Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2024 03:02
Behavioral task
behavioral1
Sample
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
-
Size
7KB
-
MD5
7757b8c71e1bffb96022dddd0fa84fb8
-
SHA1
2821b0a5eb311010a982c4bef0bdfa025ccec947
-
SHA256
3fa40d13414535a809b97e887b565841230af69a5d49b5fafd7cb31dd70a3d16
-
SHA512
f9dc1d089b755b2a44db352cb02c07acdd48665ed26565590f8a3935fcba89e5002a68f8e5649aa1bc01a5b0add5b2e25f1b9e6bb3c5393f4f481117d59548b1
-
SSDEEP
96:lXZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx8BDCyp97phPDRMUA:dzdrr1FG1WDCgmjPZ0Dh1LRMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/1192-3755-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-3754-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-8268-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-10867-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-10962-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-11279-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-11296-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/1192-11301-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_netdriver.inf_amd64_2d569d832b41b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsopenfilebackup.inf_amd64_2174d2189fc8f164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uaspstor.inf_amd64_63788a81c4c628c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc_vfpp.inf_amd64_9ce6f68c11eede58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/1192-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-3755-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-3754-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-8268-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-10867-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-10962-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-11279-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-11296-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/1192-11301-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square310x310Logo.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-150.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_NoObjects.jpg 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_LRG.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-100.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-200_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-400.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\THMBNAIL.PNG 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoCanary.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\RunningLate.scale-64.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-96_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\ThirdPartyNotices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\MediumGray.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-256_altform-unplated.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-256_altform-lightunplated.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker1.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-150_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-36_altform-unplated.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\font\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-100.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Services\verisign.bmp 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-200.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-100.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100_contrast-white.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Common Files\System\msadc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Program Files\Windows Defender\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\MedTile.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_d55dff38a1034880\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-simauth.resources_31bf3856ad364e35_10.0.19041.1_es-es_d6e9fb814e9a3991\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_10.0.19041.746_none_3319d2380a5bbb9c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ececcfbf6bb1cf51\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..honeservice-desktop_31bf3856ad364e35_10.0.19041.746_none_0675f86f015a9e94\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-appwiz_31bf3856ad364e35_10.0.19041.746_none_f4142d9bba162d05\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_10.0.19041.1_de-de_d0f335fca545a8eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\CellularToast.scale-150.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\401.htm 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_10.0.19041.1_de-de_f25a92f4474639b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_10.0.19041.207_none_c1c3e3625648605b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx4-_networkingperfcounters_ini_b03f5f7f11d50a3a_4.0.15805.0_none_eb143e67f2522717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershell.security_31bf3856ad364e35_10.0.19041.1_none_d14b1c0ee3ee3d38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_es-es_139024f900d6b85a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Boot\Resources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-switcher_31bf3856ad364e35_10.0.19041.1202_none_c6bc9919830beaaa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cngcredui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fbb568e94029e039\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\napinit.resources\v4.0_10.