Analysis
-
max time kernel
140s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2024 09:18
Behavioral task
behavioral1
Sample
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe
-
Size
91KB
-
MD5
61797409f8b005b6cacf5e59851b5dbe
-
SHA1
5536bd41d054abbdbc40610d6a0a136243e08cc7
-
SHA256
c141071bbe9887987205704086574b923a8f9d1197458e7298025d0c8dd2d36e
-
SHA512
4fa58c509459edd2b29c17c8a7906c00d2fdef33383495ff908ac8aa08e189d4e0f883b03efab281dbb24b7103dea9c88b64900f3f3e3aebbe31a73f182d668d
-
SSDEEP
1536:rr4NzX0Xt75M2V2f+ffGQzRbtFO8616Cs:rriEd75M2V2fS+QtbtG
Malware Config
Signatures
-
Detected Xorist Ransomware 5 IoCs
Processes:
resource yara_rule behavioral2/memory/4228-2447-0x0000000000400000-0x0000000000436000-memory.dmp family_xorist behavioral2/memory/4228-2448-0x0000000000400000-0x0000000000436000-memory.dmp family_xorist behavioral2/memory/4228-2699-0x0000000000400000-0x0000000000436000-memory.dmp family_xorist behavioral2/memory/4228-2701-0x0000000000400000-0x0000000000436000-memory.dmp family_xorist behavioral2/memory/4228-2702-0x0000000000400000-0x0000000000436000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (1359) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
Drops file in System32 directory 19 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@VpnToastIcon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@AppHelpToast.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral2/memory/4228-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4228-2447-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4228-2448-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4228-2699-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4228-2701-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4228-2702-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\share_icons.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\WideTile.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-lightunplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-24.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-200_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\THMBNAIL.PNG 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\remove.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyView.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\8px.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_20x20x32.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-48_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-30_altform-unplated_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-lightunplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-125_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\da.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-lightunplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-20_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\SmallTile.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-256.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MusicStoreLogo.scale-125_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-48.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCache.scale-150.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36_altform-unplated_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextLight.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adc_logo.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\UKRAINE.TXT 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-64_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\AppListIcon.