Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-10-2024 09:09
Behavioral task
behavioral1
Sample
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
-
Size
26KB
-
MD5
69cf0d9cc7110102811dc6fb8176f1e3
-
SHA1
a4aa1c048bf70cdb7eeb9be436624f596491acf1
-
SHA256
e9fa54419d9b5b5938d52002f43e3fd06087a02be7f068304e044e1eefda84b0
-
SHA512
11126a601fec9fc2bbd82c581c6394d7680ae0fcfbf6440163e4883c8ee8358cb0eb366a3e852ae1f515b382c5c994614cc8f83967a82034f2ebffc7fcb906c4
-
SSDEEP
768:g9rVDCxIf0dkPSQNrsFrX1tiq1UTJh5L3A:g9r4xo0dkqcCtCTJhJ
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
Processes:
resource yara_rule behavioral2/memory/1584-5707-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-5736-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-10244-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-10980-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-11313-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-11314-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist behavioral2/memory/1584-11319-0x0000000000400000-0x0000000000414000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Renames multiple (2180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops startup file 1 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process File created C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@EnrollmentToastIcon.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\F12\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0816\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_cdrom.inf_amd64_f08f2fe1cde58aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdm5674a.inf_amd64_ec8de8952888a618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\downlevel\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral2/memory/1584-0-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-5707-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-5736-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-10244-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-10980-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-11313-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-11314-0x0000000000400000-0x0000000000414000-memory.dmp upx behavioral2/memory/1584-11319-0x0000000000400000-0x0000000000414000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-96_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-16.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\JumpListNotesList.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-100.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-100.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-200_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.scale-200.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_TestDrive.help.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\file_icons.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7dc.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_altform-unplated_contrast-black.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\WideTile.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\3.jpg 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-200.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-400.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-60_contrast-white.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-20.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-30_altform-unplated.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-125.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner2x.gif 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-200.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-400.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-96.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-200.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process File created C:\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.1266_none_81db67969fabe5c6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_windowsbase.resources_31bf3856ad364e35_10.0.19041.1_de-de_11fc2941d39541f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_it-it_4978a3b4e1c418ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-smbhelperclasses_31bf3856ad364e35_10.0.19041.746_none_d28b1a9e6952881a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6e2070f8240ab764\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_2393a57ee471fc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicepairingfolder_31bf3856ad364e35_10.0.19041.746_none_2a2b860186768dd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-where.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2f284ef04587201\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershel..ctivities.resources_31bf3856ad364e35_10.0.19041.1_es-es_ae02a6ea3e744711\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-h..p-listsvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_ad9e9ef8adfd68d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_10.0.19041.610_none_bb9e4c20e9170a1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_wdma_usb.inf_31bf3856ad364e35_10.0.19041.1_none_53adef47e70a6fbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.746_none_faa675a077e207e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-v..re-codecs.resources_31bf3856ad364e35_10.0.19041.1_es-es_b1020b21bfabbb85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\retailDemoSecurityInclusive.html 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_dual_prnms003.inf_31bf3856ad364e35_10.0.19041.264_none_98596779e8e8c4ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Core.Resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-schema.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_13dd4c4ec91658b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.data.oracleclient.resources_b77a5c561934e089_10.0.19041.1_ja-jp_02bf325b05a9049f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rasifmon_31bf3856ad364e35_10.0.19041.1_none_8b1581a8c0ecc84d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-activationmanager_31bf3856ad364e35_10.0.19041.153_none_3cd73c95c8c7ad32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_7df5a23cf5c9780e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..epassword.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e5e41663d772dc2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\404-11.htm 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-150.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..ase-rassstp-coresys_31bf3856ad364e35_10.0.19041.1_none_315ffa5b81f6a9a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.servicemodel.internals.