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.iis.power...provider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7580566b51d839c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..umaninterfacedevice_31bf3856ad364e35_10.0.19041.746_none_fe6a25d504938307\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.19041.1_none_8ca9cc4ec3aae4a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.19041.1_none_7670b0f9685f1524\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.Vectors.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..-protocol-component_31bf3856ad364e35_10.0.19041.84_none_e370d2aacd35e6d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.746_none_c7c6fccae233c8b7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.746_none_b3fb9363317a2a00\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Drawing.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cf0c9a6c765a64f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-client-li..rm-client.resources_31bf3856ad364e35_10.0.19041.1_it-it_8baea2be78e9a6f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6ae61beebd6b13dd\OOBE_HELP_Opt_in_Details.htm 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_appinstallerprompt-desktop_31bf3856ad364e35_10.0.19041.746_none_df9eceb60009427e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8a7cf792249d9d63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0be26d2b1c02a607\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.19041.746_none_6e05a6bb2291b4c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_b57nd60a.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_ffbb1797bfa26662\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-classext.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1dd1451bf7641fef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.19041.1_it-it_c4172dde232f5774\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-family-syncengine_31bf3856ad364e35_10.0.19041.746_none_3d09280cca1026c4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_525a3fe282e4665b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_672b000908967c87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ileserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_90dd6d7e93f3800d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..lays-classextension_31bf3856ad364e35_10.0.19041.1_none_2b015b7b1054dfc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..ionbroker.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_668a948dee1697ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_intelpmax.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7bb5a0cd2e687cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-graphicscapture_31bf3856ad364e35_10.0.19041.488_none_56c08bda3e4bbcca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-mfnetcore_31bf3856ad364e35_10.0.19041.746_none_7721e87280445121\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square310x310Logo.contrast-black_scale-400.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-offlinefiles-adm_31bf3856ad364e35_10.0.19041.1_none_0fa9982237c07bd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_832f2ea7713e0e5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..eprovider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_761bf19ac480b997\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntmarta_31bf3856ad364e35_10.0.19041.546_none_63d472fa22d1aac4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c859c559627601c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Splashscreen.scale-125.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_ts_wpdmtp.inf_31bf3856ad364e35_10.0.19041.1_none_a98ebd5f37e9684d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-geolocation-framework_31bf3856ad364e35_10.0.19041.1_none_c6f9e29ceb83dfe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-400_contrast-black.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.19041.1_none_f92e72a6a03c2c5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-syncproviders_31bf3856ad364e35_10.0.19041.746_none_833e536e8d7274c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_prnms002.inf_31bf3856ad364e35_10.0.19041.117_none_cb9f3b702835005f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..t-uev-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_8106852642f71f29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_et-ee_ddc82642928730c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.scale-400.png 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.100 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\ = "CRYPTED!" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\DefaultIcon 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe,0" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Vtq96q6fkl563sa.exe" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.100\ = "TCGPVQJSRFCBVRW" 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open\command 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TCGPVQJSRFCBVRW\shell\open 7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7757b8c71e1bffb96022dddd0fa84fb8_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5dacacd2279878752b2d1ba7867d0a722