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\DefaultSystemNotification.contrast-black_scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme2_31bf3856ad364e35_10.0.19041.1_none_8ccaf9c8444b9274\img7.jpg 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\header\Images\headerhelp.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-48_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\6.txt 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\AnswerWithVideo.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-black_scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-72_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Generic.Theme-Light_Scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.scale-150_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\Folder_Small.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.contrast-white_scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\Assets\[email protected] 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\n\privacy-icon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeFile.targetsize-129.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\BadgeLogo.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_windows-shield-provider_31bf3856ad364e35_10.0.19041.1266_none_1abb9653828c3f41\WindowsSecurityIcon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-96.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\Web\Screen\img103.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars49.contrast-black_scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.contrast-white_scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\TabletMode.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\Assets\SplashScreen.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.19041.746_none_492c8c53f3547077\Pinch.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\WideLogo310x150.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\ProvisionedApplicationsWhite.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-30_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-60_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Advanced.Theme-Dark_Scale-300.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Ignore.scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsCloudIcon.contrast-white_scale-150.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-96_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-30_altform-unplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\PasswordExpiry.contrast-white_scale-400.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.153_none_47569e595c44e70c\Folder_Large.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TinyTile.contrast-black_scale-150.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\System.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-black.searchapp_31bf3856ad364e35_10.0.19041.1_none_e479c512c8bfeb66\AppListIcon.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-16_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\PhoneSystemToastIcon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\WideTile.scale-125.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.scale-180.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\filesnodeicon.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-48_altform-lightunplated.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-black\MediumTile.scale-150.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\YourPhoneCallingToast.