SHA512cf3dab1c496a857cd82eeaade465469d3a73ad3d3fe9a3bbaeea76878a1d87b8c0fbf7b41f862190d058a5ff040dc45bf79db2dff8c074eec2ff30967bf3699a
-
Filesize
10KB
MD5ff254a6d2535fa3167ca1cd7ac15edfc
SHA1b9627379ba723584041a3422817a4bcb8ff9a213
SHA256acfb8ba3e0654e2361cf8726f9f8a2833af886f529e87770f5bd59cd4d8544f5
SHA512392d8c17ab770f7c259e94ace38bc442913c84a858ac4b0b42ca85a427d21e89104bcea95bc634870904fabaa2fc56205aea4a54f14ed7468a5fa2b685e4c4d3
-
Filesize
3KB
MD56db95c02d327129927661747f97ff627
SHA17c27b505bfee30f482e49bfee7bcf2b0d44011cc
SHA256056c8a5bb0ec3ad3e6756d516ca8ee29b7de985e23be9bf8e640736f609704a1
SHA5127767c2fda66cdc782698a6cbd9d41fcecf0c8728cd85a00f35c9b7a3f0de8784602569b69f3e5fa24cd99b644ab5c2c8d9413d261fc0a68cf515e2d2a934a0d9
-
Filesize
162B
MD582f30e54f8e5c414477b0c5f76458e02
SHA10ec851085f783bf8b81ff276a7d1d65264b62c36
SHA256979732d4b4a72f390da1666b9bfb34cc6b17b73c424e1cc00e27f5dffd467279
SHA51258c41769d86742029ac47cc0560926e07566caabece7fa44ab8e08142dca408357b7c34eaad36cc63089ed1488315a3134777eebcc49fd381ec96d947e880dc4
-
Filesize
1KB
MD5acca44e2a3e1e9f197989d7c234bb0ad
SHA11481d80242211307b878021b1a94eadd254c6297
SHA25649c3a25c32a61e224fd08a350902f1c2e52996d758cb34cdca570c89a9390a2e
SHA51231f550cdffca51be6b1f61710eef484926daadda7bed0eea322f304dc0f552b2077b96980ed39ab2c35e548668099dab95e4ade3d454b02f7533ae903786c1c6
-
Filesize
3KB
MD5c00d5b47f13d864fa70411be8f3dc0c8
SHA1d78c57deae84b50f5779f720577d841d339b9355
SHA256f882984d0dcc1d246ca240192cce93ef0ce5207dcb86b50a923a08e529ac5c3d
SHA512fe44fbe1ab39546232f7902b1f3bcd17c0d323548a323c6bf3a48b963c4c27ae830653cdcc18ec97648c308da844120b640f670555390ad2f1051d40f6be4ecb
-
Filesize
1KB
MD515398e13f8f5ba13f3f9d2eccde9fc53
SHA18420ae7165faaab47a0e9360ed4b59a5edc782e5
SHA2568a81c2eeced224c0c5a94a821e539e72b9ef24cd7fd61ed5a804d20a9de6d80d
SHA512bf08ceac8374c9c606a738903f6a0f6f33a0929a5cb2275dfe3e07a92832d193b0adfa314c10f173915696ecffffe2a004847b67e0775eea0193404eed728103
-
Filesize
28KB
MD590b5a58e098e3d66fefc74d8595f5c7c
SHA1e5fed1807379b8798d25744a25be890a6c8dffd5
SHA256730f00f33c6a7c9b17c8bf0eca7d60f58e38f492302e5b6d1c33e2fdc04e3d2a
SHA512417f08e14356b60c8d2f714148e03983edc7d821e570f909d33f0ef6db4039b743404265134ce6d2827062b88ad7a030c7684424c02c7fce48a01607e73859f8
-
Filesize
2KB
MD571f7a4b8dc296a0679e87a1bac87e9cd
SHA133dfd64055458679a1310861376c4320ec333c52
SHA25623d2b0e975277f536dd84aa114193a7ccfdf09b195f88acd6faeb86bedb1622a
SHA51284ae2b8db1f43215423291b3d2d471951cddffd4b7799f521cf00131eeb65aa91cd58319027c1e8f57b176cd7c018c1a913bb1357fe31e8a04c2df57b78a10ca
-
Filesize
1KB
MD58881d9161537b3fe6ab309b85bc4b81f
SHA107852277a750fcb8933eb3e4944f62ba99f9a9ee
SHA256f7e1eabe2394f7a76bdf7b259408862646b5eaf3d38704f423662e37311f92dc
SHA512704d0538ea00e7e3428a0369fe12aea2f05be75e1c098e3871e088cbec31e6194aaf54c9ca93b20b038d284ce90480a73bc9905725305dc06a22f53bf2a04cda
-
Filesize
2KB
MD5bbc7bf2d0ce1bd69da7d6bbab3d3e1b7
SHA12f1c76e802503fc334dc14c3ff01f748932945d1
SHA2566d07235147a9c8a429cf672c9c4620e40a021ae5af5a1f56b398c232b831d7cf
SHA5126518874f7565c15cdddf22b07517d4994c316683d6ea2172463a85adf1219f23a3393af49907c05fd241fb1f47097e5ae9e8ac8d4a3657d3fff85bd450997206
-
Filesize
1KB
MD5a56f6de8b9b92c4f7e8d6ab70d3ef8b2
SHA14e8b06498dba37e07e2ea7cbbaa799ef4924395d
SHA25670dd981fac5eb64ee23491a7c76e61f097bfe6988bb48f8516640fc9a9bf01f5
SHA5123c7f65578bd786d0877885b3a0bb6a924304e472fe886fa6807fc2f2b498ce9d991962e6e868a82ebc695f21fdd0a7e22909707a07b9d480b285f3de8ced7587
-
Filesize
1KB
MD50d800dd617aa792c978b62d630b130dc
SHA1ba7eccb383641f594d0db86c44435e93a44f956a
SHA2563c2aade2305dae350d25336f2727df75a9f6d69cee6e7d908fa4973a83e1376f