SHA1596c4b2f28bf1950cf0b79d85438638e0aaebd4d
SHA256b7f7ceef87e2e2468bf2955b7814a441868cb83bb86b5f05a2671eb7eac23046
SHA5120dc0343325b3cbbf660485e03b1246f789926ec2f28babfb6a2daafcbd3deca9a47e635210a61b971cdb4ff39c5d9dc7f20ae86f66a8e4aa9cc35e4df092dc4a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5c01c7e2c929e3739ae0b9f0b8430f552
SHA13d7b81c1012bfab636b03b0fb248d100ad5b67b0
SHA2564e32922fda7589ffd927e44d462d6e180dfb9535faf132bb3d4794c7eeb64cc6
SHA512872789ca21388c6296b85f058f51efee1ba771171b4ab6b97a0a3e4144e74a2d474a872374b3052e6fae381962a9a8e9cfb85c17200863975e32dc62f218c8b3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD52c4272cd75598e708a0ac077e53441d2
SHA1cc42a96fa5c0d00278f3c6804fe90d8e59c84618
SHA256db698540177605cf519320c22e17d0ad1ff8d99b79d5a766e7f38e23aedc85fe
SHA5128ce9bffc1210863a924ab50cbc0f658f82629de9521b195892169f2cc1f23d6abe16d97e20ad851b539dc4035db03e6a057126a36fba1c77c45c213890c3306e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5b9eb2e3b413dd46e022999ba73083dd7
SHA17da30eecc90dda89b96731fa4d1dc4bb59e9c558
SHA256b407cb1ea82cbcc99bce15f51d227ea77dca5bd511f89fa0b5b60c226a46cf8e
SHA512aae387a905933f290b55d7d282237d0b66350d2e15af38e0542656db9b9215db1e25bc127e22699cb05c48b9066a5dfcdbd179c66b0abc17a12c503e6c1418c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD57cb5248ee137b23876a35f1cd9866746
SHA143c10ed7a755b22771abd1380966f0b5787b545f
SHA2565e84bee2b7d856342bfda3a40a572e99d3780a4b29d0b8cda4e66dbe3b142a9d
SHA512951f64face7462541da35cf3371ee2e8e2b1f5f5fab4359837b479b29b0dcba8f9d90377275942e0bab271ac0668325120ddf5720bddf6f5775b834078acd336
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD512d7df653fe0a9edc15dac16be1b0d70
SHA121bdab8b099b00619264a219a937f44fc63467cf
SHA2562e7648b3c8d3bcda0c1ccb426e47e1a7dcc0a5df8351d90268d85f31685cbe11
SHA512444173f5103b4161e94ca6056c7a9c3e766264290835362f5df3399fd37d29b46cb6c44a6bc45ff1caad32980e77b3050e4b4ff9708fbbeb703c1eb2b3d9b6dc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5e8db8dcb9c47d23e92c0ed5dfd9e3505
SHA12f5c3c7186bd26f0304f332787dda0360c0829a4
SHA2565f3976041b3d48976484236a8aa8789527643b34361c364c191d44a85d961e88
SHA512e8647c423d7b863b991a9bdcf76d685ae83c6f69aa85ea1edc044ca19af82309a42bcdc95b8697568c03be9060402941f0fd5efcbe318e16772f2cbf43767ae5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD55168955120a3b738219d688eecbaa57e
SHA1a6f25abbaa9cd32672f8a86393456d14349d41d9
SHA256f69b09c55ed6464cfa8f3844aa7381d2d0fb9b754b828e6455ae7bddd9df896c
SHA5129a9dcecc449630bd3ba6bedb789d642f01f0ad65276a87ea1276bbfe12c8c210692bd9006d7ee9b3733821dff8fe2d5d621fd1d31e3e34d198d43175e0afdbdc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5b899af48393275feaf5ca67a2e573657
SHA175bff8afaf7dbeb6f9d323502695763ac09109df
SHA2563244feac10ace9e83a1cf31098a594b0d556fb63ce56a48c3e61992cbb4182f2
SHA51247f4026a7c741b4ebd4af425cc98a813555a563c2cbc21ed82757af702758e8f1a6764b3b25a9dbe543f5fa1dbc81a94a45c5099deeb54b6aa00e96f3c2cb154
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5e0e5bfcff88940e505abaf946be58b05
SHA16824191bb915db39e842070f645775a29e79e359
SHA256cf7f0aa4edc98e443cc2408586dec0236e87a3d65ba8eac144c244c476f82c1d
SHA512e5db61eb30041c66551f2a1a91000eabc3d48b31dcc5b7b9235ff97f6a35bc0629aec976fd3eac35a0f6bccf2aa5d2f114f9b3c8efcca0e14203136ac6c75708
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5bd2b65691818c1dbd918edd7a60f7867
SHA1ca4b88b77a3f2f9066290d6d8d61fac97e710920
SHA256b23014bfaa4cb039560ad1ff2ffc54d8f3a10150ec93c99104fae94bd702b075
SHA51267fddbc749b6c875fa09a05bd63a023e65932148237988eaa1a28a2b89dbf9ca4e7b36abcc6fc6941b121b2a3b9861192fb29ab3ee90f037bed9732f7f98b12e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD513fc7839c04a5b55ce3877bc19a7a581
SHA1f0240164640d5a442d6c6de56c89dcc9fc8f6bed
SHA2569b0ac188ac4d94f9ff69ac7727d18eb6edcea139a4b6cdb83f4f2b027f140a8a
SHA5126f5981aac2d0c0d8e0402a93ca34c8ecb809ce94c56cf2c5da0b0d9af6c638579fbcb7813e3276da98464fc09dea18152789829a415015dfe2c2c835219737ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5bd0a79711749a20075bf868f8bae61c5
SHA11eecd5fba5e9fb2f3e8f2816619991dba0886161
SHA2565cd665edd0c1097cf6d61dcb3a173d2986b531bb489b6332f96ef7e0d7c0f1fd
SHA512fca3550ac0681e6192f3821aad13ce6450f921f670e19814cf5ae9e062380b69cd34a450c22b735c045d987e0186522ebde8505d50c8f3719964eee0c9300373
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5270ece366273823314ae798e0371b05d
SHA14d7ea0cacd3d632933894892f8092d2eb7cfba73
SHA2567843114598e86b8fef392f43597d60ae6f534f1a3216c68ca483593c95cafdc9