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-125_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.1_none_9fbebf8222c20a6d\ResetDriveSquare44x44Logo.scale-125_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-48_altform-unplated_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-search_31bf3856ad364e35_10.0.19041.746_none_d30a83ff81d13ba6\logo.contrast-white_scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\Badge.contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\SplashScreen.scale-200.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Assets\SquareTile310x150.scale-100.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\clearSessionCookies.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-125_contrast-white.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-256_altform-unplated_contrast-black.png 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe" 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JXJQWHOTJOGYETE" 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\81GjVbePNt0iBY9.exe,0" 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\ = "CRYPTED!" 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\DefaultIcon 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\JXJQWHOTJOGYETE\shell\open\command 61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\61797409f8b005b6cacf5e59851b5dbe_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5e629e760fb680ee0fd8fb22f8aa4a691
SHA113a4b8e96635bd051818997d6acbd0398b3fc8f1
SHA25673c3001bfc486b427756d007d742b5fc2f6fd801f63a5bef3e31e1cdb6bcb704
SHA5127d387009ef98c7f73b8585e38e36091fb2c13540957158618aecb9b069c4ad392e45af5e30b757bbdd4327f8bc77a67d047038ae59b6914f20c8c3c0f6659ded
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD577c9338416691b018a96d4033235c47b
SHA1438b5ac11d1ca18c4103294bb3083ff835e4ff70
SHA25603cc7c28271c82926b225a81dfd15fb9da88668ca2d10149cda84cc7e4495bc8
SHA5125129574555df20d4431d3952c4b151f881d385e4b09eae8d9304babb40f581a4a117f09d20fc419585b11961c7f6d254262877d44042f2dacbb9b2b708e65e57
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD53b7d44889efc4d1d0acf8d325e0e7db8
SHA11e0b1a4fab693ab5239da89b4f4256fc66d3d80c
SHA256b72875e999744dfcea8ac99ca5e923c7f7eade60231b4bdf9a2605837de43e0b
SHA512bb949097c9bf5763f01835e5d4d68a3d4f5520b774410ec7e46ee1e4474fd1228a4a53e71eb2ab324812068447020a1a5461bb33e54c60f3fa6f63123b895761
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5696fa80d30f2d791fd80c2bc6181dcc0
SHA107b6505f2a48eec49a092808fab2d71f6bc77ed9
SHA256efed47fceddf41715ffc1d6668593bfdedcb4413aad266f09ff89c0294798a0a
SHA512013f42ecf53682aa0cb353345a86ab2c1d5e09de6d1792ca8ac7171e312c2b39f9c2c2d39b0f944a4d1220efa79e5aa621816f7e3a99721116d9f1b48c51b3d8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5a8140642c098f8ff7cc34d5cb331d7c7
SHA11d4648adbd2e59e140f9f6d2add908a9d2ebb17f
SHA25629f88549889e87df50a0b3e0776a8126e8317cabe400b529a2b2642a41968001
SHA5123d967c1878c12b6bba11df5b0f01848fe345b6bdbc80ba17f38ca33c7ff0db460aa32de52d5dfa288c853db368d3f42c92cd0c51b848390d2678a37c8828c3df
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD50179831b958867334f562c20a4a089a0
SHA13885ac4aa22d047b94827a00e6ba8841ce9c074b
SHA256b91768ff8f1cdb4f728b486129e283fe49a2e7ca1813afa40090f3e8b4d0b36d
SHA51237c7344de6a1d19a9b4aa3dd0f425cf21608c6a4941357f6d61cb6ed43bfc50c2a05476675d7070472385301269d4c626425d440a0a70c206b953f759e0b43d8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5f56c505faf6688da70f40fcdd0a14f0a
SHA1e95e415299729f8d993897094f590051697f2da1
SHA25629d7c4149ce9b7e232d7621f70083e6d29584bd44c24766119904a3f0f221426
SHA512de8466027e52621679161eace7464886d0b870f673ea5091e1d03df20b910e4c3040cedab5be898fd1d3548338bfe643e4f9a8ce1c3dae62281656c809f79c96
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png.EnCiPhErEd