SHA512a14b504028f9a54c5253e9c207f4b3386da7dc9b303400dfbea8a1772e3510d007bf19fe865508c9d883724e4bfe42831ca13d3e5d8dbe42415e5b6c404e86b4
-
Filesize
1KB
MD58359820f64ccc01e1a5bc982f75b1eb5
SHA196a102a1234d6e0edfb0e98e5f9d07b80f970c3e
SHA256dbb4ca0b0075d4a3bf70d29ff68abbc82608b3f92046db16b3b5a1dfadb6059e
SHA51280b0b7f9657fd0ae5dfcc8679bbdc6cfd912fcfcaeda3ad47d84a5d58dd1c6d2db3d47c78fcf828fc903a05661153f3f33bd18e93ae321f0a5d8ac093785fd52
-
Filesize
3KB
MD522d567aa5e7816a1389680dd23080c89
SHA1ac400a8c2843e5bffcd853c596cb55ab5663c654
SHA25639a27ac6a8b5c673cda79a7b01c4370b43f85a76bb6fe4d716a980e794e70ab8
SHA51209f3daff1ab283dfb07176b84faf552528dac016cdad6c071a92f4857d4f279d48aac5f9a4fd1f0c8369600957eb8a967543eaa3b46be86d96cd1cb429771bf6
-
Filesize
2KB
MD567d2019624c89cb3106ecb21b4f07ec2
SHA1aa1816622299b47733e12b9ca0b52932061d654f
SHA256080d1f38e20100e505d208020bba11e123347853f024fc7e264058019a7d664d
SHA5123efe8ed13f6b0b9c979a5079099e949afa15b93c17f6472922229dde3df509b28d0a755623a15330c49c50f09b9e735d5a31160eec721b1351db8939cdd9ad83
-
Filesize
6KB
MD5fc4bde9a28d7a21d68ea9a32a40935c9
SHA1717403e318ad54809129da6f1a2dddc4082dade1
SHA25623f19b6333fe5d7003cd3a28ec2787e43c33d6bdc231848ac6106c1ba69bd4e3
SHA512964b7f83cac0cbce9cbf489568ffbb9f02ec7218b331a6e1b61519a4739409d112c950a8112a296eaa1e2c3bb884bbb961667371aec00a25a274e57589936d90
-
Filesize
5KB
MD5f8d4f74d289f1e8c183662d6fe87ff04
SHA14217c605ba7104aa57a7342445aae6cc9d6b4424
SHA2569e0d639e97b151bf6135561564aad7ac7ce53f44eab625e0a851b5bb3e685fd1
SHA5120bdce168610165a67ac3068a0f8f4aa20d3f8e35da501b49799d75567083dab444826b2d6700eacbc9164473f789e9da8f75c3954d189ed3f863598eefda2673
-
Filesize
3KB
MD53616f549a9abf2fd1b92a8ac8314729e
SHA11d5d483810cd1960c9edc68c3147a4bbe62f7443
SHA2569b98b9c08cbafc2353ba55ae92c94a4472f6f71609d56a1c763e703321893249
SHA512cd65ee91667e935a2c7a8d6d42cb2f02dcda8a2d35f96c917ab1b3026f453dcf92b9494a746f1b51c47f207d836a53084a358a300832d638287555be85cef5d8
-
Filesize
2KB
MD529446d69c3d1fb6d8619fcc14389d3cb
SHA13e0140691a77a4c4fae1140bb972854b401ffca2
SHA25620bb7a0ee74f41b6637db8521cbb1b2e81c30d5e664d6dec094f68373ca60f8e
SHA512e15f24f8d61e03321ea1fcad8d8f4a47fb79d310408823f4a64707711ad9f57714051a07a419bf3787e40e6f1e9c2a8bea799085cad3116aaaec48d33cecf523
-
Filesize
2KB
MD5e49c349e173382bdd6dcb3e0f4d95746
SHA19a2949f1cfbe6b3748fec5ca3858e238affcff71
SHA2567e5b836599745185d38296f7cb7f2c8584b021c07d1976b7e1bbdc8444d6d97e
SHA5128810d7b788cd8d3b4fcb3e2151c31e93a1d6f6a085b92a6168b7264dc0d37118f8904ce4108d9e98caebaddc632ea34b470ea87961587752e59d9757df7307b1
-
Filesize
1KB
MD5c46172555c0ef2efb994207444f954e9
SHA1512420202d86a0fb6417fbaaca472fa505da225b
SHA256a40c93a0b7bd0da5883e054e7ec43ae98101b01726e37e8df644cee23c1a8363
SHA512bab4bed0169fdfa427fd88dfd8a1b3a15c49bd7df9b35697305121dde785d0aeafb9bce56881352e231c48f42dc428825a884b5e1ab5dc3b0e32afac46909d1e
-
Filesize
1KB
MD557029a2c2e734e25cd0c887a3c5b6043
SHA1e251d95c89a4c25aafecca7605ce7115fea8672e
SHA256fcfbc851cb9049ea25de49ecc32251b14a2637c936efb5736eb57d6eba4457a7
SHA512de10c543c8a379d7662a55638ea3d95816fb92305143c7b83ce97ea4a857337c1a8bfb5e66bacfcdf848c1a1278529f4cff8296375292c51fc447e08103f5253
-
Filesize
11KB
MD58bd0128d02525da41630765746fd27d8
SHA19818f422f44abef21ddf823002f3d6b1e8c45713
SHA256dfe9547ac0388c10a81672d19f4c2dc371cc8113674e374679a8502512271c56
SHA5124cb31febb5ee25969bec85ab57ecb4dae086bb49070028495b1f5ae331f33754f4dc3a66d70693805ebf6efe61f2e945c58d4ce280152178b47ef731f45f21b5
-
Filesize
1KB
MD5bc27dbd0644376aebc9a56d75973ecd0
SHA15893fc0b301db389fc3835a21d3002546ab1af6e
SHA256e0531968495aafa93004e5876bc9890485d69af2b7e4e736ed28ac2411dad245