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_201e2c85dee97c1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.data.resources_b77a5c561934e089_10.0.19041.1_ja-jp_e05b3f893e82dbb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c3dd8e4758ad0702\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_megasas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c705ef7f26fe9ca0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_afe3fd220fb2d85c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-p..standardportmonitor_31bf3856ad364e35_10.0.19041.1_none_640c4e1ead013a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.746_none_56f2f7338735a9a6\Windows Fax and Scan.lnk 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..mcore-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a5bb4bd93648234\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.web.administration-nonmsil_31bf3856ad364e35_10.0.19041.964_none_a652814defb84b57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..nagement-dmcmnutils_31bf3856ad364e35_10.0.19041.1266_none_1638e81fc8fb6e7a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_10.0.19041.1_none_12059d2d4f3ddac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-com-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e060590a929c5cf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..rprovider.resources_31bf3856ad364e35_10.0.19041.1_es-es_bcddee4e8250461d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-networkstatus_31bf3856ad364e35_10.0.19041.746_none_f19d528b8fe3a155\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_0bb831550fd88e36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1_none_82af78fa7992ecce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.964_lt-lt_b6b0c2e496a2db80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\defaultbrowser.htm 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_memory.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_c1c1d4fd805aa332\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_10.0.19041.546_none_63355db9a7888b90\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1288_none_d50678dbc55b5baf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsCloudIcon.scale-100.png 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smartcardksp.resources_31bf3856ad364e35_10.0.19041.1_de-de_1414c4caec0d4406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..service-dmrcdecoder_31bf3856ad364e35_10.0.19041.1202_none_384845f3ef937951\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.117_none_5e3309e281dbf6f3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_rdpidd.inf_31bf3856ad364e35_10.0.19041.662_none_6d39935cdf4c2f41\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..encontent.resources_31bf3856ad364e35_10.0.19041.1_it-it_315a7f6a59d01e90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-bioenrollment.appxmain_31bf3856ad364e35_10.0.19041.844_none_de5d9fe254d9f8c4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..eservice-management_31bf3856ad364e35_10.0.19041.1_none_638b5c2ce4b701e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sigverif_31bf3856ad364e35_10.0.19041.1_none_718a91e09abc2926\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_it-it_038d3f90a3fc681b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_174a5ebb2ef1b0d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_b5e0b6b09fdb563f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.web.management.ftp.resources_31bf3856ad364e35_10.0.19041.1_de-de_786fda8134dc9390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.746_none_476e348ff3b593af\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe -
Modifies registry class 10 IoCs
Processes:
69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PVWYABLYSQEXTCO" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\ = "CRYPTED!" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\DefaultIcon 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe,0" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open\command 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351WtMkTmA5bR1Z.exe" 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PVWYABLYSQEXTCO\shell 69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\69cf0d9cc7110102811dc6fb8176f1e3_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5718370456c0bd86ff111ec2e426fef06
SHA1e3b329017a99b0cc5bcf9e530c045bad706288a0
SHA25695d21b86344f9cbf6d28bba55074871e5b70166d7b4249a440d871320d598fed
SHA5125c5ecce0eec5370555fd769be7e1bea918e904fcb86125095a5060612b4118d6edec6d4582f6990c4167cacb94c91ed668e279f9e9d07cc74cc8965b31c2a9c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD54eacfc70a9b0a13559a9a5d21cc1a885
SHA1fa1d8b8a2783c006c69e29f3143806f2431b08b6
SHA2566bdf636cd415178c218d5d419310df8d110cd430fed871b10b575c150f1ba0be
SHA5122177359f3b868589aa54a1e74e442852a7b0f9b99ccbac984adf4d439ab6e824f1ad7bdc4f95e58c2626c4a3af7f69539757ef39793e91e3ee1eb5cf592cefe8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5ada973097756843635f03424a829c46a
SHA134c550c012ca20fc812e03a87e9070e304df7dcd
SHA256c2d66166ce61faa22373eaf730ebccd373e5565efeea23fe774da8ec45be750b
SHA51287124cd6cf468b61390e905fd24a27093c2df1c1c64e65f7400e9aa862e6a71d130cfe5924d18c79aa96c409b0659321589fb9a3eb8cbf2f431da7a65338c1ee
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5a25816d781d8eeb87c9e5ce1160c1cbb
SHA15f2656326fa23dba422e38b529482934b132f8e6
SHA256786d361c6526a3507b32b6e57875acf26abcf55bd9150e2106d9ed58ebd1e164
SHA51260e5072e66e9d9477a456102cbb6d59bd9ce23fec5106db1b771711149bd3c792ae1eb5e6f04cc9793b189e43ea40bfd779c7bdc3f47fb9d0e0ba6166cb64753
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5c203d23ea6e31e1b233864c3cef44fb2
SHA1cd82e4e63235524afca4334def102672d7649508
SHA256e58086c2633b7cb93b4445aad07613ceb398a32c785d3af01c8a8e74cf3932d8
SHA5122f90032267b8a0c1f8493acf368f8e09f3cda31670f7cce12b0f8dd9804538e87c7082dcad8ff9a3d39b60c35eb17efa10dbe46d27d9152c49b3736a01f0832c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD566251b0658047e0fd5893260252b9ce1
SHA1b7423e308b3fafec2aaec3f9308e73cd78594c53
SHA256ccd15b5c9f7dfbd97c43f1eec7577ba19db2af1ccc90683c1e79979a7b1eaa57
SHA5125b210bfb1f2be775cdce2078c7a9175eb3444e6daebd619020544522cd294e745b3e50d3ac5143d0b8bb9df31511c63bf00238d8688171d452e928501f64fbb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5f26ea1f8c7d9e5c01afb3bb8c7b81ee5
SHA1d7a00922d6fa133c780d678dbc908f07a88e28a1
SHA256b71f40c113a72c68427d817c733d2c098e937cf02759528981d4e81cb4100925
SHA512f05f4bd0cbb3f8cb1f2298e6027143acc7ea7cc6dbfc90eecf3ce5e98967b62d883ce29096cb3fd5825557f7ac0ad385b060580443053aa5db4b6fd3a1e4d9c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD561b8f8abb6ff668969c84753cbb1467d
SHA16a1ff4bde9a552363cdc7f78f8f0b4354bcb33df
SHA256efa5e1f80851d719e3f7d59d3d700343aecac23be49683234a6641c610f43ce3
SHA512c44c40527e891a4ded06bd8933045f8790e4c054dc6dbd920a7946b1e9221af225377407ca813534ace2f644b8ca151b31028036edecc5b86ceb53b7b414dfe6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5cf948254c778ef5c44f2baeca5b24993
SHA172279d0fb947899d343322b82df8f14ccebceec3
SHA256a80ee7ad2a9e9fdd7214aafc17a8e3e668f0c7acf4cb5d54b1195cbcaf9a924a
SHA512f529c48547f4735690a2759c3cee8cf02604e58323cd884ac78019eaa46f475d93bab64c488db3a6835f94e12c4e47b3cadf405f3d046632e7dba7e1dbff27cf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5922b80de43103740e45d47c0ba35d103
SHA18cdfea30f4e74fb0b8c3324c8331eda00f66aea9
SHA25630e653be7679b71ab4e4992bf174f9a9159464ef987c65699131b91fd92f3611
SHA512ff7d68a0f0e5f1701056413b7b66848b44d2b22fc6491c1387d056f3becd71d7ab55af1c583288936fc2450781d10e8e2eafb27be4f9008950e3b82795412688
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5d223a5636db9f3abae5a22db3d947f6d
SHA101d4f6ea97f9cd444dea79b50dd978083691f4ff
SHA256b30b627a7460cc6b535667281df540eaea96af5d43d02caed963fa65debbe03e