SHA5120699178a94b7bf4e847658a1cea77f3c3446c17cd6194928191071f3c3c5d20c73139bf9daa344649e0d8ddd0ef23ca2be489f52fa4461a8288d8746eff5446a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5c18cb5b5290a2686d60fb2d250d9fd15
SHA12a00b52ff9594165d50aff2046c661a2aa76e45f
SHA25699a7bc7ec72c2d76fa87a79c4d35c8c0f58b9f16d3708646e5eb643782da7a6c
SHA5124d6f7a9d5035a23ae4b66872050951bc86d70a1fe70a869363e56eabca8c113f461061d70d632f49ea119ad669f7ab8d065d27fb21ea342d94e574573aa23b21
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5d5395008085ac99bedf7e062ea25ab7c
SHA144a5789607c86061f1786b15d730b44b5e472aeb
SHA256cac4ca8df56afcdbcb320b6ff24120ea6bc82bc7a93be9ed04c806d38eaff42f
SHA512f0cee160a5614a56a5319762cd0f7e0db9e9f66eecb6e38292d09e141f88bf7a3a5d8a5451f914e9d8c9a3b94f0c2b92c7a21085213d9e0cbeaee9b6551fec47
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD57a828956b9646bd994fc21698448a818
SHA19f0fbe88dcc347a9b2abba6d326f371cf46534f6
SHA256e9b574cd5ad5214e7b9fe71645bf88942dc7f85689807ab25934822c4099bd33
SHA5120b1e21176f124349cf4a0ccc82fabb61e5f13cf9df877fe80a9f4cf379a1be16dce177512da3e2ca80dcd0d63055ca3078944dfc177cc6da8272538a69d02b6d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5ad3a1d993507eadac3d79e71410c217a
SHA11300a81db502dcf2a6aee9977134412d96cc6b71
SHA2568818a0af484e344b911326f07200c948a74d08330806b9a74c78b0980f7dc3f7
SHA51280bf2203a943e2d3b6f1fcba6fb0d0a49f04f15016063d3fa6f7cbcfb4fbcca41477c56a1d6c5ff551284538ccec3a6b734033230d0df8c295cc120b80dc168c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD55836a838836ad86c791c600034256b98
SHA14127e6db1c1ce16375d25003622388551c93d035
SHA25684a4abc762f17e3cb9fe3bdd20b445ea73f6a2b34a62ae8858a6ac3f12adf425
SHA5120c3bd4e5fe7b2cb17422d3f29b123d3b013984ace10deb5c47ec9ca0be5fbd5af15b704399c0b21c17ab19a3fb43dfcf5328706992df6c990d6c12aefdde2c50
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD55055e326183ee91a4ae63669fb1654eb
SHA1354f176d16e54504a50f96eec186eff5c6a7d181
SHA256b1507b998d9b72000a4239bd25b56be90f1c053013b37c34832f16d1755620fd
SHA51208f33eab071c698067d0067a009e0d24efbc284c1c89b42d7e7d24c799c0dc531a9666d2be0280f8cf02b3cc1571ab2438711b1f9914b63d5df09778a4449869
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5a05e8845bb53503091429fe5516d6992
SHA18eefe25fd7a71d97ed18b1eb94119acc111b94e8
SHA25666f4bc2aa513859f07c9848da8679da8146591e7eb2573b56cedb3ce2965d2e7
SHA51232aa16ea68c8beaa313ef10590154a246f5a8c22f7a00835ae112c3f02a0008803e54e47c813198f2a7e86fe19401b83425fc9d1bd6072caa80b0be7a6f4781e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD52a1dbada954e958407ef4dc9b7129240
SHA16f2867424e1e6d705d2488a623125f9e972736da
SHA2564a96a44d9c13bacb00e4b14c6930c33fe508e3b0ae753405e4266b767e0615ff
SHA5124d631fc5a5de4d8f0042a9fa74817dea0fbfc62b89877a35c967ebe1d5f956b405bd3413c6dab63580315c81ea7a404cc62fde04914647ba977b6b3afdea8498
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD57586d03da9e93c40ddfc895c1c7dd738
SHA1e9ddcda8679e752787c5fc1c155b89889bceea27
SHA256d8369c04bf1c57454618bed6fa441a3249106f4651d52ca4db11574b7ce4d030
SHA512e79041bbff1440db6f3043d1db8eacd22c98567d0f2518ac3fa64137a0a08696eb246f20a6072d46d75eff9c843533ebe50c6d3806e887f277a6192927b1f32e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD55d377a9a47e635de347961000c00abc5
SHA1166d9d7ba07cf6275b45adc90ba4087d8f4ba67e
SHA256f9ccca6c13115d57dbdf9db98147de84ce5e5311913593df66d75d9167c79eae
SHA5129d06a4eb8479f2fa2bdc26378dc5d9b8253260d6561dc82d486474b9f7444bab5ebe68e3ccf28eb3d7d442252cacf98fec80896be549463843d97b539d01136f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5794f23f123077655b5abb49c6d46995a
SHA10d90c24b5e6ce96f2fa8f94dc157d6ed71be4b01
SHA2563520d91ae9841183c0da6bfae30e4d7bb06e566bcec7f87609c5a497ee754c8e
SHA5125cd1b71e07fbf057cf635e169d013e8a094e504e679971202a98f56f3031696b5408fb590892f5a854290706528598ef7c6ebee0ea42f6e77a6c0810ec47a45e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD56fbc4374c389f82681f8153604d222f8
SHA1f57290a6fa9a8d35b64b615061ad4eaa7e67b91c
SHA2566ba5b61a7c8ec826644e67e6c9dbfa18aa03b35d6e6da204f663090658a1561f
SHA512f6b25821718680a61a908bcc5dcac9cb0e4721a0d423636372eb49da55c63d413324088d0d71d62e7eb287468340c754925a2e2514ac3d36e5f268efc7741886
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD599e7a79e1e52f08d15cb768f32371d06
SHA1b2808648b6ec16e69ea9d9aa70f7b41f6930852e
SHA256d8b824248dabf3ab0229d4c910a3fbfbd2fb7304e9b1f552bf1e77c72c03b9b8
SHA512c210177601f044187605a46dc5e8c5c8fe4b514d9561e6ac669d8b23b2ee277b204d533e4f57911c4c3287f90e5d90c9ea3802c114d12d0ddea1ceea5827dec8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5d80853f1472287c4c4b132d9cd775ca9
SHA1292d2e39e886f7da8d53a4c69f8b6a135e032901
SHA256481e89a5b124616f6f013a35233ea66e98e4251092646836df970052146b1d31
SHA512da9663820b3b67879c322d29d2e8f5ce53a228465e2335c62d944caf40c6560afa4169237e393ec454e29636c7cf466032ec8c1836fba83c79019e5b28874d2e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD549eae883420c542b6b1a6d311561b66e
SHA126581b3ab718ef5d44041b85ed1b6fea73fe8253
SHA2563a803542a4f2d7c6678216bc8209ce36033f344798a0efdfe25da43dcc001c52