SHA512e2a30285c194bd28716ded1327faac2857f2a163b3f2c87c9a25f29ed43f2b4da89a97ab9c4cdc37353cbb6081b33fd37d6dd58c3413a771d6161c8c70f39ec6
-
Filesize
2KB
MD5b8a894b2c57ce3c8ff027878ead8aecb
SHA130ffe5560166ab6fa29693170a98f46eaffd6c6c
SHA2566de6b88ca4846fbc48ea6039ea28efd6f98cefe81a913c5d657d171c41ab4ff9
SHA512dd78d22abb8edcb0adaf5b2f1f367caec6d0a6a15667dbb6eacb1c78476d93321ab42406e5859a4b23b930e1ecb91e91468c90d3a384573ee8b787f9daf9f620
-
Filesize
11KB
MD538116cafc9b5a88f67b96dd675a435cc
SHA1ba0caf30b05d91ab2b68a2f72585a28a64d68565
SHA256f3bfe6c0438c87ed7d77a55d407073f7a11340f426c7d1e7febd5bfff13155d2
SHA512330c2caabb4c7f7b93db948f2d989386762601f276d48e665af2c65d577a5cdbbf37fba06bae28170c434bf699629ea1f0e34c07c7b7be8b511c55ec690cb60a
-
Filesize
11KB
MD510c5bfc39dad74d07e713fae5308735a
SHA138c7e2b1dd1a7cde2756f05b84138eeba35ad53d
SHA256201a11d09b6d90c11089f059537d699c0f6081ff74396a4edd7d95cfa9e88527
SHA5122fca9056725ff6c47358f6f6d7ce01fb7a41142e79f9b54ff0936063f51b992d18d6df1394c40027bf944bf2f5cc39416241a095182d9f41b94b4a4a1e78772d
-
Filesize
11KB
MD52c25b523242c89e19f4a5f196fbe09c3
SHA1d9f9fd74c9aff570e48fe3b3f4a155481c97e89e
SHA25652737c8884532c8983249d6e4a92244f427518ef5e02d75974d23ab9309e8b1f
SHA512cace7c3b2f1e91d68f5436f14eed95e02d69fe6ff688d18362ebf81db43b6b28d0423d24ba4fce936024e69ebe4287c3bc710c945af1ba196f66105c426c6d1b
-
Filesize
1011B
MD5a8983011b12e068790865900fc3ccc4b
SHA1185fca57d82ef170a8d1baea3d50e554c73f2593
SHA2567199aaad0a41ebdfc5b2b711d383da173ef9684430cb0a0cb29a5a8b5da30c18
SHA512e58eaba6af57fc674f856e3b7ec53ea701ea4e432f2e0e6db2221741c22b2a73bc8bdc9874012826d7a543d02d09ae2d8d760ebddf256dfc074054e7cb610914
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656120098725.txt
Filesize77KB
MD5120cfc93c3b8cf472ba5152acde41310
SHA1a12d225ed1d9f714038b42c892fac53cbeb2bbad
SHA256040c6cf0178d5d20f1eaa137b5504e4b51643fe46ceecfdfa150674e8c3d167f
SHA512aa39a2fe4350f442a5559bb23b9a4d885ff580ccd266d640ac66c56e397655c8565106fcefcb51ffd2caba6ecc46a67040da6aad96b10f955a785a9a487c06e4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt
Filesize47KB
MD55c9dffea8229d7c3e37cef17be9b677d
SHA1a5baa17a7770db7c16a71933079426170d95264b
SHA2563fc41b97ce7d84906ac32df8afac4fd3072bdc07852f3eccabfefa7011886aa8
SHA5125a5307e202e4818f5da016b8d9673c5c36defc3be87e910ea77162a921d7becec2c1ee548f8aa96d2f988ee74a8d78ab5f4bbd7d1dd75715c12892b3a20bab47
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt
Filesize63KB
MD5d4f529f4ad850ce251ea9d05c544a210
SHA1b593023921410c217ff91a40164e65a2b1d528ef
SHA256ca0e6f96b6bb1222e55b9d9e53dc754546cc75742643a939075ec98501568456
SHA51256900b218f36a3cb3d1f798c571eb6558f7ae619fddf424a5bfe2ee17e61a012c45f6b949c71b2cc39712235a2409b0b0120191c31a07a14edc5b5dc4d86fc16
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt
Filesize74KB
MD58eead6a3807e775ef5234ebb9c8182bf
SHA13ee7ed173193e2ae779d9eb992af3ebe4d5790ad
SHA25663a89325e224309161d11c24bd621de8b7a1de2e660f31bf6065bbea38415cce
SHA5123e9788ac3bc4cd7bdd456e763af556cfdad00858916f5f12f743d6645ec3ee0b14916fa03777a1570f4fbedb569a775867369e3a04d5525dd3c7569775eae6d9
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD57ccdda0430a259e97b4f7262137926b6
SHA1197f4410bf7ad97988e462ca4063e0c49d7bde46
SHA2562fd4c54f3708a5f28e7030aee00f5a2cc392abf3b1242ce4ddb4e228de17117f
SHA5128edbe2764d5830d49d0ea80f310ef17b95acc4be7af5e2c0617d53b862cd783362ba5d8586038ad130ee139cb35a90f0ad642e2adc82ebc9f5823c02121798fa
-
Filesize
21KB
MD51910bdc61a47f40764e99418e59220c0
SHA1265664e44ecf386e245e44d451c0a52f4d955f00
SHA25685c4332279b7982dff2a5705a79869bf7b7c5e1bf25c12c7971268fa4a366de2