Filesize388B
MD5b81c023089f041354e60f0ce374d86c1
SHA1cd5085208a429d80b5f0e84a848f7f118690c9e8
SHA2565c1e82c9649afc045de72ee723472d343ffb560f5f7f8bd726614efc55e930f8
SHA5127f73e5d51bd7c7a89d8b7256bd9958e9a81824adff34ea18235f435fd5b233dc77678088960aa3a207ad31d6707cc83f22eb5ad451137fbfecb14d77f2a1a3e4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5a697bba4ab9bedca6c8185bd5aadd368
SHA1cf15abaa865192448eac660101892b794de9e10a
SHA25631e15761fc28101caed9b613e1fad12577eee56e8f14d90a3f5b95e939b19fd9
SHA512575dc3a466efca003c7b8954137e9fb69ad8c22516dc4af671c8f6464ab619d0dea9186a5a8527575c18bcc62eebb7d47f52fbfc9903198066f1e4391e9cf88f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5c640257f67f4792e39f63e23b85ec4e8
SHA120e936f2654ba660a6a78fa49c8713ebbccb3fec
SHA25652731df7efe184a796847d6c7d0d0eb24a903e1efb54fab5c27b3cce4c2e3cdf
SHA512b9baac8ebd58dc81c8a62c0645946619ccc25c600d8abc12313f106d39bc94898701afc2615fca5418286b6827a2bdc5bc1c34a0aa14933ff6524de1d71cd7c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD568b49b553cf81f4e9c679b40348a33b5
SHA1c4e1bbaaa3922488bd2d930760e29b5d4beb34fb
SHA2569f6c42a4b7eb9cc3b0e3b79626e17fc89be867093799003efba70850b53ca83e
SHA512387623bff876cb759edcd49646eb5aaa7e7ddba6fe261dfce14179fe71b79257a5c039d092cd6c81bf6e4342f41336259d45e1306d79fcc81e45eac718954193
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5568a12f186a6d06db6e9cf57ae83cca4
SHA1968494ffa3a3421f5d64627977d2d0d9a452b886
SHA2567486f162bc4cb01af4b1ba00e42bbeb80316f73c9c69b7e4dc1a2cfdbe2bc915
SHA51273377f9f41b2a9701e2d0482bb2a1745c3ddbeabf2baa77508705977ab46a582d58e1bee5ebfe818d2ff7f44766ce389848810a26a3738317ffddb9b310ce052
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5b506380e21e91621473ea31cc44b66f2
SHA1042c7fed46910dcedd462bc2cefb77bde6601002
SHA2568cf79aa14f4f912779df0ae3af472b445c58274129e11d1ba41100ee423d5e97
SHA5126545ccb0096c6b94ead0764e02430a4087254c1e7669d9d138d118cd79e1b6bdac8b70ebd0de14d0b6614b35828cbc8140a34c5549e648100ec3dc3a045f1f03
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD554f7ae1baf7239aaf3008ec4bfd611a6
SHA1d9175d2eaa224ff82c22c4343d84cf688cb3de8d
SHA2568fe6a8e37c2fd63da0f99111c3d1f7d3319c9f5db8d1bdb733ae03e5e55f3ec8
SHA512db368ed39d7570f793bca9c0c0783afc9c902c3f73f5a8179fcc203ff533967154c447133ecf77608ff1a4e6ecad7de3c40852fbc22aafb4faaf5937882f3063
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5402b5f963b409013a6293914c2fda320
SHA12da09f5ccca3131d7305df60b459790aa74570cc
SHA256f0afa0783a9e0430220df02a4cb30a435b34b8a6790a9e40e335a4845095ba63
SHA5122e3a4aa6bde3342078a2f469852d07def76982dfa96471710e89bc14751d8dbd2251c4c7e2708e327568f2f6db2def91d24eea7e02aaff946170c94ac14c97c5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD51c1fe1885f24054f60e712fe75b8462f
SHA10d3da3b5b69abaf0abfa6da6e7421c8132fd75af
SHA2569f0378d36c29cb27d558570f6a5f9f73195a90f8cbc1db72b317b52ea8377e7f
SHA512cecccc57db56e6acbca7dc06e5980ce12db0810aeb2632d3e0b504a724ffe90340a24905d5544f83441b92afae5940c237059260e1c1ad57b9583d40ac0b2c95
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5286a92fb28db715f882adfcc2b0cd5d1
SHA10aa908a0174839b8b46a80b04c6923efb27f38b9
SHA25636067a78511960826d9db821fe005b67dd66ff600434f142868c153fb9bfb9e8
SHA512ce7f657bb43aef4f5b9aba1d7062ba8464204146db132877e6d74f105f4f0a9120bedbd3300cd5c8242241b4723e7388a7729e0051edc359805c86988544b138
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD53da6c190bbbd065712e0113d7241d455
SHA148d1c062f998143ed4610359e547352e20005825
SHA256294b498cdba53441c434b75e685939e62cb01523e75fa89ef13cced7911f655b