SHA5123ded8d5d62508634097947d9ec20ea0bf67843a2ab5ca7256e32ab149c53cccffd4b37acb659f75cacb23d2220c03b026d768a1affcb5dc45862e9bdc38797cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD520d003fe6bc39f0db4180071403a0f73
SHA1a973615f8280392c496c310a5e107739ab7f0a28
SHA256a10c1c8b4c98d6feb73df2ca09975f048a1773f0b44bcba9d3e2a394eaed598a
SHA51212aca91dc0b952eede2d887da8bcca718eda8fa9ca4c3f82d271cf598368d765a7c46ef347534b4389c7ced706fa00e8e1603efc5feebd6fc9e1389b56f9559e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5e2f76dd09cee96c67700a4780857fa6b
SHA1c645c453a43d2b5a07be7c8b1f477cc5167c8538
SHA256f253549e113b11f806198df4a523ccfacfa779a4c711b476909819b6b72327c4
SHA512af66cb71b40dfcc7f332aa16609749d4e26dce17a3a7f5b5dc9c8d809fe26ac3397c0f80cf2132d99a50f8ca156dfe077e635bc723108655d20df42cae5516fc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD556958b69de9d962de3ce19f6f28fc1d6
SHA1a46dd6bcadc4bdd0843d68dbbd8dee5aa7221c47
SHA25601564b364fd031bfe239e490ad97c9f4654036ff3d7c437fe0f4ad2843d15797
SHA512ebd33be12203dec23bfee53280d39990e1dcae676b1078df0a7598475bf0f4154d5bed3b899081abfda0452fbc9389a7c5fcc25baf24dbf4daccfc1ff615c132
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD56e55708b7f1a6c416abc8e73178ccd49
SHA1e40dd359690d246a7ba06fb85199ba7d02f11d17
SHA256875ea4093f79d1ad1e76383cfec29ee60e2a9bfa5fcc36128c8de4710ddf6b20
SHA512594a898ce2ef7af8c901c68ef518956d7c6cf23bfa9cd64c93a72bcc016794d78cedd864850a4565694c9b66975668547dbfbaa086da04c64ebb4452d3c6f5dd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5ad1a99c76d1b20d08c3721714c6c1b00
SHA1b351395d7adda009734faf22a1e1e3f989dfe712
SHA25618ff3ba68aaf8b24861e0efbbcf19e7c9e939a1b37eb2c208ebdd4897896bfcf
SHA512b845921432bfbfbb70aae8164f8eb8e7a1a64247b5e2e41f9edcc6947c12ce4df49f81a78946c979d3ae18c527fcca4906fde07efa2d525c4c71d218bf9efc07
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5cb91f97cd0fca9cb845c8b7fec6f27b1
SHA13f98d8e6096522ddd0ccb5bf96b0aed3c66dac90
SHA256c34d854e313f201c89799c3576e31effa95c9a46c24c88f8f9ba58c241ca86df
SHA512686f49b643fa28840538ecab1f8a78b68c58e50844254e71acf04d43739b257572966837331f1d396f5f3b41f356b56a930d2c7130cab2a27abdf09de695fd4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5109d73211e3f84ae55d21fe7f1ac22d6
SHA1633db3f7393bd21556e7c038dd2b989ba0b82f74
SHA256713ff33a20ea0f48665b2423bd26285c033ba60b754dddc03156bbdbc35ed8a5
SHA512d483e83d372ec650d93278e806ccf13a3e066ed22d6759e8e69d7fc9a366336a1f2791b8582ffe8c56b5530a3a4204ef3557b07c1a003170321d21178305afab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD569bf0f14f40442d221b1b54b40d80c1f
SHA1ef304c0d6f4e0fbaa1415892a622256d64c25e90
SHA256512dfa90f6316743921962282dea293ae6c1bc2264fb8047c55f14360f3447b5
SHA5129804371538e2488d232bc598b95b6956d0f9a8ca96852af30abbd7ffe4303a8bbcdf5d35217852553aa664d80104747f3f2f29f1f85574dfcfc2ec6525795e8c
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5146cc574b9e70fe3b29f2b8f7ab2944c
SHA1cf01a175d61a6e556a218adfdbb9d7802fa71805
SHA256054a7de8e0f4489258bca1f8abce091be26331a113b4fa200b293b37f82b7de8
SHA512267bec5fb2c28732c535b0d8fb72fde2c6aff84b747c94f40e7730dd44ad1151129ea06e894db6590c5e7a3aec724f563b0929a3f5a12ee466afd6d085c1aeb5
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
153B
MD5a5e10f1c520ebdaa81d164c84170688e
SHA1141bbc89125499795ab06b5d73ee393e6aa49a38
SHA256528fdff7ea8b0f6f1ee91840c153aad27a0a0a8ee9c8987a6738db562e3dedcc
SHA512de7dfcd202ea6d0675996497506bf3f307c38937723fddf398f03cbc94f2a0de488d382faa38ddb3012e1ee3c554f477867a149cf3ff45990295075dc253a19e
-
Filesize
190B
MD56e197622febd5cf5c551259de26945dd
SHA17ce54102aaa0904017e4b68f39c0d6e86f61e0c1
SHA256ef3f1b8b583f9cd01d8161622dec25dc87f3b5a4a44e1697c8b2235ad7fd02c9
SHA512b063befb13ae6625661c5c7cf23b035d1d6b7ff8fb2ff93e1fc725c4eeddb87c17e313a128012cc7c80210143f4dc1eef7e926cec57663242130aeea91e44026
-
Filesize
190B
MD57b67c1bc7d14c205e98e7a908f9b0dbf
SHA1ccb875485b86bb49d5b16ae34c6dd73d45b1bdc5
SHA256eb0b0225798a77a250cba7eb9970af22c25b604e3bbc0e0e9f552400dd43c480
SHA5126340326f64346b4e15eedecc14d178bb75d482ca53a52d3b344f8529b1d19fbc52f9146ce1e43e6cc82f50075fc3d0562f2787a4449f1f87eecca6511e8b962f
-
Filesize
1KB
MD5c651c96dcdd47e3ec773b16512965b0f
SHA1cc8b06620950fb417297df874d0c6087cb5cb723
SHA256507c90f45cb3ea143e0af91295aca3196883709a14365dbc20cc5ec8b8261d53
SHA5129ca5a790f1e7f305912665ff8ae9d9b341dd9513d7d622420b265ef7b8d006fd6a5ab4b7e8dacacda1cf717fd2a54e3666461c1b9faaa7ca8e624a01bf605115
-
Filesize
31KB
MD52c9b44528a1c18af9101e26c4c41f936
SHA176c503cc6a097ed92ab45355abded36ed20d6be5
SHA256b58202fe46e57c5389554ed4edfeedced860cb18266477c17968b687b9a0e91c
SHA512c1634d836317b816eec44af324414d26679d7df69ae23d3241a8b5d0570217b46799d0938da9400279a047a6e796cd68db27a5301f7b15592cf950b49a9921d0
-
Filesize
34KB
MD57d31ac8e05d7cd1aa684239bf9c6b8ba
SHA1b53ffe610d526016df495778f9b529631e08c4e4
SHA256c4958ef29ccfdde82ac3cc021566dd935dbb529a13a89747da9e13e8f2b14e66
SHA512ef9dd531a2774dea775bbe2132285ec80afec4b8369a8178be8fba2fc040821f19574d6326673df00cfc539bf9b4fd5d5c4d93447d3eae55fd7ef33c05c21bf5
-
Filesize
23KB
MD587175264557dad978bbfc729faa8b8df