SHA5128a8be835becf464508369e82748f04a438157d31c072f1c4adc0fe4c069b20c32b223919bdaf0540737f30aff0e9220f37a50f067ac356cfef01cdcc014d041c
-
Filesize
1KB
MD589dc14dbb6a9287df627c48d919eca8a
SHA16119b72375f12e876d0aecb1ff63e6f07edbf856
SHA2560faf0c4334ec81b70f2a9090d0323009fd639ff8e7f22f41fefd5c0e49c4a4e5
SHA512a0a0c50037595af7b76eddb5556aa85868b69e6f91d3367c31c5fd3ae5db545114e1813315547b42e99b1cd986fabfa43662335add267fc4cd8ffee2e5ae2e56
-
Filesize
952B
MD51326c90971be76954d79ea26c6e592bf
SHA13c60e3499be27e2936f6ec9ebe1cf361af9ab810
SHA256c4933a2268f2867545cdb373123a307c2073be639bc5a168b84f7f35903f1ccb
SHA512b645cc7de744b3d64aa749fe6e254f2de40ec26e19f1f1f5ecd24ec32d4acd58ff51fcd5a03dce2139d7b2339944b595574b9973736cfbefecd74e7d9ccacbc4
-
Filesize
121B
MD5bc60d114ab69b8788b87dbbafc5f6ebf
SHA14b567a2ea842cc00af56e4b1f429b0fff35d2c07
SHA2567bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738
SHA5122fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc
-
Filesize
1KB
MD5f6e46cfef5980196bb303e3de02cb3f8
SHA181938732d74621ebb38d8d60cca28101013b29e7
SHA256b8494415fab4e1fc5fe11fbf50f2a1f466d2e6831916fd2d727500b309bf53fd
SHA512918a3e738616ef6e7e3b3aa17228acd9e1630cf617525158a910fc8f628cac55f0faab8ebdd33b52e4e6abc157c9d37fc2c78e7e021238f8fe5d3be4e08b633c
-
Filesize
8KB
MD5ebe92eed5ebd6b4cd612bb5641683edb
SHA1a99ab66f8348ae052398fd1edbf86eb40ea09fc8
SHA2561e1e240b3b89c9696a70a9bd4658f87f5e505e4db4109b8110963b25bae88279
SHA512287a3ec5152e7fdf0e85cb4512a33014a23dc128face82bde27b43ad312e8ec2dc562fd67acdfaa13ad9615dbaf73f948a99e46f278745a2bdf31bdfc61e221a
-
Filesize
914B
MD599a1e04abae5bbb595db007a97450536
SHA19d527114e87fccc7bee21db5dc2691a8fac2b8d8
SHA25648c7f9786c7678ea05222e394e5096403e923ad174900ae8eac6c97faf3bc869
SHA5127549183b57cc8247edb0245da203f96e19769cedd8f2ddff5b7914162a3f000481fd722067c89223bc2465603da581c6b379227f4f704fb0d06014cc73c337f9
-
Filesize
328B
MD5d2f98c1efa381c6b49c7db5cec795d37
SHA1bf1c8a1b1d690933915072b9c91ce9717e350488
SHA256ca3b7f41993607d4512d9ecb35a6779418cddff033b9c461c2db64eaa5be768e
SHA5121172fce7feef0224991fff92a593268bb6929c4d391afb6c10837f188c6dff7e3009f124d878aab43094bdf5ad799fc39011eafcc03046ff0f526235ffc0d132
-
Filesize
1KB
MD59662d71ebd4d6ed1f57be964cbe6c6e3
SHA1d34d452bb946f6ce7d7a740b18e8251443a9edde
SHA256de48fdedcb5c8f3f8941f67903d8c68414fc490ff97aa00a05f2263f90baee0e
SHA51272cf211b5ccddedd84480bd08bc1ece348d3fbbf0be11a60a8dff67375f24668b65f44b3c1dd43ef75ecbbccc98af5e3162e8e28e1c1ecfef37133ccfa876ba7
-
Filesize
162B
MD5634dcee58db44b833b6add584d3bd9dc
SHA1a86c804c8d9dc88c722552470b4aac0c93ffa3da
SHA256b20838becec7af28fe21360e14c31788d24f3f9aaa480a35cec0f716c0b85f2e
SHA512388334d89130c1b2a05736e1404998f2e1108d887444d46886798ba61b69a911ef4390c18773c426acc26e95ee9a1adafe99108e1e99fee0df0bb1776fc2b420
-
Filesize
586B
MD5ac8eb69abee19dad425d4ba4fa4169c0
SHA11e5a98d1929fc03de7b3c47c4c83ceeb343577de
SHA256396e2d15aef3664b6aa3d0410bc0d4a06ca7e6879a6f1115e457a3b58d9ecf58
SHA512fb045107e5e9ed3313dcda1d842bd31a99ae38d5d0fd3037819392fdc5a90a5dfd8e01e2ee639e0ba476d0e7f368b2c0ded19f684d5202e384bac393db1ea66e
-
Filesize
124B
MD549577f4d8d16855479f77590f97320a3
SHA1895d65242e88365016d606778c1c5e1cf21906a8
SHA25695575a7fd8da61f586a42db01abda8ba56a3d56e46c8e15a5ea0e9aedae9eb8c
SHA512ab02f2513f2e7e6824beb5fd308c9d560d5ba15639e79a0ca5cd9c95394b4e1011fa493fe2a78a4170db72b1bbfb87942ec32f8743f72b9984604c9c2d9aec53
-
Filesize
8KB
MD5cf6084e848372a8afcd85955f12a735e
SHA1a59c2b06c486707b4932b661ee4e9b890040c480
SHA256037f870304e74619250ce314d7590cf332663bc474009f746e02458ba9544fab
SHA512db6c508a432f6919caa63e316e24dd533e7b6e33744e0603e3f9371452214235a04e107ea0393534c3f8e99f0f0815d7d588fff611e45eff7c4c34d7ba000fc4