SHA512cc127780fe2c8c37bfd4812dec77ddc0b0028499e9a68018e11546e40979d98ff04dd306cdf74be84def4c1a7778f34d107829c77944899f11cfa6e46e953c0e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD530ae16f6c3a80c2f874bec1bd34c01f5
SHA1a6214914f8155cba6a29d32eced9ec4fc4c15d78
SHA2567f8ae2d5214d744a74e3ba6efb8c29db5bda5d4dd6b6127ec480edaca99ffb13
SHA512585716b75f38ae990097481c08f405b12f79029e1d89b7628ff38c368d92e4911d0706fd5db20f15b23f3a7cba84fb1258099efe24a94a1c8bf3809daee42139
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5aadba34d71e28e09da3c4273a9f8abcf
SHA13d152ea49ae8c63a187956f4a4dd9aa69b67107a
SHA256b352632c7c070ebabcc0f2131f713deb7a03ab86a43e9e57486f8d22bd4e39c3
SHA512faa1eb764926785b5cf2f969e6f04f4a602196700bad0d99e9dfb4e47d7eb93cb2947b3c0d2965e21de5b585bf78a759775ac549e389912a4d561585bac0d0b6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5484fc27165e89cf5e71d20fbf988c35d
SHA1f30c31616a052761881f380b311c55d071976108
SHA256a0bc67da2909dfd18d5f626f6b44b33da8b1b317e1a817ec518d83230306e840
SHA512fcc512db9dec76500c44d4128e47df4088150a8151e134f9c691c5d6974e87286b6982fc88ad51747d333d90ba7bd3136ab325a0b9fa056162d9718c2bdaa9aa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD51f7bbb45f6344ee3512037b072fa8bb4
SHA18c210ce6135012a7c8050e187099c4d523c593d2
SHA2568c758124f7179cb3eb582866cbd5d7a8f894b2ae68cff516d5117773b5c41fe1
SHA512f2d5e0da217196a4f125c3e8b554492356f9d4aa0b9625d98917eef0b22c98fba982c7e690ce74e69042c2d19e2521f5085b3c95b7e784f7904b6de3dd39679f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5bf05598760afc71639f243fc2225d3fe
SHA17f7d4c83b2faaada79ead6fe6103c4fd01eafa81
SHA2563eabe2a60bbe644ec9a91dfcdf31f7155f3b400a18f4739636275607d2ff2023
SHA51201202c42afa432ead8e19af61f592eb9081fed67605692c44270ea7f3a721e63c6eac0ea92ca9a4337a6edc2d9444dc2efcf0fc50b22c7ddb24f74236e075d46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5ce407e092074ac5e5497d6d895ddaf02
SHA1d455342325a1965cc03388e0a16fde33b24b89d8
SHA256eaebfe217a7594221339402fe9da8ac2c0e87c88bb49405165342a064f913ac8
SHA51223823e96bc804d002d88f4e27d4a9aa752e8bf15a6a71527e292c613fce1f4596c91be730e6cf6fad599a0b8e2bda867417f9956cf74456e35a2b78c92a56c25
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD54836b9519293d2f8189f976afdc4e892
SHA178025314bc3ac08c26168aa16e1830b28ecb08ef
SHA256881776a8d1f4bd034f06235b36bc9b21a90e0115723e01d27b719fd3239af900
SHA5128c57df1b90c5c657f9b62171ca3d8859bb983f1d61702e9a96070a2da4eff384e1cc32f05944ed409074705858afffe5dffd61114b056a49d889153d66d800ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5fb69323324272abeeb00b3e888ee8785
SHA1a3aed92d24dc5b34923d46d2aa6f059297130522
SHA2562e49a62b7fef30729246bb8d111f15e71a63be2f9f1fae41c74c1b70b056a5f4
SHA5120f391f464e1c916751c8cfb3c219e44044756c34c0f8f9a72df4f419129ea613a6ab042c543a5cba68d5f950c4783ba43c9d1cf73968b042a6461b31aae447c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5e1ab20f9a9376a049515fc01911331ff
SHA103e16079b85cf91e9d6da23ccd3a896548143515
SHA256e35a90b029f7c0bb288e4a04a9c579c28ce335407e35c9e523419bdc52cd0288
SHA51212a4eaa8d3f1cebe6827bffa76713489b7bde4e266a9330903ebc46c1507499a6889cf6b16083ab28f8b956dfbbd7c93cd57b150afb15f314a52200a75895f88
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png.EnCiPhErEd
Filesize4KB
MD52c32988a58a8206adca75576fddd0db8
SHA1964d6efbeaf11c4c3864f7a4a2909edf428ebb42
SHA25610622c99309f63920690895fb8f99aa81f5b6603cd8287c9fa2999ba8f3087c0
SHA512e9b8cc090949de448f2450bc439abbd5060b7145c7bf6fcd67e58b85d8cb245a46daf7ebab1951c85877beec74d42141357611fafa3e39720589f52deb58a0ff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD50dc4a9b8b439740e353d4aeab32d3bd2