SHA1644c5c54640febbcc3685ad363dde6fb75bfe5d4
SHA25697ac96f1992214472e756363d03ab82396abff47c09dec7cbdb8bb14c2d97146
SHA5126e856da26af75424ca4156fd5a820a7dc9005b8b414563c3f2952fff8dfa77d5aabda6d068733e994c1de7eba0648ee528207dd0eba8657b3cdca7bfa5987567
-
Filesize
2KB
MD5872048f6cd0a09f483707964d0727d45
SHA1257f00644fdbed7ff092ea1651232e4f83f18f30
SHA256358436e08581d877c1ecbf91cb544dddccc309a17ff2524560f282d98d237285
SHA5121fa467e6dcd095b823b517d712661c7eb6b117a6eec72bfef6a8914514575763e0aeba25ddb341c85e65caaec7b98ec2ed686ca3eb93293ee002741386add636
-
Filesize
1KB
MD5df79873d6565a8236942a7e2cda2f83c
SHA1e1b493b1ff38109cc064254350a4e7fdb915eea4
SHA256e7dee7506001cd1cec19275e4809a712156521d95bcb0684e44f50ebb5fa368e
SHA512045b12e330c3b806ae3f5e455299add58a4d96dee037884adcd7a56401f5e1e1b4c79f4531a813c8b0daf2c4a09a730449b232538e41176eb5044c3f315a35f7
-
Filesize
3KB
MD5027dfbce02594605f9dc251107c1344a
SHA1e896f90f2a73503aecf2410013859bfc621fb8ab
SHA256705c504d8fb324d43a5a482d041d7df56e2f9c092f01dfdef0b8f1f7509a1e75
SHA512b2025880a0d763a55f14ed14a4cb87d15d0a98977d3566650f27791d85810205f84fb3e71239d788f76f7a66cbfd141d504ccd5106ee2b231545a279844558d6
-
Filesize
2KB
MD53b67abe32fa1779250240b2a5fdfc953
SHA184057a0e93d96573c3ea0ba7e1492d1d11bae917
SHA2565d58045ff97c794d1b03c31fe4501650a2c987f40cafcf6ce7df559d37b0cbea
SHA512aa4ac1fa2c06b8f30fecc63eead0ca6405cbae9d2d9c4edf218687a9dfde133fe363b3634225654f34dc08b376b8a02890b994adaf8c2b481d53a357740ec993
-
Filesize
5KB
MD56a35b2731ab541e0aaef596b48615293
SHA12bebe409e3322c1e0842fc852d8251b211cb4f62
SHA2568ee08ea89c2e622a69c3fa4082844461bbc4dc72a8ab40bc6bdb7ce78cb59554
SHA5122804d9628de7c4fd7ce1ef0c6458fd5624a668a70e2a7b32ad8d7957a9fd3813266f7353dd27232e74afeb888bfd229894e19a0ebe11cd7152ace20e2632f1c2
-
Filesize
17KB
MD5e6739e23f69952f83888d92b815337f3
SHA1b348aa64e57eb1b5bde691ee5461a858702ee518
SHA25662dc7f0881c0b41e3ad953a6f5ec513e460f188e9fce5e94942c365fea2bddcd
SHA512ec3ade98555cc65ef2bb7b2d2339549458e864ffcb88bfd32c87200d0ac79635203d923f3c0f67eaae1153ba307fd56f920fee83f5ffa4830efca02a9569151d
-
Filesize
320KB
MD54e100399582e6fab4a797132faa41da0
SHA1e4c058f34de8a860a23e947183f17087a7c2e243
SHA256e871e469c74e65e51831797226778cd00e04ba6955ac27fdd09b60673de31c44
SHA5124ab30cbc88ec51ad84755a1eb0481c9e800bd58b978a9f773f1f67348228e45f34bf7a24a8ee54ddbff433915f3319ae396e06ceb15b945e6d63f03c83d8b37a
-
Filesize
1KB
MD598fbcee75fa463cbae66559382f2067c
SHA146becd82e2e913e4f5f30a75d26ba9d24ef5b574
SHA256e55b05bf6ed4f5e484b41bc979d960d9bd3153a09cae4d3284e1747faf67a8ae
SHA512b089593c780124380daa259e2b6b301034be97cd78db6dc4fb7aca32c415cd484aaf5ca02ff6278cb099b7560becfd5b44bc8cd6fa303c42f8662fa41b1aef3c
-
Filesize
10KB
MD56f0ad37772814c099d1a16c0ac676a4b
SHA1b88cdbb129b6f3dd26a2660fd768dacec57b1501
SHA256945c2c1b206cd30034eae7553eee60b3db1e2b5e24dc852f258b7b24428c806b
SHA5121e329284503f96b1c9fd7a6022f224a224a0ae5825941ec09de7cc5931e3269fd88ab4cc6026b6581484494a41135acd58eb594daaf4cefa99a6c3c253b113aa
-
Filesize
3KB
MD57e7d32b2dff53f4332959fa6303aac5f
SHA1755b34c2b8e7a5fcf7d848bc338734ea5c38ca34
SHA2560dc23fbd6f4d67feebf170066fe909da08383367df4b0de728e6db5b8e1c052d
SHA512ec40434d53630f8d5c632c31e8171c92956d78f2d61099238ac574a97890879cb085b4851bb045ae659dd6b3a3c5010420570fd36490ae9e686f909f74f0362f
-
Filesize
162B
MD5a8e84c3190e0d91cb44a2781cd13f3b2
SHA1f7dc9af3558f4344529ef04fbc83cf3d6d4ff143
SHA256a14a74b1833867d1f74ebc00c4e6f52af068596e4e37e0a3f19d0b1b2bde3d9a
SHA51280eb98ae69ca4cc02bb0f112b599aa5d0a34b53d015e735406cdba585f8ac8c7c06204d0fd5f4c88cc5952d8cf91b84342c3db7ea307a3c253e21733126888f4
-
Filesize
1KB
MD51d51241dd351f8ce836a4d0176903e08
SHA1c20e4b5d74a17f4f31eeb3c38aac69d3a5add6f3
SHA256d4d246f9b461c9a01539cd22e405e8c1f80698852b9f81e5b29cc23c64820cb4
SHA5129366ffd47fe592f1d0762b3511b51cc1d7a3062e58bf435b97792c4416612e5783ae5ca3c5aec3c8e70d1c110271989680b3f602c6952850cd193e5a4d355c0f
-
Filesize
3KB
MD55bbe6f4d8d75a82d170220f4818d55dc
SHA1f230d5d8ebce04d050bfa5308f679fc492cb1ab1
SHA256fb444f2d6bf4a84f83e91e893bddf29ec2f0de5b34c06b52d567ae0cfdee2e1c
SHA512faa9017a41a68414e668e5f5cbcb1d75f36432a7377ded09ac03bd627f7720a0a29da4d2bcb5621a1e8bfbd96d466f8b92c8c9055b687d867b68c15f36695e15
-
Filesize
1KB
MD5100e7a7f2bf8d5569a99a0e4fc7f6289
SHA1472cafbf974a9cefcc76fb5ab8b3eaa8ca969226
SHA2561fded62f44b5cdcbabbc9f2164b7d897fec6fe4fa15b5d29f871b996172718e0
SHA51290f8cf20ff16f2e93e5d3d632b2202ca5671edc99fd4c262a9a0cde7fde5220dffe58f521d7f92f7ff9cd83378016c021e21c4b42caeb3fd73ae737d2a1cca84
-
Filesize
28KB
MD59cf765e6c1b46d9f689d22f8e4e48176
SHA18a95d929d757a06a520cc45c5d6f8c9b0bb26bf4
SHA2563cc03ef6d53d4fe9482699085d1240cb3ee729bef654c6019ad0b925d4d8399c
SHA512acae528c741814093e5b84a7e2c6281dc7e96a01bad5b142199138b42caf8b18487e6f349e5fcf4c770a9e77811c1d0a31aabcec9de11281bc5b629a1bf6a9b4
-
Filesize
2KB
MD5235237845760f10861c8e788c530b316
SHA1f05a97b8ed02c149ea99525803112f2340b2e10f
SHA2563a0663c682bd7329ea6304911ff9be6412c5ab848bb1f9b6cb05c524bff10bde
SHA512f9750a09b19893958cda8b0dcf1bf7eba392a54e446b8251b85ae1b7a36b7e96a61db2d35784a39884c3959fbc3a4d62086fbd14882d243420d167b2ef9d6fe9