SHA5123a717da0fa23d7eedb9acd9cd888be84c96782edc915a750de595181fbbe96eba20fe33f7e7416b86ab74ff8d4eb2d45d4c33db7c1734ced0c7395ff22890aa2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5e2e71e6ab8ee76aaa5cc21d84c0ad37f
SHA12dda9fa4f7b7cd26ee13adee7e3890e53184abff
SHA2561f313eb945401e2b4f700fed078c8c43e304e39314755f936af519bd584cff47
SHA512fc8e6e1d49049db2c8df66d08d616fd00d40981cb9129ecc79bd185fee522c86db91d5e30f00a6fbf79e6eddc63a84fe7847987d5aaf8ec6943a291ceac743c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5bae1cda808051fb122d64c317c43b6e7
SHA12e2731b854978032232fdb1d1538e6d05e77b45f
SHA256b9dc52fea6c856adbbf46359d06caa888cdbbd06232b9621105efd0a5f210074
SHA5127282aa6f3cd03ae1f320ce14885ff9364ab51db01fe02012b2e9f8a9a94ca76236a961b31a49a4c16f8ffbe1bc9bb3c2254388b1d6b1ce4998148be2aff9fd82
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5995b709e175155049df418af2a0ea740
SHA1ad3f8063c4a1d557fcbfc738671263983fd69415
SHA25637cffe6636e442bd5da0bc0994b1fdfd3c86f99385571489ad02e3452f6a6a85
SHA512ef81aa40f165fb748893495a17a4c14a3f8d997fc1e7e8247b99f4ef2afc853c7cbbe373024f402a5f32110b37370b5148a8fc8bec4d5a763d9df2e10e0ddf85
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5c62a3584f82890fa359e5f61e278b1a9
SHA1db8934cf3b1bd986e7407c7615591d739b2fc8de
SHA256179e0638479e615ffc152ac18812adcd645378b5b2adeacd8a249992446627db
SHA512d0c2c923be40885907742b35d2650fd84eaddf0066cc7956ecb6da0681f41d67a5dd9f92e63a37293bdff8785f68e828f825920fd4e8a13f2628a05a3777891f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5237d163bedeee0a8b4bc3d0819dee445
SHA15c9415841b6df7aaf3651838949b5bbb7ea4efb5
SHA256b0f1d8fba9774cbf597541814d052120e5f7bff22b13637911f8267083402a1f
SHA512856bf97037ffa4cd8b317abbacbfc5f8ec802211e8d85b6384e21ff7b07a529b3546b77ec5e0e8b5b769ed515fa9b7fcb7d9388b1b566a665b3795be5c60c7f4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5ab006984cb127a5cdf81fe1bedf9c110
SHA13445019df3361484c4e3981dec3a3209ef2668e9
SHA256d4327aecec182746d54ec467cac7644f1c5a5c2e345715f78dc8ee2c525975be
SHA51263e01d458319c787cff6616445239bbf2d54e114c4aae399fac266ca1cf2e57bb99698d095a28ce13f6adb67896aa36539db02c19e9d32c5dcadfa6a60b14d4c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5e87ad26a17e259632ed72f544f738b74
SHA12452319a3955323e965c430ce2013703b892ee6f
SHA256fc66e04b1ca386977b509195f4cd2349abfb43c466509f759efc9ad0aa8e399a
SHA512ea72d17b799f89ec45f1a638de894c2a6ff00876c2177b3bdba08f1e69aea743618785cf674f76971f2fc3ac3c42b53f9a1a4219e5d34c3dced9494e4fbb4de1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5e79c670405a472fcb0c89ebeb0a03cf1
SHA199dc864d00e2fc2effde01cc7f58d77472b383e4
SHA2567f76325589f4065aa19eeb967f7fa02b9ba982ada4cc9eecb416a9589860d42e
SHA5128a136815706f97b1efb5cac7fb6ff5a0e1d6c2703e09d73237d9ddc643459cb4a432d79ceb9cc73b49c831ed69f3d4c3cde0cada5d6e48f47d88f206207f8f45
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5f979cb47453e97df0b4113d1768a56c1
SHA1b6c688bd30a936bec46131052fd87a5e54560c68
SHA256fdabc275905605dd01707ece0873ef3872b1d96f3e5c210cde7225c6af7c873a
SHA512394e81b0a8eb3d92764e9d4fdf6ad69501559f86b39705e1eb3324aa0ff1246489fe01947853a1e899c935c6e67af8220efa5ffa0190e5d86e7558943d3d8b18
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5b8ed0d4b3b5ca508daaf629de88f2658
SHA17f5c12fda4e06af818d4566e0a6d42efc2fcfc97
SHA256072b0fe00875380832569a3b1ed3b68af9920e9aada602e550279a704e7dc16f
SHA512f11d84477619b470b0bc16d6db4b103c3ffde430fed16173ab2720154bebda6489c9d5dfed5b83b04727c8df36d50959cfa52ce8801c45b6eb117c1c31065642
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5bba5a153d80da002935fe7c42d837b54
SHA1e6e70369eda3cab00ac03905af594b83a94ba653
SHA256f2eb8999794dd381d2dd4e42e13222bef574b8cbed17934291311c37dc242efc
SHA512125b494e882e5c08b99e47080cae15da92df37292ee90f5bfaaf3c24430c4cff06e4d36c517d3b1f427188987df5f8184acb686f9e6c6640ccc1586204bcf6af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5f3ee9671d90368bb832e90ef9340fc08
SHA114c7b5473b766cdc644367205f043d8c4176ff4b
SHA2560a85d3afee9de82a3643cd56ac0e102641dd4a8fe608c950d2f3bedfaeb9ce06
SHA512e850ec699c494956aa78130890fe2f2e0e593469db895560fee2c25041053b1424ed562d49b84f8fc03dc026d8d8d67374c9abcfc469729b98ecf7f49819155f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5262675db6fb1fb7b478893be9bb8c70e
SHA195679f5c01a44a07dafbc935ec59568ac2491e71
SHA25600c01ccca5dc478bdc5c6250fd890e105c39680b9436cb2ae5319ba5b3af9fa6
SHA512f18f2fd330c30d24d4a79ae3f51413e67a6d64a26f55e1bb88d45a07bb0f1cced3c8195d186067936faccdec58c81085cd4d8b90a09fce93a3162e404a1ecbd2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD51b368ef6c0a6023c9bad3d71e90317fd
SHA1c6f7f5ff027cd26de634299583d2e7891c640049
SHA2560927fa85d31b4b80a87b35892396461db5f044ca571889627e8f42e8cba3557d
SHA512fe9bfc086a0cfa089fa32e33c5f5ab6e5b25f77ae1bb298d4b0b1d97156d2f936e7d2585f41a9b4430e5795fef8db2d500352b7b12cab1854342a693edb9fbbc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5911c8982751610357807d9d3020b3287
SHA10c6d504dc251baa2001b973980b0979e496f90b1
SHA256c8f740d044bcf4d2ebe2d428d9d9df3127792c60fe56dec73d5e2bc6ad6b6f5d
SHA512b5fdca70908b2e0481d3017f5e8473dc1921984feb368f24b0b8590683730e63725b11b33bb363cf07647890f5fa84780306c1bcd17b70193272f036adf10732
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5c94e24d8944cbd8d4a01804258f4955c
SHA1a844a8edb2ba34a613f1582501d308dd3312fd02
SHA2565fe289bd928844fd5717684eb4e8949175a774161d1a4a52b1ec8e2b721f9808
SHA512fca1cfb34e30ce5b40cd53f3f3b1000cd95ec36847e6f9607f3679aa5d9d1bb929c3759e1ef09aaa57dd1c227ccae5e508127e4de7c6a467645fd52c4a10dd54
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5452b5624902628998157cb7df2156623
SHA1b21fd9b87d94e3e3a1e5e6632ce36ac21a13a693
SHA2560600ab3f51171cd0fc5ced044c9990e8ee443aac33ec1ac8c70d7f854a0f8141
SHA512f3e41ba6850391480cece1ea646dbaabdd1025314d6b53763b91ba4cd46da9e5fe94dfe74e65167726967e4741591ec74663d72c66e92563fcfc11329f0b4c7f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5891454d64b21acf67185c7e1624f18bc
SHA10c5de58be8cc8989699a29931f9fc015cb295ee5
SHA256019875dc0539bc92e95114ba089a464255c81f143e9da6972a7f5e95c3f50cbc
SHA512b93c391363a8665f937af241f80911b951f4e52b9b75387ec19df7a122013482e84f18c062690546b87d6b88d8e4989f2ef42b86b6f43c093c41e7e0e8400953
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5f7f2750af7af7762484c7e81416f4fd2
SHA177d9dd3834b8968c1ed10c7e141e9e9be5f77eb9
SHA256e928467c2f21ebdbcc5397052d977546d4892794bbbc5787ca9c0abe76faf61d
SHA512a8b40c60df6424978ef2d9689bedeb9d42e9b39df765b97d9a5d90ecf78db0994fcf89f8313826ce4b8c34321d788bfa12b179c74b555569ede97de61166c1ac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5c5ff6639bf3fd7ecdc14c8490d6f6659
SHA1f981568d12521e2328708caa339438b26ce5623d
SHA256e451b139ca7fb7e7340404cb97d63fb4d5e325e40716c41affa99addb62cb9ea
SHA5124d2d4f9d9bceb4792359849dffcf54a56bae60b284f717132b0b9ca52ffcad9ac7b790d02cbf27adc7cd59be8867e9a39259458e56ead4759130ca3d22417511
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD526280f1c9b3ba51ad7b66b0edc6fe29b
SHA1beaaf12ee26466b6a60a38bfe04d4c8a03a17bd4
SHA256d0640cdb3ee1147536fcab5fc03eb9a2df3a684889b2b6882802af30315db232
SHA512618122e666de432b53346640134ea07d9dc2486933de99800e532f2e587df619fee4931615994741798ec8523cadbc5808d2b69693c9a70cc16a5687785c7880
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD568ae0177852e99c136a65543efd4adc7
SHA1e17dae35a1a2a361e62bcdb3b97bd056a463155b