-
Filesize
880B
MD5b5c4a6bf1a83f70d0150b927deae3793
SHA1b415339ad985644f52aaa115f206e46f400aed25
SHA256a99d8904326ac6441a1bb3cc37ea5a6e2ee1265458505bce212397271fba0e3e
SHA512f1e1a8d5b946b8d9e984734c902c98e62af8ee9733ee82c71174b137ecdfad4b59d726cffb57de77e341e77331e45eacebc407503a5fdeda6d6a86e9685215b6
-
Filesize
1KB
MD5384bac30c070a58d1b7996213484d937
SHA19bce172e760ab2d5646ae3c5591f63da8b6661ab
SHA2569f0782d88714925e269eec476e583543b9719b5bbb904de0e1d6f7bfb5da81cb
SHA51200a2c9658fd4bb8c2fee0f743a50ff63e2ef5f071b73a713e7b5837fffe3ce0710a41c4ffa6ba61ffba453e46591bce50343b9752f2c870504e08154ba563290
-
Filesize
1KB
MD5aa8d5c8afd306086530f44beb64793db
SHA1cba8bd0f1f3413e4ed06f5952e9ab93e6800e6a2
SHA256bccc2d208e458be3ce40e8cf9ec3516435293bea4787a39f5c8c8f49d0fb709c
SHA5125446e65496f916f99cb1b740815a7cb2f3406f664386de87f3f560b10987e9b36b1842112da2f081e6e9213f21dc924ee4f254ebaccf696e131b911f4e31cc6a
-
Filesize
1KB
MD54becd636bd4e429f268b362fe5ebfdd7
SHA118e47038e26e97b225193874816983c44e8df01d
SHA256a5ad7c78b71e615825e20bf0b80fe451122c992fc394a18210948a0a3a9abb77
SHA512792489f62628c271eed020a35a9e95dd50bf699490098d87be06c8817c0b2958acc2bf764b4301e4aebf0f7a1e0a46b17be4eec2818a28283dddef1b4b710d9f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5ba923a704172917922798376fe411c0e
SHA184a4a3b274dbddbcfc6d947ef2d62e0b664b87f7
SHA256a481da906603ba1ec2428a02bb3310ded597e7530a9aeb0b492ace9cc86ce5c7
SHA51285a439968984cf463616058eeff06cf61acd9bc2406ad59f38ffe1fbf01144dc4b270be86fe82cf8023907b409673d5ed4f60ca83061d63edaef0bec5474a1b8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD54fcc4f99a7b14c9fe820ae9317fbebe7
SHA1d273ff0ac8a6178b13580edd3d0dc0d9c36e6a0f
SHA2569bd3fcf3c275338c27ad35071642a849d8070e08752e71cb43c8b48d82c4d180
SHA51257288df89e814816887b9b7c5e1e32574d6ed218b260119563485e693c4cd509c2a0db9c22d4d727c6601183080780acad13829ada3cbde99bee41595b1d606b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5952ae3efcc47962ea5543556b16794a2
SHA10325f2574c5bcd8b9182a545063c73e5a7f5e66e
SHA2569cc2e120aa2ffcaae53573dec1f0c31fcd39d356991a16099c19708c83be6d6e
SHA5125619519f691cfc0b3e95fe1d9b0dc5cd6904cce886ee91623b9d77804b87837d4a5abc3f07bb613dbe266d221225c83123f5361d75566cfb7b650517a5cbabda
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD52756cb74653b5e6b426be817c1c7eade
SHA1705b4a48bf80e269f897f20a74638154b6171dd4
SHA25646fa5caa00cb479ebd08afe6fedcb1fcaf0f2f36240f5c1b7dcf6cf05efe8df1
SHA512667c1a8446ff20a78c4c2e98d306f42731b62a955d22e08845c187ff1ab57c95748854ee3abeb86a05ad62c5eaae8ab544a5815bea1d28b0f05888c59b4adc9b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5555ee83d3c4f1190c3e5c03e501a5ad6
SHA1dc16930803577768faed06acc210ab96fae185fc
SHA2562a8a0ee0638053ab3e5d89adac81d570c19df6002b67f1f353f5338327520439
SHA5120346e2790a99c7ddbaea2a3c7410fe50a412f11f0bbef4e0a7dbbf8fe1bf786779ef324046006292c5aeeb4d2719647edfbf830a4bb28185b006e72f21478ca9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5f2845cda5d9bd97450dc91b449a5c7b8
SHA184a8ba07d5f213b76d55a8dcab52d3a94a8d8f52
SHA2561cfe8c2bb45fcb651ea304fe7ebc7a5cb1c88c5db9f01b824420f8c0363d1d28
SHA5123c84c19afbb20b28446ed838774c8db3e07e89ea561ad509d9fcf5c83917b61b3003b39ab91d793cb1cf099d4605c9a7390919d3b44d6745d968be4c9419b31b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5f22fa8cfe5b675d70c19d4424e0d98a8
SHA19e84d93af2cd50090a253f46c38ce5c774ad1a74
SHA256c300b982f0f0d91b87799439e1014abc850d0a5e245f9295de89f7a6dc448142
SHA512ff7383178613d5b11fc1d524962fbd08096bfa4d77e86220f862a64ef66958d4859590fd945876ec03fd978c1eaaa91d80010272d1c12e7f52f990bf8a86fda7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD50c6744d6718faf539f421c567c134e76