-
Filesize
1KB
MD585707be134f7c027489bcb558c640df4
SHA1f64e74556bd6916154c222e354a4be9e06ebb7b1
SHA2561e088dbebb907bd69505c9c894e1c3377ae939650e6391e1cd28d4b44c837441
SHA51291a8a7adfd9ef771e3e5b04d9a292b148ee893c201b84d0245d00a19fe958de0a62f2d13741a5a928f362d4f169311c44f2cc154650edcdf0549ffaf4ec44be1
-
Filesize
2KB
MD5d7d89d6e0d4512d0a0679592bba56ff0
SHA138214af53d75da22a344dc8ad45f1e3418ce14c3
SHA256c80cdfddbdb188263e18b80d1c50ce338efa07c025e4d089a72d2769599ee44d
SHA512df6abcba8687ffff8d5406e92eb6a7240b252957c22294d4941378d16ef3a34cde8a6176dc70e8645de9c16880b3956e1ec7d0a7c4d4b7a74eff13eeb9b72c7c
-
Filesize
1KB
MD5fdfbc547e8ef2de813bc62d1611a670f
SHA1aab1318b822e7834463e579e2524fad5db9fb9a3
SHA256c195a3ac0f214fa18a4f5516b579df98a8dc4aa6e4cf8b7a2836d1c4c0718229
SHA5128db25861a5f295c40768ed848c858c278b82708812987880a554091bbd1b1680fa1b0bceec58eedce141f9290f200cf8caf6d8ad13f217757ce14f1bb59bc340
-
Filesize
1KB
MD508f9df85ebc4aed46e10d7fd8700b05b
SHA1ed5f1370d39d9ef60045cef98caf8de937f5a2a8
SHA25670afb7f014badf09b88be49825e92eae70c2ff36c63ddf1ce504283055c521ae
SHA51296f6a28eab114426c38db693fd4a64943725b7a76882101c6a2b26ea92b37db90729e2aaa884d0775690d840b1fcf4ef9d5e43929f560a4fab895aaceca4d51b
-
Filesize
1KB
MD58a043feeac3057b86411efe537da2c31
SHA126a5e9f2d2e63049e35a8beb0c57589283a616ce
SHA256d4553b0e71af789a874c20f7b7ad1520e58696604b8d83564004bda664924fe2
SHA5120c86382224802007a1e7e8695b36fe56bc478986afcdfecf1d2a1f38d4aa1aa78aef58b4846037341151c19cd988dee74ead24fd23985dd6e46eb20b61f78142
-
Filesize
3KB
MD54e11c008176fea92eaf69a2b2dfcbb25
SHA188e33269197329c9506b1ca5c22cbf111f672d0c
SHA256b49c37da07b31f1a9408358f3debbbe83cfb5a0974159928528e21617f7fe4f1
SHA51280d47ef781f4f457440010beec785b96b0336b1407f3d91852d45cd36a20e5d2a038f0b9ffeab98581b7e995b375a365ebe2f5f7a406ba5e308c89ed42bfffd1
-
Filesize
2KB
MD5eb478ac66a396e5a0eab8ae617df3b69
SHA14e768bef93147c029ea6e09367054d10938b4d17
SHA256aa7cbfb17555ec091a284a465bee79e6e8bc40b80d5ae5ed53b036d90bf42675
SHA512274f1a106fd87386516880981d6795766f4f37510022e4190ae0be372859a50a8cd8972bc10d95735f6de5096b6ac7be433e89a1722d6d517e138ba4c1636b1c
-
Filesize
6KB
MD56c657696507b3366c9a27d04399e2474
SHA1bcc8f0ed5589686cb83ebf666645f30aede74800
SHA256768f6c840416f408f0b80fa4026aafd8b4ff2d5c9c34413682e544191e73c7f8
SHA512b02955d4f4a215eaf10de1637e0702c8f2737c38a832f5f2980862f228e164183a655f2a011cb087efd719dcd69841b9b8199a7e3f40cd015e49299977840b29
-
Filesize
5KB
MD53ab179caa6e303f29e1ffe1b280031be
SHA18d117d11ac5c4e59be90fd2827c2de67ba426196
SHA256ab42f288ce29ff5e91c904fd040ab2cc8c8c4841cc6155ed76788214900f4413
SHA5124f5fde7da47db11bd7b87935dc2dc7aa0a3e71fb9d0d18ff5e81c08e042ec48dda5a833c9e564903cafe59403176f772572fc0c1c59303e4ad4eb387ec9ccfb2
-
Filesize
3KB
MD5f4d4d5aa6a12c7f75da21de9a299dd9c
SHA157210cbeead26989e75cf63db72cdcc4b379177d
SHA256fae50aeaa43b6909a69ab4de00dcae96635807f370e2b76ae55ad137e1817e09
SHA512f78eec3825f56f99a1be0e019689d3a2cb1002e24ce8801df7554c57a9f337cea29b3c62db5de71039123a190048674fa6482109f48dae27c6cab293581bac7d
-
Filesize
2KB
MD5319f43c4d43d2e467d2f7fae4dbd7e49
SHA12f19f968c3a00530e7a5a92aa81576374e624670
SHA256aa67818daae4f924fc3eedafd615b6d188392bb8e4ca2a4742eb5f872c003f4a
SHA512848aaf41ffd4d5eaae0fbe47a0d8769ac57e93368a86a6010d18d2dd3801f99a0a570983828f3ce62f82abeabbacff92327bbb3ea69f810bdc2c7ff85899c651
-
Filesize
2KB
MD59eb8df023e225120cc6021944e0f074d
SHA18232a56a2cae8f4aa44cb4cc24658306eeb25169
SHA2565f770ccfb1dd028fbd01a2cb1c77110891fe3c4526df9858d819a31393793b51
SHA512a42384b72f651114a64037a50c6b84850bffa979f82cb02b271385d827e790db231641639711e67de79cd409b2da2606934cf11f18c77afee363355817f11c8b
-
Filesize
1KB
MD522f7f4ff224d1b602f1d14e404dd6006
SHA1b6cd0a155b83a27d22e8d6f3b8749d02fc788727
SHA256b6d4b946d48e879de9ecedb3d06d7eb970905e90f8a60a095d2621bd77cd5b71
SHA512f2d58f32463c9400cb02ac77c8ae454b6ab246b6b5282efa9f13d57103a00b6fa1b9c9dbb7a77d48adf231f651ce4b9013d3346abf6c4b73685a1061894f1613
-
Filesize
1KB
MD5b36bdfe686acf8f9098ce13bd1dbcc7d
SHA1363413b6f8039d175837f4053e5281643d18100f
SHA2566762fa705a0d816c3de2632776f6dd306bb8a5d9ec97b4ef41c418dbc9945e5c
SHA51261049a15d703bc8e7e2ce62418828502e47456647a3f93653434483a559a7041f7e447db9cc754bd002eb2dcbaf9ddb4f934a77359db6cd892d3cedeaab069d7
-
Filesize
11KB
MD544ac8f38df3f2e118de62b14f087f80d
SHA1d1b5a3bba71760d47a0485782355cc3cf2ae59d2
SHA2563cc510f5322af8402b4ff7defdd1130d811b8fc77015189fda41975af29bb5b4
SHA5126e5f275cf3e34bd40c5e4ce69507ef2fb4fc175a31634fb88bce9a8f55f0fda7ae8cdb05116243ba23fea956c7161aaac14c70c4e371922224329ca8770eebd8
-
Filesize
1KB
MD5cded415424858ae47402bbbbb5192e79
SHA1a240df2b1851fc10baeecb4935ac5f3fb7db9e21
SHA25644b429021e48233f474a6555be5264aa4f229b6edf2f030eafcbe668fa0749ba
SHA512bd6f69389cf2c88861f094fa5b1a2368f1cdcab7ebd6d1916c259d64f34e47b66265841c843bf43aeebba6381f93ff7261b39851186ab8383338d43ea5496278
-
Filesize
2KB
MD5a627c32551ca5a8d996417c6ba80b733
SHA1cb9ee88c6b475df2b33fb689c260cf6b798a83c0
SHA256e78ce5b47a04f61577d5e830dfab0ab60b6e3e425253263ddbc922f05b8179a3