SHA2564e0706efa3ef10139e2391e6c555dd78143a2e3711294e58c1bffbbae4f370a1
SHA5129e8869350e783cb0070d958725dc5bb2d2787e463748579ee37e43c35c69d58a889fcd517faef4240a067a6a4dd831f7362aae1c6283b0c00c34db80cf3d463e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD53610c1cca81f0a170e26a6050cdc4705
SHA13f42a4b42c342d0125108365f4d389e7efedcb9c
SHA25626a65a89a1097d4db7b7bff84796a88584011ddaabb5dd7136d273f4005ee494
SHA51263935a6d75d6f002a7b75a28ab50c234a27817be0e1160e83706606b893be57383110ed0953b20934bbf2fea6a3d353a96e274e19fc418ba4a668a3af2179cf9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5e45c51e125a4f6ab8241e4b4038cb46b
SHA1886612a27f91d4335465068a1c7563a2e0a0f70c
SHA256a21d2f72a0d6be2456ec0229777efc64eb78c16a5f0daf97e2078edbb9b4c048
SHA512c3f31299050e364b4bed6052b9bbd21e980b0dee8f62b50043bbe41337b53ef63015182cdeb35e85dedec44a57f5519f3c9fbd71a394559587236f64d80517f2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD503a304b6e23d5d85449c89cf14f5b5a5
SHA1ffb74a920ad01512d1edcc9de97942eaafcb7116
SHA256fc0dad835ccde8a354f062c2cbe29ec2b472ff483b28327f704f4b223dca2a83
SHA512f967cd67028db78dc51a28e6cfbffcd535f7794e16e00f969e5d9b97441bd94a1758e8153c7e0cbab22e9935029eee5b42c6ff173031a21d132f6ab545727745
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5327562f974bf01efa4e1f55a96e33c0e
SHA10d2926b3c2475d87b8ec7b6f71f8ef1d0e5f4d94
SHA256d9a951a211d1b0cd5c81f4cda3ad65ae22c67cfc52ef6e3846857010deb68257
SHA51228af4645f50d1f79c53d3e97b0d52deac16b76117eb774ad4bf2616dda5877e532f37211876ee97dbf318fbc22d99625a8217221e8acbd79dab170dd177913eb
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5d7d31821d8acac12520487628139dc8e
SHA174f18cb2e402e6b8f211ecc92d5a3738a78506fa
SHA256d5434ff85b2b0043e28c9f89ed8d34c2dcfff87a8240d5a41f7aa0c89636555c
SHA51269714054e88c33aaa6aa44efc21480a8ad3acf6794d0633411c6caf35c50eabd1de72577999246a565c8869641d2b995c8b232db41a0fc25fd5da96feeb8f07d
-
Filesize
595B
MD59d1d2b01587f181babf6afc8b679a517
SHA134753bf0a58375d68a91dfe3b27c66f484dada93
SHA25639d2e715f4ad93e67c166e2e8e5b1ff70873de4c15ad25e4454a2544a17af8f6
SHA512f10828491fb7a4fa7be6c7898bab20422233ae6eeaa059b287ffa98f514fd16b8616b413247edb58126c1554c77ceb334cc6d8749e3d7eecb95e6703f5304f13
-
Filesize
153B
MD51470fad93db56a4a0d718ffb51d49e0f
SHA1ca143a882c1fa1312a893b3bb635d39dceb11fe8
SHA256936f3e2972c9f5dccf6000f932100f3119c360b6645c60189aea9557137bbc84
SHA5121f9dd207c0d0319fca9e4038b5f8421a25acb772867118240d4b0e554d221f8c86fc776c7520f0506ae13e359e46058e71fb9f28867ac9b4b5208ca3a220ffa1
-
Filesize
190B
MD571d38f951fcafad2fc32cd8b8a5ee888
SHA1a2b1e3bd11769ceddf11b1e928a3158b4551a3cd
SHA2565e17a836f71e881d20d1f73f76d9260cff7120784bfc174a2e221f500e7c94fe
SHA512ab2f621c7db341630748b0eae3b80ea7b1baf121a69f63b1357d581988bef34ab8e873a8707e990c23463c294f2c3bc107eae21355a7a8796a9484cffe7332df
-
Filesize
190B
MD50ce775dca530b3121ce533a3797411d6
SHA1964185adbcb4626840352eb385a5550f81427559
SHA256791e14dbf400c45e6b4382287eccc17813e9a353a692fdd2497c9eaeb7a938c4
SHA5125223548cf88ab8d95d3fdd0f9e2a81c9814f42fa944871c20be2f2435f0bf7970f3f486912bede4e3d13aafb8e80873a11648310e166831a49b3e987788c8ecc
-
Filesize
1KB
MD5c16de38dc3d6e549d35331200cf13e88
SHA172bbf3337c87a4595e219240cd577a8157b05f3b
SHA25664be4d145142912e92813f3576338865ca7ee6cb8cf68d8170ccd0e42f382609
SHA512bf0a3f137d9c92f9f6ee0e59e071a546263fb2f97f26be40b934e32fb8b5e5d33f85c99f70b141fad5edebbb1bc2905d8d3987e1487e21f947ec48099e4ffb81
-
Filesize
31KB
MD5caac70b66a41b9ed83ff5aa82789b620
SHA128acaed7a67c41f09e6ba899856e4f5707c7924d
SHA25613fee19d94608875f5f702121b668fd9633d984f36009656f78393bbc9d79839
SHA5127ae071706c1525f34d8104563b2973a44e2dda6cd9339f4ef5469c83c64bdf17db99578e3e7830b21495d258b16c89f07c0b7982ca1ed339b6e40868d2325edb
-
Filesize
34KB
MD553bc068ef83f69485f3c625e15b1f273
SHA1ab61430f6ce331ab963af67d10b63bd45ca34901
SHA25637a5633fd947ecd58b7fb37343cd288efa7ea0ae5c7ac5ddca6e23fd96ac69f0
SHA5123b5da9ab5486f95918f635abfd5c5dd135f125077d076f81af23aaec9254137150169dd180977b2889ae2f3bafb89abe523116a47cf20276e1d6d64b04f07a0a
-
Filesize
23KB
MD5563ae621912d7d71f01b06610c0f42a7
SHA1e5afb54384b65df00d040bb31159e8710f997c11
SHA2569da90eb8328bb790847b990430e756d464558eb2011d799b6d2a9bc5b5e99a75
SHA5127b281d2d295bb0a501527aa630ac615ab2be89f9b17f4f9da3b86698fbb59fd92a0d40da0d7eb009c2e6ff25cad4fe5e19767e2d2bcb04fea9f9672bcea80d27
-
Filesize
2KB
MD563fabd7cded362a8f8a3b0b66de29d6b
SHA1f1d8872de438f8f70ee6b5a747c9dfab4c5c130c
SHA25620b25556239055a09da8117d31bf62581b5f1ddc45956a2cf893d884934b54ee
SHA5128a14d78cbed76555c9d5d47ba5ef26bcb060e8a69c6c67188d0390c07548a25306b8b164116e42beb5e1dab53dd2f6b886b4b9b19c1e9397e24b61d93bc7d97e
-
Filesize
1KB
MD5d20c59ca2ddfda3f069fb3ff26357699
SHA145c357722a107b9b572acc0933b26d454c2e667f
SHA2566e78441eb86dd2307e76092d3d6500de7be92465eaad81d5a7f7c47c76c5a66e
SHA5129f7977982c89f314d9d0784f9b6a3699d88a56e386f17bf1a119b78f0bf32efa6758c108948609ac0894b871a970d2a5daa9df9a7af64dd7afbfe9828f6adfee
-
Filesize
3KB
MD5c3341d5536d89f541037e6c3246f2f1d
SHA13e53aaf5adf71b43e1e8bb159b71681f540594bd
SHA2564db31e2d8ac8f7a1ab988510a947c53a43a6c7cd733cb3f2670fb3e4ee7a376c
SHA512be88cd985e06015e722a4e6a78f118699a54c3573db884448aa21693bf18b14f31d59c85ec21721f5ff9f81854e0afaf8cf12175d5515d885f9681b46908037f
-
Filesize
2KB
MD57c80c4101be94285f7742590e72c1758
SHA1d51555a8817d7c1cac7c9d74c57943b1e7061264
SHA256cf0576664cbd7b29384abd59e832d1d80d93f3324f9f0b9f407dcdece482fafc
SHA512c103b460d083fc6fe3ffaedfbbafd6d06ec44695efe1adf0790cab587f64125a29fa7ac757f722977dd55a8638d314493c240a8adb27e88abc9d5763cfe43cea
-
Filesize
5KB
MD5cb3847840f01535e432490a82c57ea35
SHA10394cf33cdbf234b7898b1a90d9f7bae01208eb6
SHA25610b33a3e21044c16c1ba92590323a36de79eb1829f9298e85fb53c2a909f2c56
SHA51216cd407b000fffcee98e2d7261fe7a09448dadd758bec5653f2abb89c92b9207f5b5574a58dbf68ef628224031adc2333080ac1abd99c1d27a86d8b955096208
-
Filesize
17KB
MD59fdb52036717a64574d02e0e2082cd47
SHA1251b23c85d1541fae7e141a18f294eda26c3a236
SHA256a37b0b39dbc0330f423870ee3710ab9210753117574593140055245d137de7d1
SHA512f0f7471b6c88d0c7b18f853944c0b04fc1efa4eef06c650ceabc9b839c36ae6f602c11eb13baf89730069f04c21d9ee9a3292467d210253822eb35e6d172c3a2
-
Filesize
320KB
MD5ea783584e8e01564b0fe8d8c240bd481
SHA1df5b99c32da9988e7454c6fc31a8eeaab37e3ad5
SHA25696336964fc738a9b4c0a2fa74c5928631e8321bda94ab061f8b4a9686dc39827
SHA5125a5ebabbee84e599d3a54d378ad2d991bdec54ac15a7d3aa1fee36197d9e284b612219a4281ee1e0aa685b92d39d08c0b89818496d913b4b9e7bb0d4116bdd6b
-
Filesize
1KB
MD510c846c207dad506a99ac7ed96e4b667
SHA112e586a3a65e6640ff2456d8036289e2586e207e
SHA256d5617b88e421fe94a5299699f807ceb970db169c19e5e250df9706b214f4901b
SHA51230803920af1d25b36ae028847871fc9211b120983edc2470d2d4fbbdcd98addc053b2a65dbb7d86832a02790bea6084a9436b0be594c059b108cf325bcb55440
-
Filesize
10KB
MD5c411fe99ccc83b638986912493ac53bc
SHA1165251f67be91ca149ee97b9b7dda5f3e558cb79
SHA256134f9a4113197c382ef7c129a15237c36acf1ab936984b77cb0e78ddd0f28ef8
SHA512b2b5ebbd46aa520e72e89e3f4f81d50f29fd73b6d02577b9e1866a69ab59042c1f9c9be31a0fa96b222ee7319fd0ea63460002e2c01b3d9c3aa2927863048120
-
Filesize
3KB
MD5b25a5b133bbe23a837c3dcd6af288572
SHA1a2939d17a7a7ff43eb80d5c2a0b6f833a793b809
SHA256de86ebcaf83f5824925ce3fd56dff4664c7efa550dcb170a0f528ba23f729c23
SHA512a0a71f7f672207029a8447db994b5d9f8b71c5fb942a58825fee8b8aede2a905d6a983bf24cc51573e45b6b24d3d83e4e5c754497b1930c1b21c2f34449189b6