SHA1a8b10427f55ff351e93f37ca1a5430dd34fbf7e3
SHA256589e21bc36a10f06625616621777ba60ac4a53d260ece5ead744739326cbdfdd
SHA51287d7fce224e5c96d3d6b1629ecdd11f6bf97ab06c8feec1f426ead72ae9e3236c61a5dbbd508f9b7e8b5f4b5ad016f51b3e0e4eedbbd9838acdcbca251c4c7ca
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD583298d45adbf781a95d1fc3b20d58371
SHA12351f283bc4050825fc3011b88ae4ef448c0b068
SHA25660781a040a08464bec19548ad3bb2a95ae8398ad21d6c1afab44bd55d7e9c72c
SHA512a769e73df90d8cff89d3a8b556acb608de4aad5b23faa5ae2159cdb3e30999a471ee7f3ca0972358aa6c88ce11c2d7ebe56068d23df84c074f1a5e9719c8578a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5834df86574876676ad42abcf7cb3e3e5
SHA16d3c646e7dd0f908e4f46ef1ceda971f0c8c81c3
SHA2566bcb5f7094ff3dfeee3c51514521e39e996cdc86149787228ba7b3fbd3e57620
SHA512f2aa14cf149dbfda325b0af0ee53ec72a8dfbfca133fbc5d2b170ce1abd652f395963c58420a1bd9f0033b3c901229a9499df935c0f0023522440c84f5875037
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD59359d7af9f109bda1c44c83fe7c35463
SHA1b61685e6a950596931b8f1eba9cafba4163736da
SHA256074f49cb5f0cc15248428f6eb5477530fa7fe1a6ee14b5983c18ca9bc43776d5
SHA512dd7294bc0c493270a529c0bed101bef14d4bab40b31d1ad55473ce8bdb2eb8b9df8a9f3102e6c72473659eb52fb2177ab7a5f1e346e557749b0a48b59e5ba59b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD58732fc71352ea840b9e62280a927381e
SHA1abbd1f6574d89011d3feae2bc1b54dd27f2d8c34
SHA25687bd717f0834d24ea38d049f5ad85d4f09f40f1caff958a2befa4e2e2d563854
SHA5124a3858b6158a159c5ad1ff654604df734b06bf1ce0dfbd368028e31d56ba8046fc208a9549d8f78bbb8406ea7adf871142d9af4bb154213b5b13f64e43e6b537
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5e62229f1587c1ae96cca032d8f3fa97e
SHA1deb89413cd61fca5a33dbd642335239e9baf428e
SHA2566e78f298a40924327b4210be9a8619ab8e8f6836e6e5a5f1ccb03616899fad25
SHA512add4503b07516e4783303ac82b1375ca1e1b15b6bf01e195d7c6a75d968c5683c33da2791d8d1d054a5ca49d8b1591f20c563cc6823fd5636f46ee39eb830aeb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD575b9787182f82d18cd57818a33329ac7
SHA178a017e81ab8d536d1781d0a0de362b25386593e
SHA256b29c644946d7883b31112c230afaeafa8b0764e91ed7857aea7cca39ba5c80b0
SHA512cb2bf5cf735636b892364b127c95301d632e2b98d474d005d12e10edf9f1d079653592d968b888a42bff00bb309c0fcd1f51ce11a8a28c060f7efcdc4e7eaf1e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5995579078d4a89a0df66f29d4f13f256
SHA12ab474fbbf49d28c1c7960f6274dcb4ad4734c5c
SHA256a669cf0cd09c5c8c14367b6a2d70c1cf7f39d9fc9640a8c4fef24c101e31427f
SHA51257ef87f0bc39e87dd9d7fd0f25a7e8a9c8b78f64159a468dc17febb4667046fe21969be3358a5b78b13a97f4c3b9e7e7f727d65e10deff731729379df1b11127
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD55d65fcc18a7d88e72921be51d4cc65e2
SHA1f6146f4af1212022ba0f9d6504f24b4c14b14e63
SHA256cdd48236aa0c9c685ebfd1dd63f4855fa5531d0864020f182fd76018b3d79b07
SHA512b358e1e7a2daa2951bb2e7501f88a6237a15449b26f8bbc01177155d95cf0a1d1e7d013dfa46f177d1b84a3e123c0f99ded83fe30fd33389b338b6b12bdb4897
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5786a60aa5adbdb8f5b11199fa5b1e527
SHA13db6b43e2d5f96997cf357d7dc83b71fa5e719ea
SHA25660d09f524ecccff55456e007a1afec1d88fdfcf69af20053567b3834887ea7a4
SHA5127dc5ac80921cc30cf4ccede56f65d015bf60f76fc1b48533207d4535cdf82a600ba0c76467701fc513a53f7d3e38a4c2a9520484ffd2e6700f61134c08a12b13
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5d0932fc06e7970b53321f1fd9663d5db
SHA136d6f06276e9056e0bdb20489c8687fa4361d3c7
SHA25633ad2e9b942cf2b07365d96c90a1b63675ace588ec43ba5b979432624f2df675