SHA13f196331d4e127749eb631002b7ec25f2b0fc133
SHA256d473a351c87db39841b479a6e5e23eb9de8c9053763d27293ddd51006e49f6bb
SHA512de5d1fa2c090e89afab452ae9b6155bc4413e1bd7bb337a5a83a53eb693ee0bfbccae3d258b8d027d1ab3b648ac8e535533f7bd21862cab3e594c0be85acf98e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5554f9200d43d8e1a7e847d787c4ccbd4
SHA1b90c3714c7b975a6075efeb225cdd4a21f2e5d45
SHA256439f7714b184e43fdc97952c2ad7f054cf6a8285d6779839ac7ee9da6f43257c
SHA512431ddee55510f18324cc0ca8a4bf476e9bf4f5ba8d4dd9a17e9e3899161e16af51d2b3c89e1cc29d32abb189afeedb5880e7e0c68fbc8cb6348fec7fc66ad0d9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5a6bf4b3268bac5644aa62c7b90f2de80
SHA17bb30e65b1b21e96a38db55b0c7605c23757a6ac
SHA2567fee0d6ae62265a1d418c9c9febc6471c588c54facfeba770c5a5ae1e604d365
SHA512fde509013caa8a97d31abd642a6180a169b717411758e8c607614c1a1116def9d48a52b2c6d2c94c2915849e631c1772d6931d9a79b80b9da7b2dda82aa24d08
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5b6e88079a286c07507a9c152c821a892
SHA121e0fb3a649733cd8ee5dfc76540e5929b6482fc
SHA2565910dc716145c2357ff65a434e23c20f0c2ebbde92a95eafc7401dc9962e4e53
SHA5120b7f182833517a5621bb1e069a24491af0be1faecd48dd4a077850ea52a9796f4ad8d98aaab39fd80d2a3e1c4e39b11abceaa6b505e0bc0f8f5c2fb2790d3606
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5e926bd31c02a4d320310b285d18fd48e
SHA14d8a059c908440504a113cf69262ef2719e1c969
SHA2564626b90db9a187b686886b5b394d7652c90fb5ccc5073e3161c94bd39b8abc1b
SHA512ac859c0d140995f353d9543a8d46f8bcf2867c895711ed8e59377fb9fc91e8ba546305d803c947d5c5dc045eb1253be70b0d63ab606a3e54e50e5319f4b8af81
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5123c917f13e1f1dc6014d2b00aafbb40
SHA136c47f8413c4614dda26fba533aad1f85a0a10d5
SHA256a0684fe4dc45e8693c6ea4ee3849afd62c61522a358ab3c0445f22d2ff379485
SHA512a3667f372a0ad1b324e850f20cf0b65d871cc25a9a4426c6a09b895c7f45925780da8bb4f90b53a7c2ec9e884ab54215f1665700ea588f7b9487ca404773c09d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD568dbea44ef614eb79aeb004d9ea29766
SHA136c07d22c226ceb5725cd37f41f44e7e75518777
SHA2568894f4203f55071011690b2f049b09ebb9d1b7344c9d94d26a93d2ba7f6b2549
SHA512582b156e9f00b082e251c5eb74766d6e7f302fe1e792a57a81a08c345746a6112763a0f27d935e553667a41c6c3aff0dc971912e9c4449e097c4fc496e271806
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5da45f7011f0b7160c3ee0a8493515d8e
SHA1f33ccb5d1881551def9be8cf85190efedc137f3c
SHA2563967006c5afd30f61a57483f4a3533ca1edcd9d57b16abac5f3a0de0f77547de
SHA51232754c25f6dd287f1bbe84304b9deee215346e7e42a1572fabf4507c386a57ae971cee6d0b160ea50266630f268ed162ddf0e5521d8c9db438d9100f3f70c9b5
-
Filesize
190B
MD5dac39d31eff4bad02f47398d082bfad6
SHA1f4c4772aa7a1a95901ca5153d046728fe0d4bbbb
SHA2561531fd321115fd6fa3f3259046be73645139caa6df49df9810534decdac5d326
SHA51200d84afb10ff21498207311044694da7343a6f9ee9b64e57603c7534dbd80c5b48da830e7a496931a51858a282bd403f38416a1ce593726a736a40c23f772814
-
Filesize
190B
MD5fff2689b60f86fe745e8f4c3af2ee29a
SHA1ab6a044bfbd164dffc477d3ab330be5a969e940a
SHA2569d18a673f3924c2e2fe6c37c5f229a2e57ce704825aca0f9cc6be079171cbb7c
SHA512e2899bcc652451d5530f0609938bfdf21f85c11de2f4e400eabbeac2ef705229e25026df15f616a30ef540c939be432fca856c4c1c973c604fbbd99818aa43fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt
Filesize77KB
MD5a22f33be922c33bcbcc3d016c942216b
SHA13dd24455936f6eddae1924cc0c0f08bddb82b80c
SHA25669692b4ca6d4c38f02cf175e072b13b846a986837ce4a8e0ff31664e285beff5
SHA5121692c8d45979d57e93e171bdc2ae6ea644774ecddea2d2f3ab9f156040425b1978793d8b07b5a3eb64b69f5a70c5daa1806b00dfe51a42c1079971beeaeced4e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt
Filesize47KB
MD5e9e1792ea6b1fc51daf62939b3f0c7ff
SHA105f5e5ab30646e68931fb8c7ba4a7fdae3a37faa
SHA256a09c1f59c16ede1daffaa5bc66eb3044cef0b4e5be154041d11c5df5745788fd
SHA512854b8cc557e574576736cffc84c3aaf985eed4fd373b91b97ab5562d0db51d1a392c08848a3cad19c3de6f0541fc9f86f10e92459085352f723ce5861b64c6ec
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt
Filesize63KB
MD526bcf7cec2e282d02c141dc4f656f369
SHA1dfba24cdf4105fbc3d7ff15d5e44df1c1bdbac6b
SHA256b76d6df6371e587df7e03820d3a47187d271836917ce39acb17714dcada7973f
SHA512be670c7576b14bee0d47f725cdc842371cee3bd809b5b9cfcd09482371abb1c8fca240573485b18fb599c536df6a3c51f4cef5d4bbc5dff2a5cfae7077f88c44
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt
Filesize74KB
MD5eafdb1e8fc0b23581be90160cf538c09
SHA11b086029b0ff4fc0ca52328d5bc23620983f6186
SHA25618094e99f5bbe7e35134bea1b4a1cf89add8fb900df2106020e9147440cb2675
SHA512c571c0313b679f0037453930c151ce604bd14a149c9d79c1954a368250f63ea740b20d4a54903cb7207efe00ee67bbcc2eefee08c4d31621ba3f9d5290221bcd
-
Filesize
21KB
MD5edda91b246d82df280ae7dbad7709c70
SHA13fd6a39ce0a06ca3e65cf453b34b4dea141c1f83
SHA2568c2c958ecb7e3ae1645489fcb97148d99d81e76f7bc894f5d0282f928c61399e
SHA512f45e36434d5fd0c11cc96ab2f967671b48c274d41497380e131f96bca440d00ab289508408353453c8d6f976cec735a30c20268b5c5cc45214c2fe80ef0cdea0
-
Filesize
8KB
MD5a4dc5ebe45f42cecd6a21f522ea6a3d1
SHA13298e93098e9d8e88cb5c07a99bcc18de2ef0ab2
SHA256c20a6071059a0e0f67ab55991448bb7a364b008d5d8b5a3889a46f2959d9e3a5
SHA5122084be2872118ec7c4296e50945090909a9e8d1548337e3ebe612c7006b9928fe2a1f72240fc28d75e313b81d17cc6221297bcf220b949c59b2a9b2b8719f104
-
Filesize
1KB
MD57383755058e0cd2a01bb411c165cde58
SHA1c30dedb05a35afd7e03b682f6d9a0ad16a9c7201
SHA256b972016874d51a812bc675aca085bcb08e460e09c58fcdaf70243387bca44dc1
SHA5126d17962bc334e869c937727cbf4d29d95359f259733f38263ef7881cba0207de6c534c6b0a947803b5b1ec192f904134708731191b647a7ceb7b9b192846e1f2
-
Filesize
8KB
MD5690aead534cd824f57fab35b1193a777
SHA19f87b9d594454aed0d9e3627cf5e6352675871ed
SHA256900b9c9eaac551d937b0b6322bea29561da31422ee955b22c52c45bbc8ac326a
SHA512f3cadb755eb51c32ab212f7ba7eb428ec13ec5d72bfe7ba45cdbd4974491d0cf8fde0d348a3faaec8aa6043580bcbedc200008d9fabe09c3a20ec8429e04c61e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5ca4e72d6839e69eec26ab0461ff7b4f1
SHA15786e463f76c31b290d135da294c1a925c771b7f
SHA256a5285abdef65de89942247c61a1a0faffb291eccb652c556526edddbba01f4e8
SHA512a07fde3f7659cd7ccb1985984532f2fb8ef9f4bdcdbc9744d9f53b24fb0c6110c102746f4819ef44b01b6e24e9448e4e10e7b5704a026e905085285188f2f042
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD539978f0c5dcd9c0daf0b1000a8d7b567
SHA13ea7240ccb143dc82e2df847f653b875750bd569
SHA2567bce3f64eefc9dc9d0c5e61b269fdbec161bc7d798182c21e4a3a559cee41cd0
SHA512c9ee4cdc53a16976d68a01aebc7a933b6fc3b4deeb2323ca868f414aa35f393a644a685ed87bc5b71eafc93a8c5f2e2673f1c777080868c490d3f3a2bac26a2e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD583fd00bebe5667677dbe53a45ee7cd59
SHA132c869db25ac61fd5c4fa991338bbdcdd51a7c57
SHA256517a4d3cf1550bfb7a5dcc55d2ab385599f117c545a8c59247b6def3e097f355
SHA512a004e4585ca8d9be433a10dfdfa0951001a80c2b5305260df1b554d776333ec342bf1ed90adab8281f69265ab33dfa65b59e3e99bfe40c0aa436da004494d957
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD53160b7be6b65ef575e9fdafdc4778555
SHA1d5a41e968cf19dd2d5c65c6fa47b54a975c6067d
SHA2564a3fdb921cb1bbe9f17fed4402340af351196d23d3e18d2e3ff41506e92fb030
SHA512b1b020c9ae9f466d01d3f6f514fe4275a3b0ffe07b3566443a672b1fa83487dcd7fcd9a871120ba3aa5baeca984bc5a938b577499c3a26a42bb5f11f80e5a633