-
Filesize
162B
MD54b70fee1ddca640433af42ce65491282
SHA1255426857572a520568d84590a249ee62f3676df
SHA256b023add34d79129e02b80966aa74c608e49f90dbf692f18801b72f6126211a6a
SHA5121f41134670ab64f3fcba49865fb7031d8f948078c6debef9434d4174162d57abb24581e621e66948e5c33a09c2cab5e7e5d0695644550970ec4a2d72fe218507
-
Filesize
1KB
MD5b3d5c0a6ed325718914cc29fa9dfeadb
SHA1f9ec709d41e169bc91315075bf9326e53a66620e
SHA2564886d158a97c876c29309ea2a7618f0940155a72e15b1b6bd441ee3e42a02b0f
SHA5124f7ff28e341e1fef0c326d28ff81628219e31931db3c64caaba9dd2d8425dbddd54740fa943901358a3b2900af518072d1b548978dfd1561431eee94144150f0
-
Filesize
3KB
MD5d2eba0a7350c91b9b6ea9a1d25bacf77
SHA13d3ed945ca1693dd283a417341a1ce7a7836c4e7
SHA256b520f9b6b1ce1549723a57ed7e38eb8da93377e617f1dad86e1e89e7cc2e8eab
SHA512849a657f2f82f008f559d97a18fabe9e4d4dd062817fbbf89fa979cc6ce5baf482e4778d35a9200f15576319e2d6b1856c6a360214dffd44899723ab59ec045b
-
Filesize
1KB
MD557e8a2bd4982b3cc9864cc60088263e4
SHA15b7f65f884fbc94a05e8a2afe725ca89a7a226e6
SHA25690adb8798d85aebf6b95f72fa27a09cb643f240a65d8c4d15ed76b729c84528f
SHA5125ca88d66332ccade4a318061ceb29cc2824bd411e08d8db825fbd55df23333fb94390bc621448e367c51edee24bd280b501967f4bc19911265b1eaa64f6654fc
-
Filesize
28KB
MD52764b3d83560ffbcc7950db6dda61879
SHA148a3337f5582e377c86c4e0ca81cd2a6cff584ad
SHA2564cc45467714339a4629e20fc86f93109f6e6d0cbdb060fad722776ec6c7f6c6d
SHA512f01ea00a47ecedd44d1f5aa326c8a3d58ccbf9b8538965c5544926f60530437e08284af118f46cb3bd4e76cd879754018b2cf932c81ded6af55935886ef551f1
-
Filesize
2KB
MD572cfde439c6bf0882cafe1c181c6fdc7
SHA1085e7ea62f3c24c2ef1d2afc680fe289fe566140
SHA256d0b5f700da02af5fe9ab54c4119e1af94095edd1b1c56790413b2e776c9ccdf7
SHA5125eabe179dadc4364950317ecf90c87c8e46e66697757e4ea38000f9f1bdff08a0a08b6851a001fe6f46769643cac53ea7129d194e577d800a5afe5ca954136c0
-
Filesize
1KB
MD5eb4536fd30fa587fc60cbd36a1006acd
SHA1e53870fae3618f7ba020bd33aad3c4bfa003e59d
SHA256a03cccb089def651e1e3387d5fee5f1c6a29fac40520f40bb60a05214b030835
SHA51207979d6ba7a21039de0e198319030bf10849033cd8c3bc5a6aa85a716b4c200f158d99485e5a501a67386e65826108d09da978592beccfb9789c4c707b11ec89
-
Filesize
2KB
MD53d1e96a8763a6789a92b15eb4dabe3a1
SHA154003d427f3c2a8b531c5a2f6f3c214a7d6593bb
SHA2564a55e6c84ff3d64306a658176e5cd98b1b69a639bdcc52bc3646b28ad9ddf033
SHA512d53ed753cce9b6f970083818faaaf1bb8763efb5a24eb2a6009cd7c1e30decd4456aea04161ac8a969b1f8b510e673bc930b24df14c2c023aa09a219d1c63617
-
Filesize
1KB
MD59943ce6c10ba0d0e45465865704eebbe
SHA1a07626173cb74f8f0451013ce6249c2ea1517344
SHA256be97243eac67826eef458b1540db83ef22f299804834d84bb99f5efa23e37bd5
SHA512dab201499cdd46f2e00bffeb4ee5a741c00eb0409d9dc55efb5677be1c984f30cf1f4316e410b836b48069f32276c9aa19cf42dc3d2d65faed5773228443e328
-
Filesize
1KB
MD5af7f4d0d24ef051936779307d7582dcd
SHA12c2f612f2f25a36b9e18cb11f90472e0c959681c
SHA25633dc92b12548bb21da41fb8a4743048867d856925daff5fbb2130a794aa2f997
SHA51288bf04c9c77d8ea653523b8bf0f8b3d0045f9ef691dd61d4d60834e40adbdc5acbe8f76d7b523ea9cbfde2633b1cdeb4a63d36e0a83814f962a21211c88ce4ce
-
Filesize
1KB
MD512fcb18398635630e1b5ca45fafba54f
SHA1f4e8847d9c9ab4f55d22958e3f64419c34f7defa
SHA2560a3822c5b27fba932f1197936963071b64c8c7e3809401c2837dc3c6038bed32
SHA5125b6be017406c0ad4df26d0b589f06f8a72128a3249ebe5e0f6bcd90dc99dbb20a2765edc09071132807dbaee04e4f500926adbde3a4874424c83d969de34f842
-
Filesize
3KB
MD5a43042d44c17f84b39e59447b1f59479
SHA1f37a8e3ae9dbcda61dede9ddc36ac6fef7615c84
SHA256c5c280366e07b1c5f704174ca64cc22757e658b825650276a1333b9711fd57cb
SHA51241433831ca1a133a196ed7c4b1cc6dd8beb4163d65f0ed21693dd0a1d9048931d7e803c6ebfe86f2de84c49713abb6a5ef6b79b6cd76286d2b516ecdfe9b76a0
-
Filesize
2KB
MD5345c07a9be2eea2ddb68297e58a45fc5
SHA12d3064179627556b2de7c046c9d235b325d3501e
SHA256ca68e429de9eb4aa02188af1723672285ce82dfdcfd4d3f1f9e18665aaee3770
SHA51213d783b36ecd8eb1044f79a41c24e3f638e2763fcefd7c6f6427e5f033858b2a29b2e4a868836eba7df1f71ba57a261260046f5077cca9cea462ac42731a5af8
-
Filesize
6KB
MD5e545cd4663c963a4d69a75e5f75c855a
SHA148c28731a6b72fe15414aadb1e15dacb03b8a284
SHA256d4dc7668465277bcaebdb724c7668ae4515e85eb2ca7c7256170f84494afd2a0
SHA512bf973d1ea8a39ea1581b4f8e2d8cf3e8e9a8b114fc9de019374e857c354acd6b9ee93ad2cf1b18a33700e4f467894e83d159dcbf0a15e0299f36318597800f8d
-
Filesize
5KB
MD5215a5d13011a6b6b636868223887294e
SHA16e20c582c0ef651c7d894e03bd5aa059271ab73b
SHA256a4e4324ee986d0b40b13b803a56872dca28d799801d407574005dab7fc3e8916
SHA51249f5d3582a8376b28bc2ae26364341aa5c4499f3bcf0ebe264f1cf5a1ce949b108aee245c1b7e41f86a406c47ce42e465e6ac62901a665c649d4bf512f89bc49
-
Filesize
3KB
MD58a9b415b9ca7cc36d8eca17e89ebb1ff
SHA1f0eb7ec289071a0c172221a3dec9d8b207acafc5
SHA256a9650fd64a6160529ac961775a17f300d44de1364f0111595e832f6c2ceae5d9
SHA512341426e020a59a00cad53d505459c929d5687de601a5ea76796e0ad043896842ccd874316c23151aa32a4f95b455e53109353a7be4d41e3e51ee89919eb5760a
-
Filesize
2KB
MD5d84552d9baaa3f77ac06e5f960decbb1
SHA10154345de70f1a7df74b06e43b3d75fb0c4fd9a4
SHA256b6876f0603d0c7cde233547657938166fd918bdf9c8445306ad44293b5330abd
SHA5125f8f2b04c254a4191c8dc0716b681025e04396ef3450182bb54f622c26819eba0346f9c032ce71afa545ac337412fcf4f3d70cd3a3db2651c8d9dedfdc426a37
-
Filesize
2KB
MD5be103dba79eb869b5120302e1547c0cf
SHA1298c55385bddb2bc2a1b5bda757810c3f5edf23b
SHA2568f006531f0b1c92157245829a68145da57f7c6cc52f29e8398e12b18731d8c6f
SHA512e9086533ca99fa5d8f81e3aeed131beeb7568a5e5e6c7f9b05a5904c15053a807635e35de2b8323ec3d02da9be4953ac1f3b25086f182d001f7031eb9c36edf5
-
Filesize
1KB
MD5c365edad0f34a612c57b9fee847989fb
SHA19aa906afe1a7b33e8c10688114dea7db0c54194f
SHA25608403b17d95005037ca8c74e1dd4794c51b7eb3f6fb372a80bb4e081f1a090a8
SHA512f6ae4f188353a02a792be676ee6906e045faac499e485ac990ebe2aeefc9a59d107123bc3bbb83e60ce4726a97d483e93e1238b1d8709e07f519c69d220ed705
-
Filesize
1KB
MD5000539ccb11817a32e41b61c71ca3ba9
SHA15e6eb6a4a301b2574f33f076f913fe8ba89aae57
SHA256bd349fe48f929ae3a7e169eb7d92e847e463c157c1989a6f4686691ef07b5e1e
SHA5127a52ead2d7ef79b07aa03e74f87dcc7e6833cf0db937507ef4cec078d4a520d013de4acd35947cc29b7d82fcde2d4623af3e321f4418fb0071fc8cd6857703a9
-
Filesize
11KB
MD5097335b6606da08f3928fbe49d9b4a02
SHA15797784a25303ad23d4e8ae43a1a66f718f6e94e
SHA256a8cf6fd779f1720d1f6bea8c053691137d2dde452dedf73a6b7298b92995bec2
SHA51219a7d590889997a8304b7fe21f9b0886fa708aca01c79325105a4e4d2830cd3d55ce4986a0480e331a59061f1727dfd3a277940db6f0b5ce69402f84ff75da5a
-
Filesize
1KB
MD5f4199cbb66268f865344faf0bcfb9da5
SHA1da20ace8e865f90a76804964a21581355a2da0d3
SHA256efa3a2e0fbe85eee36d383f879cd6d2643bf86eec67b2319b656cf54b72959cb
SHA512868e60ace988ec2f128491798104128f6940fc394b6068fc40c5bca6cfabeeb826776befad28fae4004072fb677ee04ea8394145630d782ae5981f9952c24ff5
-
Filesize
2KB
MD5d28310e74a73a85ef14a2152c7522257
SHA19b31ba0ca523fbba7c0249bfb352ab32fdb568fb
SHA256c1f074493d8ae8ac953be897bcfdc5082886f448aa861c52e72cfd4192bd74d5
SHA512baf0db2eb5a95467970f7daf7fe9303640abb61237515ee3e50fe7bca43348bf3d464a69af58f40773ea732796bd86d4463cc74b2ca569390141ef9cdf621df1
-
Filesize
11KB
MD5d61f9e8c539fe693f3319e791f613b75
SHA1daa3d1ad04be82384e295eed8dd6c17e00cf8c61
SHA256a36ffb4679f7b2b95c86639c3e18f8ae418b614354188be3dbfd2349b8d56f7e
SHA512f5b2d259cac6b95ccaac6c61450b29ee31f921f5f830c97ccf71d1dc295915e5596a97a4e6fa23519f4323c6c6b326c091e426cdcf7072a456d78349dec45f5d