SHA51215eaa523ce13412ea4b6a0a3d84ab5d67eb630134060ad0374049662639322c9eb28150d5142691b121484f29ab0257178b63cbeef373d712c8c7c51c45bc88a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD59d694093a3397169267223cab8a26b14
SHA1e6814472bc1b2a4b75733c913dea23a23c16792c
SHA256203c0f9d5abb134045c5ad5fb986169e590f79b13c1ce0aecd2253180b0f44d1
SHA51281bb2ed17162bca00c915097b4ba46678459354129af3009671a48fbd495ef1e7f6bddf7733e0fded515cc84a83d843daaea4d1a22abd50474fab64e9adeb2cd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD53521609fa4e31949490ac91ab1b3cea0
SHA1912abaa5f2e04e232f93913fcf7958799299024c
SHA2569f94cea9b5d50cac392bc80a065471d1be991c29cb2e5f5ed35a730e9408d688
SHA51256e72b2da348e12e8d3fcbff4144bd7fbaedbc2aeca7720a19fe4493afc1a3ee90ab2a96400e85470cdaffcd538f28272a5bbc6877947585dc05bd0e978f09ee
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5805002d3a85b219c5005895e5e870802
SHA118e69a21d8285e09c0121158ce36c33c3c962885
SHA256c4f1db595f4fafe107d7c25d4a43fe802e19dac4ecb9d70d41ecd807a39d0ee2
SHA512bba3afe2bdb64bc8b3ce364881393d31b3be0b12b88bf8d4078142bbdff05f5601d54e285619e147742b0994ed26ac4e1983e9c41493fb9c5c02e13b326cf648
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5cf63848782ce5eaf1403c66b56a686c3
SHA1f7403769e6b599d15a835419a11c800bcf8f96ca
SHA256e4da6734be11dde6e534566253593374e26e6ba911fc035344191063bbf2d380
SHA512bf4a372eab46759600ddc5c9649c115662e34990d2f3e17173cd998daf2cb829b352e6c7fc9d1177257307af4c7f7fcc65f837091f9c03514b45b4cd873778cf
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5bb2dc6f8b9dab83860c7d2ec4e0973d7
SHA1fa715524a0d23136512d875982959e69b5ce0ad3
SHA256b79026bba6f67f702fea2a1f4ff86e0f0aa86a8e8659554a7bb225d21aab5f0c
SHA512070364308635fa6410920ed91fe59a771db2b30b659b54b234a11da608c5e91496ab6ae6fede41eb38d488218f7937f9aa694bc3611a0a599fea2009656ed0a2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5f6c6d6be4c6a5fd97097150e292d4962
SHA14d95aa4aafa1e4c7889834a83f3109970ba1a836
SHA256b7606d13fe2e2a46c997abdd27bcfeb809f70f089bf2db354a7d55e038c81b24
SHA512275560dfd1684786239e7a8fca470d7e221a2f0272bb5b8eee3a62a97e62efe36ad52b8054fa97179e0aec6a487df265a5d68c08eecee6cddc2c6aa65aa8c3b4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD57a5547ddcfdbe8aaa8a7bde2e36b25b4
SHA1e24215d441105bc18deb6ef852397e754edc7526
SHA25609ad228bbd5a12ac3e0c9674dbc8249280550a33058dd8155c1de9e67159674d
SHA512eab22852ca1a80e73a8d067c53ab7df0671fa536146c5809aa15b34e6a7a5d86b4093417794e47bdd454990a990d362ce00f1be345e24b3515953419b755c83f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5b444df3763664e660598aaf5b205f43f
SHA1f67d6f7b839e77ca7f8acf80ce4d9f43e4935a22
SHA256cb36cc8f9bc0eb2da4070181823cf52da44e2bbad241799bf17bd0b75b64f47d
SHA51219e601c1b51601c1ccc202ce410a52d93ad980bfab11dcab829c642db331b70778a7ca377497a9b0742353ee14550098da8e401ebb4f640a9c8ee4f8fcc23a19
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD52135f14b3702cc459c7be861824bb92a
SHA10ebf141dc7f4f76fdbef170abbeba3632ec99ccd
SHA256e698c8a8bc027ebc375e91bc3a30e6e251c863e9d0f53db0b269a53ed980031a
SHA5127be0ef9713a5840fe37d7c38cf6736dbbfc241b23bf6abc97461ba663ee6704db3d2d14da7600e38bab903a20786e81156c8a84278b73797cf53589fb889bba7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5a1d190b409bb4c30350861dddd3efd47
SHA14ff2e2c0b27caf46b454d48a37f022436a64f8dd
SHA2563326c17e2330e4ff9b17afc518ea101d51b11c6a314863ab0787bfb2ba2cd792
SHA51252cce59a0488d5fc4a8f4879222345c025ba2ddcabd07828108d2879a52a1681e59082e7094e80b4be4ec2c998f4cb782458eaf79b7d0b6af65ec92d07965ec6
-
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk
Filesize1KB
MD5f4d9ac7cc1f44d2e5f01048b74a56932
SHA1c25fe43bf9c35492de6d205ed73d3b157cc5a2f2