-
Filesize
11KB
MD5e7e992036d8db7db54a144d1101a62bf
SHA17a345cbdc53f6b2d250317dfc9c38c7929b08989
SHA256852a5571911fe91a190ebb3067e55e80bb7c9feb753c599130f5e0d72d9e0ec7
SHA512157b6389dfaa1d059ded98c6d737a9996a49e3f2f538017894d9cd43ce4e22b78a179d1144645233a6f9e3a9ad9766fb8f835921e77b2c5b89a5c6351ad6ad5e
-
Filesize
11KB
MD58f5334438a02cdd15a7aeed471a90046
SHA1bbc58f94c8212fdfd737418eb426f06d7b7e9e31
SHA256235e4dcaef3945d7cf1b1e7f931905b4884c4c5b91b6f75706b9e651b9bf26a6
SHA51216cfc99593e27ec6ca194dede7b7efea68a41d56a8b91a96e27bc94d9b407334c38054ee560f676d381c28716ac265a6f1de53a8cb1c2ebc02e4c29c506dbab8
-
Filesize
1011B
MD59c86342f81efce544dcd1f97a6e32634
SHA15ae7dead206f96c2819fe57b9817d6616c0b5adc
SHA256a8573d2ddc55fe12b56d6e8194a9ca35cec4bb807be058962a9a21f289c1a2b0
SHA51237092fcfe20dd2ff45caabf8314b9b83b5e52490105bb4bf334d06f214a56bd669c15ea26373ce9f7d5f2b838d79bc3521dca71789a44d309c290a05c69eb3ff
-
Filesize
42B
MD5c924a8e09a7cfd2d772951b07f91a2f6
SHA19f6e0410d5bcf063b36085b28806b4bd042db228
SHA256d1dba2b9bb63a41dea991bc49826978aa78b952bc820063abba9a458f0bc869b
SHA512339c454f8e8fa197e56317641de8bbd37a4dbafb578ea21cb29c9f279e527e09b27f706dee09436b905aebe8edcb02f86ca7364050b1d3cf08000994d8c8fc0c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt
Filesize77KB
MD535a54637ada0c4c1d407d7114b52e3bf
SHA175e8af544d7bd267e35bb88fd54d391ccfb49f8c
SHA2563bd3dcde11bde992e4e7c2a57b4c0ff94dafea3c662e6de29c3ab24da70d42b0
SHA5125dfc8daea927faf003c0d8c4381c575729ddc75021df5121062bbbcf4b5d36e08acea79541a2bf1bc01f8fad6711897592ebf0565dcbd3d2b43051f2fe9f15f6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt
Filesize47KB
MD50b66c6c0b924cddb23c6e4103075f39a
SHA16821fed6cd9cb3d72c5891a1cd0432f469b8622a
SHA2567c1e8c403a6640a7b930a516f6c5a70ec3a3edb1e2f6eb97929c3e87d1d62178
SHA512060a9ba2ce923a40616bd151622f63889d339cc656eb2e9de47e1ce32f79db84752a691574be30adc64370c8b3572bb8c2c901254adb29b10794ce902726ee5d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt
Filesize63KB
MD5c13a9c9605c913cc71db34f85ebcadec
SHA17fb48563f22a5311a449793b3fc3c57ab5a748f8
SHA256170c5dafcf056e75e31eeac4140e545dd858e886aad61f52ba28fbc46337fa2e
SHA5128c100aaf5e42ee967568e2a968a292b2ff760700bc89567928e48183a1d51683324a546de9924e8a3617a341368913ecb5a5e5ed6b0b411634485771bcecb3e2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt
Filesize74KB
MD5132c974b4e960da5437f697be905e8bd
SHA16b9af186c9c06fe34aac7551d7758a2809a4c97a
SHA25632610e70041fdb11b1ff26739b80a5afe88684831092b3e1bc9e039763bc3d32
SHA51252ac5c2dfd9ffbed3b93c34e76dca55bc4816b79645b96b84bca05a3e87ab3e0b57f26be66094e9985b853cb41d800bd8b25016b2f0a36dc5e0bb623568e870c
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD51947989e1bf59b536bc275e5130cf49a
SHA1131712010ef1a4499fab0e7fd38609c01380a696
SHA2567807d3fa232380716dc9448dc39b5d91113775bbed2dfc716a4e55b56b7c29d0
SHA51266cca3f45c9e99b3393437330e699bf1abcd0a7d009eb972e193fd78ead052d3bccac4676fd5797c7197f85d69b3e4508aa54eeae3e64319632b40d38d355e39
-
Filesize
21KB
MD574d98c5e3da22a7a52cc4ec304f8a036
SHA1e46ea0c465302354f4c8cac90bd4b3a0157c48d2
SHA2564fcafc3c6bc689208f8bf6d1dc79cc8efa7742811be3b4ea49af15896243ef41
SHA5122f567819637b1ec1610aafe0db4dfecb4c82575bdd56576496131320d2c5b9f965f7d4924a62ac03ff1e2c90c8b3ea3b8b3c7767e89e45305fa1ac80201286df
-
Filesize
1KB
MD5f1f586d7b21adedd6ed068633a63bd9f
SHA16f47ce84879a654927ef9c4df9ec70d6c402c2e0
SHA256ec3b00fc5558b138ae94a4635b05a2160ca04da7d5eaae365fb592baceb35a35
SHA51283cdfc0d324ab057dbc378edafec3c8a145772eb3197e5cca3a954e52d546390bd50ae2fbe65e2e2c19dea4b34e24aa4eeb24065163f8476b4082ff61e8600c9
-
Filesize
952B
MD5e8a4c82b6d9b8810818ed2a1f017cf62
SHA1d4b728b22a2ff67dfdc8039423381ce7b59ae261
SHA25688c45cbe53f55ccd7e8cc68987897070cebd95d059a8c0fa5d8cb71323e09093
SHA5126696bc2e6fb21b32236345954d4bcae9be4019170a7fd74fe3f6d731ececdba0928c9d50942fdab60d5a31cbc9fb219a3ba5028daafc3ddb3bdbd2b6bc035d07
-
Filesize
121B
MD59a9344bba4043f9304efedc3fe6c77e9
SHA1f53a2744d48d41b114044fa8c6f242a46034c7de
SHA256b41ed2ab4e618347b4a6e6fad0d2e100939072e27e79741f670ba49578dc8a8b
SHA5129756dddb3157a28563253d9904a476323f2be0f325187a91c78a08a9a7df47620e3c9ea96a244e08d3b5fd376470316ac88930b3dba3996ff97ce4508b67b3f5
-
Filesize
1KB
MD5dcb0fbce4b98a2fb2241e3c44b7e2684
SHA10145ab706942cda5a8853197df51680ccae2ab89
SHA256266582c0be83809ce4160a2a4788ac27f30bfff057f6890d41f89a46b8194c5c
SHA5129b11cd409dc22deb99aa6ea7561ad1dae8f2fe18c71f465197d4865d256fe542577b9436e65a3a766b22a71eea8c163a7d51963538cffd17ce22a7fd2f8310a3
-
Filesize
8KB
MD55fc6a54caff74ff95e79fee1592899a4
SHA153bd98d02e8b3e1c4488648d21fe01dc88005d7d
SHA256756036098d7d6132e83367cd74f0dec6f8ba41a0d759216f5f65de95361dcc53
SHA512cfba37c40f090930d5891fd882d4798aa4a4381b74ef38ac70a11623357920affd9e0ab6b960786d4e2df1a726ff4cfee8b06375368e1b9b624bdaf65b3eaf88
-
Filesize
61B
MD5e0e2fd46a068024fc5f521e6bfe83d2b
SHA19c12baef92f45c965bf3ff7c17027d4d315f6711
SHA256e8dab952037f0e4678caa50c7bd460f2da0145fc31ddc3ec2a57ae662a8d1ea9
SHA5120f4249d26267c61d884181ededf0e27c1cd1a2ed7d3629d4649fd416b8061caec17c4bf77029d39e047e127ec0a06d1e86c282b6d10add5ab54edb43f86df5ab
-
Filesize
914B
MD526e51a117a97fd7085ff773230f48575
SHA15f0b40245073c0e43655801d5a98c0acccb19ebb
SHA25650a1d54acb2c6dd7bfd38f0959c64d569b62c080e1a3d443fefc5eef62ab5d8c
SHA5123d628b17f236f7a061ae255b7199e7c044be84f76d9cb8b34fed3a2b5feb33e20cca200d40b6da84d3b0a9c85560fd1eccce70fbfcf22d1a5ce83558f704b09a
-
Filesize
90B
MD54b56328541e7224dfbd0d54a2121f878
SHA1fb32cf41791c1ce546463d498404ba277720c58d
SHA256b74bdda0bcde84436623cc414dcbf91d14ca85013e3a16b160532613c5dadba0
SHA5128d97fefda2165629f5be9489e3c6f6c6ff60986cea674f04cce75448fe8774a71ce2dd30e4b5d215aab705367e60b602dbd7279d38817b25cb666c3d61e5c000
-
Filesize
90B
MD5109a8b571418f26be383bd2801824d73
SHA16f56940fabe5a0ebaf386429c4f555b835bca5b3
SHA25662ca8216fc830acd4460c96530306d24c92af349c6d86e8859de4ecb0bdb8cd4
SHA512e84fcc2fd6cab3013d20682e880e8bf2b4e9e4e28df7de9c2b8435b587cd8aefcc3d19515b46cb62dd857c5e30dd539156e8dd4850c0f92996ff25ff9df4a90d
-
Filesize
328B
MD54edcde076cb90c231814ca3baf172f33
SHA10f58c29f107b3a1c696af64d3341665f7a192221
SHA256e2691d6211e6111823051d4d4e50b5baec935c467e930a6f3a3b77aa863a2ece
SHA512ae22f39f9c8d94ba3f43f5d1854fc3881961b080dbd2d1e5a372b302f973a4e31a5d7a2968dfa43d0afe7a50ebb5718ce7d73c70a8e62b7ec775baa115e9ce34
-
Filesize
1KB
MD592226de4841a539e7aea0c89b6a062a7
SHA15454f7ffc24357e8300157e36119448899ad7741
SHA2562204f239292c995d36088f4d8926967dda769ae20a7bf62fc0109bf2d2180906
SHA512791f4af121adca7390de9a950f28846c6a61ad039047762306966b2aa34659705da2ee72349cdf9b4956c7bfe5171dc77f50ec6df93482231afb9daaab562e17
-
Filesize
162B
MD56ba473537d9390afdf9016f5ae8a1f82
SHA1a85754c819d4240ed923250aa4d5fd709dec1ee9
SHA25674cebd8a0d07264d3dc823e49c2d5acd3b7e513a42ddd1b66371519bb41f588b
SHA512ac5eca102f9a0f57520f3c0ac9b780b0c60dfb63a77f6d131625e4e7e8502ce8cdd06a3a2b163f8344f2a0c3708d2db2267a083fe6f69bd90b9c8bb4ac426207
-
Filesize
586B
MD58342baa2b0e4c5f0affa0131b963d88a
SHA19dc3afe55fd7c29db7ea4037616d89d2f57c8032
SHA2562774b8dd57c9b1696d81027a47611eef692a1deca3accd708bfee49c9e4eec3b
SHA5127d0c8730b8f87d686c81d16fd327ca3250173685b3beac3fcfdca92169b3f756c1d29316758f469ba0ac8dee45d041709d131bb0c532d0c67f83f7d7a3d28f03
-
Filesize
124B
MD5aee29abc7b8e354f0344a560d6ae5b4d
SHA1012f9ddac666370251c286fe3c401f7e53ba9502
SHA256230193e53bd1e010fefaa45ccfccae4fe951ff064c1ac618a0b23957012376cb
SHA512d1d818dd33f987a5bb74eb18075a5abdc2e31031df689fd1c11d3cb6fd96dc5d1d726343adaa035dca58605f454f050cf95a5d9f7d326759924f97729d343263
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5312215d77f6271963f20cd7867955328
SHA1086c34a4c016cf0446bf14bbbd6041eba2d15f7d
SHA256e0e35f0c0d2c40a8e15fd564fa443b908a5716aaa8362169228c5125e0305776
SHA5120560e4b140262bd5ffb9aad195edbc63059d2df8dd47b58cdc7e9032cdd011d87ff4e3c2f2a6c937d247bddb669659313c245fcc0e7afb681a19a525fb7801fe
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5cca8b9844d808ab6d620c9531e57bb47
SHA1ef99a027611ea8d0d55379828075e6f67d410bb4
SHA256ea6ca7284aa7757de50ffc6677eb9c39233ace6d3f1b53b960d57b64b27f4127
SHA512e1bcc989619dc785d999f3b0e127b6079778e07d6f4418dbb4e24f4e67af28ab7987128ed41a354469b7e6524cdbef64ed75e7c672bc072b19d686cbbca4e716
-
Filesize
8KB
MD59744b76cc66a38129b158aecbdadb385
SHA16ac61fa6f83fc49e2963744db038fd1c26b2f64e
SHA25624deb06d2d8bc7d7b23255fc6be3574dbe461371c7e3db9f428faddf825dab1f
SHA5122b4d95172b0aca28068c7febabdda4226208d664fe1e414013632776884344cc69a333d8571abd69d79df7c0afac61fa80df23c21cf35fc5920a6a620bb70654
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD58235575eb5340db6127af413d4d2726b
SHA1d361672516740ee20fb3b7416044f14e821ed582
SHA256df3cb79040378c7cdc29f5788bc8faea7dabb1e2bde174f8b375d3703b140dbd
SHA5127b8f6fa1abcc29cd89c8ddf5a8da48745fcf0ea38216f2fefa7edb023e3e51facb4de79a2635e501b0e611c3652d12942b923f94da879b3e0e51b96d52589e87
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5f6845fcd30c557536dab3d1476c3b3c8
SHA162f65c4a9b3eae20dcfd430e0553c9358638e41b
SHA256dbf2f4466f1c88c6ea170febe6cff5e96fc01c54b7542a6d0f9a3c882c7780bd
SHA5124cdcb7b49d1fbaddc27a099b1c54371899d0ed34858f365dcf0f50b4609f03259e5834c10bfd51c62d18e0b1b4a819bf567fc211fb183cabe3ded28659ab09b0
-
Filesize
880B
MD5a0220535848dc464faaf74c8a4af9386
SHA10ea808177c821bc1e8a5de4cd9921da72b35e9ed
SHA256b44029b049402b57e8b538a99414a63451fa513b3addd9c053e3d183a78dbc17
SHA5126ac2c1cdd275c840027c418b08801b7d439d7eba2ce3af52c1ad946cecc1973a50dc789b9cabde21e7f470cd80ff5ddaf65156a51b9f75445a55f81278596bdf
-
Filesize
49B
MD5d869afd27f2b1337fa23a48c84e28501
SHA17aacb0177a5d8108ba72b096b38e84af0d9f2339
SHA25690b7be55d3d826c81300e61dd2203531196cc9c0e49ea4b2d6bf6f0d323c9eca
SHA512ac05ab57411fae346a69c847d39d297d22ab4d03899fb3d83f9692810380c5ba884cfd1f1d28939affdd676b08c38e0d1858c1070af77848022e9be3ca4c2e78
-
Filesize
1KB
MD57bd3bac1a38f6b8bec3b817206d77ffd
SHA1a7a3c2c8ee0785534ae96bdf767c0e147b0d8dc7
SHA2567deeea44ade185d02da6e22c70dd245c5a8370e09946f863043b021c86525afc
SHA5124cadf81d7b8234aaa30ec2bc66113982bc80d2fa226f9271c15d3760dd3dc8aaca46ed7c831d7ba7b07e560d25fbf88a858a81c3cc8df476b45b3d564bc60839
-
Filesize
1KB
MD58fbd959a0f0485822899b9d23b96889b
SHA1b8135dbc3492f7e522a5d00e5224fd0afe218eab
SHA2560c6804f4e06c101746f82e0e37aa6d0cfebb6904b115db15b3b3bd8e26c417cb
SHA512f7c33e0a131f8200e8eb115df2bc4083869f3a2027906397809ed126cc1de5bdadfd7f8a472aacecfffc6ce2d822fa8ae4a45706986b0141558f84e6e2fa3593
-
Filesize
1KB
MD5d9369bb05526060871dbd837aa0d1473
SHA1d3b1a8bcd62d02e4853b69a1e3e921026f41222e
SHA256367a04b85daec7a356685bb141c3c3684517e85a7543d842f571aeb1fb543250
SHA512d021cfb060c1b5eee165ba1dd89d2673ad5bdfd6d2f683b0042bfac004e1a076e915577671184a2a671b63f7e9e6c4ea5461785212b6e43188975f9532e8e2fa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD54f4bea953fa5ddc805501a7085e577d2
SHA1721ab478d97570401e5f04ba7c5066d3004b56cc
SHA25603f942e4e8b36f83fb228202dfd3be1633add2382605a4ce3acebf533533e9b5
SHA5129471afa95194d77264fa365bcfa4c94c0ff79a89fa37cd8003992fab7fed1cd2058413e92b35b115228211e3b002e58034724ede6f87b2babd32a9525af7a935
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD52739cb9334f72236da39d960958bf259
SHA1861498792ea641e8dba45ac38fe5d33293a07dce
SHA256f8239fdb57677de74480dce39bed1a84ab3df6e276208ad8a329b2d4116e2854
SHA512770c50ddf9693d758fb408275fa7955b2d6334762ed30de35647932acee4bdcbb896262ac438ce9f0b907ffaa4c8885b4179312936dd5397b09e63cb1cad90cb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5278b87f43cc1ffa720e200b0f56415ec
SHA17bb5adf96309b3f43719b71d2a19814eba666b65
SHA256b89038aafce3d5301da30ac586ecf300caacf6a9e642cb6645372811b5b65783
SHA5123e5c196bf0f1f74afef73ae8fa00f6faac70b64ce28057e3bd68612676e5b181d58630361a37c268d44f18f115e93316d1060bce8c8f4d4937b4876083ab8876
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5e8b326316a7d923ea16d2cbb7236dd48
SHA12d671fe9e51ca858a34d908ec09998833e3a2966
SHA256a200071df098ad631eac28f3f840dfb16aea2dc3607562e2072f2b9e6bfe792a
SHA512cf34339ba650c38b3bdf3f05eaa107d53c14d3ac6c571542fca2b7840e9d7be4a2bf5ae60fbdf25a575c5b65889f400f5594ea8cb29066cfda283a981c4972ed
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD50342a9f1aa57aac3cf52d252a3307435
SHA172500d65317e3254965f25002d8eb1963ab157e3
SHA2566739961e0f63369ad37e96ffafc4aedc18cf83c274c6bb85669a1df3a0b6d603
SHA512b1a2379ca331a7b2b20c4e6cbfe03a219ad35f3f5f0d9a2e5c605a9a1f05ef45187b73155e518ca0604bc7d898676b35f1343a9632d3416f02dcf40dfcb23e26
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5db3e6bf835b41f1f28df865cd0c3668f
SHA157d13578446f5dc4116afdb968d68166a336f6e2
SHA2567d2d9b545e7af79ae4620d7f440f919e9d4bbee8a5ca3e0e024c20e6c90c41b6
SHA51218cfea21f48c9193ab7054d0bd658d3472896f89037be8692cfcc8ee7362fab8b4dd48eb1df1467b27cf52cd81ea887082685f3f59cae04b59ff6391eeb4b79a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD57a21c34e4ccf3bcc7fbab525a9d6d92b
SHA19ce2c83a2a957a4a4caf8d7db26946be6ba18c78
SHA256303b00809433cdb2827a653e22003da8b2ae0684ebeb0fcf2486ab0afaaf407d
SHA5129e2fd8a556694c333acc5c24cf0fc43a8d5948f792e3d57478989bc0f92f502b7b07417ac104634d747034c05ad6eb102bbb6b809224dc869bee10ba12d20cab
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD57e26546e8e6665affc74b42c07f74882
SHA1e67859dc98c4e13705c0b0401137d6eefab26fca
SHA256dc3a3677004e5bc059ac9b38a920b85d08aa9c67abe8e017f4b3bd99ad023a07
SHA5124b1d0cf08e6c8d3c6c18be785f9fb9ef252947d03f88a021a9b4c9f5632d8babed02e20284aa29773bec5ae8854261316fee9117e2db0ba77f888736686bc4c3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5968c2984b8d1f6d5256a02978317a03f
SHA1ecd86df5301e47f24941c504ca3341f013498481
SHA256aed24901d61a5a55635786c40f6bcc0908f87e7c86ab80f6963a9dca69a05a3e
SHA512c7b4a85cd676b8490c37a742d5edf9322a669783cd304890672ec7a1641bac7ef36a8756488608411b5656956d438a61e03438bcc436feeb051e42b625963fa9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5b940986b9642a894894f2d1a0b142917
SHA10fac013b56f9d6d208e3ad003302bc0dd2d7997f
SHA256814598db069b06afae76f2cfa71c14870b5e2fd406593cce9e58b8698151f144
SHA512e2d69822501bbe2f38767452be529ce0bfb115d06bc14abd6fa2b258b471830b2a5461dac9200118b8ce9789b83449d06a16bb4b39cdbb3aa24e466f279b7d67
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5cb5b5143ec6a4e282cb506e5efb1311b
SHA1bc233b7497d1d41327f699c8ea31754513ff8c3f
SHA25612f5d4896b17429dcca65cd5cfd4ed74a74246615eafcd3d9b6635e534481d2f
SHA512b0c3237e002041779501e37540533f4d1fde4f7c639a88f97466df096abbb746725536b461bd5bb73edf0a9c51f3b79b318c2e662af7395cef5815d4483492c6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD576ec90faffa2b64cfde40555b4de40c5
SHA1e00d54a70ef8bd28e8c428715471244d2fa227cb