SHA256606f159086482498d6a0451f080a9b209a39ba6538a7c397a2faa5a8af28d304
SHA5123b43edf44aaf4cbf008d802f36a0d3f745f6b32ac3171168f9bc3031ea8cbe276d0ebe8f037387a0bcab6e1013274d84af3bf9207c91469983d8e6c55ff1afe5
-
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk
Filesize1KB
MD517b04b6f818da895685e87201160fe14
SHA16e4a6896b6379a241185eb686189bc635aaf2c2c
SHA25611773056f8859d284f66cced29ff64c0b3f39a7c92677d82dc42e2fa06bc68a7
SHA5128160d8a5b3077da4929b9058b32228ba7f6b65c4bdfd540082a131e19fdfbb3da8429ce6e431492cf01f6f9fd42af203f4c4bcbb65eb34e7ba10c60c3567104f
-
C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\Quick Assist.lnk
Filesize1KB
MD5f473936ba393a95465c5a45a7af4692d
SHA12aa1ae8e08343cb3e96bbd67bf05ae8e03962d64
SHA25672e48461ddda210b3f3c0d963f474a7a4ccd47858daea826e99ee97aa7f073ae
SHA512f7532aa594b99b4bee0ce6b150a6bb0e0fcde7a84272319b3cf0cf68d9599e429b9efdd3c00f4e3b2597397dea948744fed666472dff110117b219726326929d
-
C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk
Filesize1KB
MD5e84cef9f2c1439849e37e78855b16772
SHA162725471e807d2ada99269c51ef1848db87ae555
SHA2561860eb5ce7eac44cc6e31debd20edcffc716027db08bd6c1e27d1d7f35607230
SHA5127cf59683779f366bb459c2b7e84a74dbf2e01e1d1622ecd89e5761d0b391cad0f6fad814f46c926991a14dde5b10965361939d95bbfee24b05c7582c5b1b7628
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5a0bc4bf769311fd3bc393b2dc68ca7e4
SHA1f1080448ea2f3a1250ebf90f13d19f25589781b3
SHA25681f2a3bbdbb01cdd3aaad040aa110b17a89e8e8846f9d0f6ed80b4450f02dee2
SHA512ebeb25309d33ceede6245e884a38f37babfefbd6c5d37f432aac2e237d05ec1557fd71884429cc6cf9c0c6270b17ff0f543233e1523477077677f19ca507f6b6
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD54f28f3a2a0ca2fe272d91eadd910a3ec
SHA1a29e0a722cace7ceed0395e0defe547ca5756acf
SHA256856b25a47c0c415c7c92c28ff70c48e74b610c93ca61db08ab0880d3d9b31069
SHA5125b830e3aa7ae57cae47f5c9eeffc40766e29eb406565f4a95be878f86a24e6825f07c0027a5288c62aefa9ba26ea8a559f0006eca8f37bcc6c2bb548cd6a16f9
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square71x71Logo.scale-150.png
Filesize501B
MD59272d369f360197d0faa5fca55a433da
SHA17b64c3779e5381ffbeb7aa7ea41beb2bd5d8ed98
SHA2567642bc5234c0948473fba0c29bc9fedc03ddeaa463e513f0c7399d7043368336
SHA5127f4ddf50acecdd529f1064f6499bc47c5bcb0d1c129cdc66eb34c391c6b669ce0a8eede08b70288473615cd6f00043b5be039c5aef719dece4b7981a56747d33
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD555c082e5c753a3be7704ddf066d0e895
SHA1ced13c44a19f82b143b033378d601f93b1de3388
SHA256e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8
SHA5128a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5c4be1ce9dc39fb83fd5a2d617c2a4837
SHA1eca34cd429eaf350804bce704d19ea61c74fd54a
SHA256403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c
SHA5123e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png
Filesize501B
MD5cc732d0bd874a5559714f32366affe1a
SHA1b1b7b5585059d53f44d8e0dbfc260472ab658c71
SHA256a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed
SHA5123d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD535b0bfd4ef2cfca03675d0e9daee2256
SHA1e7f0fce8e25dfbb4a0004e3c15776fd528baa7c0
SHA256b8f11fbac3b530824e50e686adc3141ba82330c48dd8921f16e034137e187b00
SHA51229a90b00bc82918fd837f7cb8742c8fbd874217a5844a99145f67342a867894d8e14f913feb5a750259bd52bb224fe17e3e253e84270a3d28617a4be4a042bcb
-
Filesize
81KB
MD5e32768da5ed4acdb8fbec126fa0434fd
SHA1d524b4f9542b5d80aca35a0748eeb0be081b3351
SHA2569d8a0b0248a368f59bd424821a21d01bbf56114bd30be670fa77e7aae0367ace
SHA512656fe4ce93160c0fc7654213a899a195a9fc479ee9a3fe04651544ce84be935cf0cf4e3cd60f75b7aee34b57be319b451c6232a29595e63d205b913d182f2162