SHA256f88b4e511aa134658c989cc800a8ff887008491cc9f5720c04de953a2a892b70
SHA512eb991894d6aa79922b43d802dcdb05b43cc82cd4241b8eaac455e60a3fd2786644972e72837bc8766517b88006f29b1347caab84f2cc610d84a76c8f07172b00
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD522078b97d76ad2b8c311168e19d93dea
SHA18b854eff318b361e11dc543b6dee0a3d75e2983e
SHA256e8a0e348ac29f9cce0a154f485ffbb2700532d2a14cd624c714ed8a31c31ef92
SHA512dc062ad4d8de1df9da733034d2df5c6c0de8319f1747c12d49d83d15db65256b3691c99d28e0466fce66f334f078f8745a36ecf463db29df434ab3d59dc29dc0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5d71f932dac25c28a882254f4659d04d5
SHA1d82cad7e3524559781cbd28f04cf9a61e2b04af5
SHA2563dd7b5ddaf7140c6ccc5ec8fd311edfa1635621ab61237d6c49c7bb4c69ce38a
SHA5127fab47427de5d5d89ab19d16fe5228aa984acfb761b6539076ce533b948b70f3f4acb8c0a9635c28232d81b0be26545e3ef2ebfe62b9704a90c950e292a0c447
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5ac258bd9e068f6cb0c9cf8abe2950dcd
SHA1bde9786d836b7cb986fff31a4fb2e576688beb85
SHA2564f15b8373c0a1f64c129015b004ecc9d0cb0f9554077b1022624df59b1f74b2f
SHA512c72bb95a4a86375263bd2d4c76ab63f2865ed5e382714c2637eb951f707dd0c8c42c8d0c410c429ff96dbb0782efaf95ee7b438a8cacc34d9d2843de44a8c4b9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD54276824823d8016b03a3e4edd388959e
SHA117901491fe320b1d3c7734aafa1672640f36131f
SHA256a17c0a4ef23f727a4988e759a9077b82b2a40835b443f998dcd3cc66d9a46cbd
SHA512d73974fe4797acc63fc0454ee915601ab9b00982fb738968d747ace786726430384523e5f75663675ce64ab23bec1d3350361c992f5c987ce8456f63e5630c34
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD565bab8f856b6942b599796062db5d566
SHA16478afb23bf3bc9ba106c24d8cba0705f1bc614f
SHA256322c2cbe9ccf9d9cbfb1a1b84e495fbab9a22a5a0102bc3b8548c19ae846e04f
SHA5125c9aacea7258d5972be5e53daec87a070ddac638d072929777f8a615cc97a9c27c4edf12b405473e5f58beca3cecbdb46d8d81a3f5d53b22ab3f0b98fcd1a780
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5b1b14a28d9b70e41a783d566b81006b5
SHA10bfb173a03772b40701be85781af114b27630886
SHA256d98cce6dd472570eebceda6d84d87409d20b4719c74ed817d0a54bd9ad0e9bad
SHA51253e392b4c2bd72fa7472bdc9f8062581b1d6adbd77111719be66374450ee28cc2a4bee042b95a314f918180fd71a6ca8681ac209a47464d37d2eebdb806a9a3f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD593eb04a42ca35033a4045b8d94eb1a23
SHA1be2e0b69b80537419f44f5a323cf993c1c825c11
SHA256fc6bb7486e62d8a317516e70924afd96364dc28962a953c8a6971f983b67c739
SHA51298457647e8cbec0acb550026dff2883755e743c35778f40f2f1a39366f3a0d331567f7c555e0b8da460be0a2b1bece3f537161aa03c0b7882e06e481938d9370
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD59814b631ec14a691f31b0d7cc0cbe0ed
SHA1f7093290a4372fd4dc035d3acf5dca8d50195e07
SHA2565322a2a9c3ce11929a71317ec5e16575dfeb0e83585124d4f11edb783333c694
SHA51291ccc0b9a1feb5e718459a4c2ea5024b89849da4db434fd3c64a9f1b2993594137ef67302824ba2e028fb7cf322456337e8244f799d2957461106621ac8dc501
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD50d451fc7c35db529eef1aac5be514c5f
SHA1f32367ce50efa8c092436a239c5498e60b29d3c0
SHA256cf4299c57b5d63e57b1c150c63215f496e1e340544f6114b1f56d216abf789b9
SHA512058672d012c52852288919ddac9b5cd3713cae120f28b21d257fa927274dfc07e7059825e9581d8640da0e45bbe35246f38f3091c210502406a3286cbafad0b9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5cd7a8b9d6f94314bcad81a8dcc502947
SHA1e7b4dca5edb5a8c062fda2879b26addfbe1cf107
SHA256fba50b53ec85d255086cf3bfe417e4404fcf9123b13cc6b50e64c7bc7dcf86ab
SHA512af2c0dc2f40648b9ee7e372f35b71d42aaec22f789e42775b22100c43927a6575c18d5fbcf41575d4a63420eb8a27a784187497d13fb116f52b26949a3594805
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD50545cd19684905cf02a98e15ab0d8fc1
SHA16e5268bb50f0073d8987e415a83b59b4ad116594
SHA2563dbe7d6cf14ad1e25f90b04f981dec1f0c4d572287d856d80d1d6347795cac64
SHA512f4cf315b4a05ca62c11f94e302f16b9b5a7c9b8dd1e80fc7b9a85b165a2767be7e2b7a9a4366eb971074df876fc69e4ed269637fc176ac09f03ee5b9233b604c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD57a7a4b554d0cc0a17959e0c9911e06b6
SHA1e187bc479a078f35e161f67314e732a60f5c5600
SHA256cdca5e528c8679e297c2a7a7d30fbda4943c60c2372873777b75679c14cec8a3
SHA512141ddfcada881c433600f53e045e85c6dfbee00fa30babbfde8d65b6e69b60de91499f8ccac1d23b81479eff9f3a55a688225ee11eb3e7271505913f8755fb19
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5849c32cc5df78c032b744efd853aa80d
SHA163f81c9224f3c572b806a103cb14631b58374cd1
SHA256a4cb44e0531034d3bf5ca380ff26192e8b13e62ded5986b287d32ed954168117
SHA512ea90cf121c706c6246705d749dbe9dfe51d8053d3f95c1d3e50454086dbb1e0ffe628987d00ffe2bc5b7587b9970f16fd934b69847e71e3ba31f7629496ac3ba
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD567dcd5b6557c5a436b301ab17ded7fb1
SHA12c238cfbf7db8144b94834d9e880da1a7732cc26
SHA2566175786cc9976ef7722c2c774e3b2180f57f7b8ad8cb0bb1a2dc4e71816b3827
SHA512c885bb925c6b677c6ece54381bce96793987cff02fe231306907e1b43c076352ce040b72f69734ceba0e45b9326ac6296b4b58722ddca6fa4c701c505b15056c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5ff86ee6f49608c09ae05dcd89508d262
SHA17c9ec8f9df8f2d30dd14e62e5f2f3a29d4909873
SHA256963f9099bed5cd10a7bb927053a66c3d0172ac4ff35e5451f51eab8587688c34
SHA5120ee18a5cbc0703e4b06648a5f628e3435fb52b564a65473ff539bc6b41243a8b33119b49be509c9de05dbcb110490ea607b4e638423a31c0c1252401fb10b002
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD58b4e0955f760e6208027c47af7452a3e
SHA1ec5c53cc9aa77af794367c8fa4b5380de3537765
SHA25618e617db856c3a82f243e3877c6c32750748de4a40436341fc5d56bb7397cbcf
SHA5121d996875a4c84dafc9d09526901a6dab14dbbfe2385adc36b29f2939946c3a183aa729d0f4ad73ca06e143ffedd86c22fc03b7103defa62961968258ba52d5bd
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD57eb2e97192f1b8f1b7c4383cf16bf586
SHA18aadbdbc10be1d5c6be0eec4119f32207e0b9902
SHA2562d12c6017d8cf1ded4d68fe80097b5a896b231b19b6b76517353ab4edd4b52aa
SHA51270a594b972564f531cc062eba3e1072760994c0a5dd93504a21bbf666469c726b87c5dc5dc17ba1d9192226b966a9085bdf518c8f8357bf44271a680aeb6ff86
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5f5567402f3becfd7c402cb8f249f3ec3
SHA10a11780bee385ecd92e4e3de5b8402ad6f7034d0
SHA2560c4aa5fb119541ed8c4a1484e485843af63e5e288e505ba079f8da0218260300
SHA5123392d7c0be4a60875608b272d60df3db14bab4657b173f917a9a1c31c52754f16620063b6ff21eeca2692e1fad5062cacb1952c5a1d1020850e8e44d8344bfe2
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD521cf9a09861bf7c8397a41dd83deeb21
SHA101eb84df9a51f87f4d5bccf80e4fafa37f369a84
SHA2566d96fd825f08120c8d906dd9294554d1b0933e7d6d432c7cb7e4a2c938efe6fb
SHA5128ad39ecf1afaacd42c82e115188cdfdc7beac497c92e4e0d3b63b302ff4dfc2eaae28e62f739e5a2fa61515d5a454a72901e95f15df36f1390682158451f76ef
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5223e083faba8f867927c880139d8d68f
SHA1e85eb10eb7e6e347db0f72f0f0026e3a55e1f3b4
SHA2563f4681e20126c1eaf7f39b31c3725228f8536c4c3fb3aa9e2a93910b34a6cff3
SHA5129c6ae6962e3d975a75ad4334d3ca89b8a4cfe97b654cc0bab624ccf91793bee0220fa88a3546743222050917ece38ccd6cecc66d7dd2c928cd9a6af4c530c017
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5d8686315bfacd62386ce7f8249106e34
SHA199582731ca7c5ac3b6de043f5e25930e7cb24599
SHA25692ae494d1314e721ab622b75c166113246df9b6a591a7066529b95562a8af1ee
SHA512848d47db3585df9eb52be86ae4b95866ca84e0392f34ba61f56aea9394863b913ca14363f24243d0ee786908f438b505658125351c0936ce90c28feb73d80011