SHA512d5878f9fe825be67dece0dd9f09a1946489d6045ed5847b9c709023c9e96516b0e6557166ceb7f2d89b8d8305af660517c9772d820dad4008286142546688aba
-
Filesize
11KB
MD51fdd9c175a12f5a39f54f3254a210a05
SHA1c6cc6b1675fdd53414e660b60fb54848e2f7ada8
SHA2568c9db7ad6a6caa3622856f008af40d13c85e692ad5e480ae198cdde48bfe7588
SHA512e584f6c73698cd09b3efac165f66b94616d23bce8d78ff9236edcd59c3fccbce7db8a8be0e1dc766026b6ffaabc91af6660aaed822d779b6f5afebf28989c4c3
-
Filesize
11KB
MD5fbc1cfae4f7e1ca6aba20efce1d298e9
SHA1838256cc03452be0949cdfab78874c6e4488d095
SHA2567a125f11ddd3ba259ca74425e9aa751eb15f7d2b72a13455c558a3b3c61987db
SHA512d4a5b43991263a1f9497e39b882e4cf79d3be69359c29c1b01f3de3604df8d7171c3ea488132eeea3a3ac8ba094c90e1cc0f27b88989832e3afad618babfdc60
-
Filesize
11KB
MD5439c6bce167df2066144691a89734f09
SHA1b84d9663e459f8f0dfa56f5424486f1428aecbac
SHA256a373f7cc6a7a0f90450c74b889866915a42075963c7cfaf8af43d7bd829c1172
SHA5127105418d2862ddcea493e277af3539b804d3af832e7135aed2db59891f44ecbd11fa8c0a4f4d1ec1afbacae91cf961872759d45c70dde30df2446ebce012197f
-
Filesize
1011B
MD51ee0d059b4e4be5d496a463cc6a34e63
SHA1f234f5b6afd72b9a81734a24c7a1034a7f0fda77
SHA256ecd9281cdb2dda97de2c2364553e236aafde5a3983053b07379d5490dae4d585
SHA5129dade335c417d1b0b85a68e086fd6df8dc3b129a8c0a39ec68fcfaf16758aa4ba6b0d61b0be265ad4daf9432c604aeb31f12b53a5c43066dd1e98f5e1d4cee1f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662721799026.txt
Filesize77KB
MD5e2c5f8f5ab47303b8b74a63ae5616ee9
SHA1030e80b5340ca1db7cdc243b6ccad4eaa641e50b
SHA2569b1f266cc459a073788bffef6e62d3333ebfba60e6d60793ec92b8b23514391c
SHA51273a5d9329f99182ac1983349097ae69c17bef9378044566c3e18821c40a559c1a582b0f84dfb3f268cb5e1b4450ebe952091ee328afb1a5239ea5293386f37e2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663191189319.txt
Filesize47KB
MD5196bb60e6b46e4f345bf05835f8e1ef5
SHA11a739d5d25ce112069653279cf1d04c4dcc3e27f
SHA256c91bb5ebfb8b7b6eff933ca2f7b5b0ce7c7376d482935a15ffe8a6fa3fbc5ffb
SHA512c267fccb9077f4be424a75ed133774f774736dea2554b26f1de126e56d519f9a1319e24d10f2445973401891be767e79dd6d740c8f9ca57b1772e32cea9ec8b6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670188807600.txt
Filesize63KB
MD58dfda70408d1da0ab3d2f17389c8e78f
SHA19ddddb8a3f2f99ca8c1964785986f97fa25f2327
SHA2560dfcd964c2084e2a5e14a4db869f4c982ac1317bc7852f613ee6a7c6d8423f92
SHA51293cdc92bf70bad1dc841110189f41271096b9071f6592e21ed8b7be6e4d3f8e9edf55f65c9c3e92421b9dab39f780bb96a3271f65ff50d1ad6aa4aab3070eded
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672984949051.txt
Filesize74KB
MD5ee580ea269ed9e7790daeda68eff16fb
SHA1e2b0f011464356c0c7b2a3e5fda73723a59f80bd
SHA256b7c0f7e406b9d04fb2623ad4d2f752deb515b94a30dec5190582a92d92c33b9a
SHA512c90c90cf7f4698be8ad2896def19813cf41a8b777621b680ca0e3ede44931a738c64d094806e7cc34616e4fc83743d54c90e23786e3e5904e5ca0deca3127d2e
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5d901cc0eda9b246f6406efda2211bea0
SHA1329bf7ee3b2fd820f61c92180367debe48f21cf0
SHA2560cbc0acf7993632e4c1e77b94a84d4a53f075bd274f05c3348c2dffa5357e394
SHA51234e83ff302a46d108e7c5d5c24389a9a695f2d9d3fbcde6dedb36be9f7088d4828823fafd7538994e616ce64a60054d43617fce7d523ab530f3acedd0d626652
-
Filesize
21KB
MD505c6d20b53947d4efeb1e0e8aa5fbade
SHA1ae832a439cb6f6dc972ace595ce95c51a92cf435
SHA256ab51fcecd433bc7f137dbeebfd622944776f9a60a4effbae8c67438979888839
SHA512ec329b93f797bc653cfab671f4722830558800dd96e3b61e336a70fee6c80a0bb63ffdb25e61959fa975c34d416db700d879be7991ed7291cb05bef41d32d493
-
Filesize
1KB
MD5ea22f44b1183810a9093fb31a0a8da3d
SHA14a4c8ad8b0bdc41fbb37dc38076f25c1c5ff8458
SHA256134fea6190b86e48cf8625182d02f7533c124ae9dc393d1f53cb073a81cb21cb
SHA512cc6f4330778c2f29c4e7080a8051594cbbe5b66f5073cf8dd05e7df8ec9890433844db9df4b94c526e01527d468db2ef933a03cbb27ac6a63b8cb6576ece2ba2
-
Filesize
952B
MD548603272facb53782bea9e2db72460d1
SHA1a3b7615d26f780849745d0dde1a8921054960572
SHA256a88b05779ff369f483f8b6ad1934fef905a12d6eb15cb9855688f2e75759812a
SHA51278b4d08412789bc4bf528b6285c5281ed788a8515ad8566c098df651ec1ed7e9d5b00e94e5bbd89a736a956818af8d1bd0f151ca38eebaa910c940e361da5ff3
-
Filesize
121B
MD5ee33f31681b3668b5eeab7e95c206e5b
SHA11d9376e566bea721cc94fc702277faa7d1a66db0
SHA25654a91d0d208d202e53470309594cfb992f686cf11365c577130b9bf90d247100
SHA512ffc81a0d34155687b783526a302a83718a49f8add2543e110f5d835179c86cfca55fae8ccf125e250525497d4dbe6cf9f32c4a3297ed41d0dfd442f6e464e1f4
-
Filesize
1KB
MD5c079c622791d18924e1c82cd864df058
SHA1571688b710fefc3ea3d9a1072ac6b30cfd4fc808
SHA2564156d26209e406a4841239442c0fdc44bceb221b5ff4133c0e68fbb599ad3f41
SHA51217cdd52971e804fa8d127cb1efa0b3956cfa6f1ad112d62002d3a0c3d0c6952f1b9e4e42ee670b3a9a3a65e89cdd40d3cd270734c091ece7a6687fde657935f9
-
Filesize
8KB
MD5a06b85b6fda3157bbf9c4d7da11fbfca
SHA15176b6661cf49c9817cb966459b6045580a38a46
SHA25669fb7e60f1b345b7c4b3d96611699e5acea932e4c8c15e3fb135c31187f196dd
SHA51264f205f618c5e9d21087e0bdb2cc169fa18f2b9c8f1ce39615b3d1d5b8af283fae1429a0ef479b3362eea1105feb9cc7ea3b46feb17a419c32d3fe1656b558ad
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD51c318f84285c0ecf62b0139660842a5f
SHA17283bf7106a01d299b8df454b49b4dd22f3fb035
SHA2563411e8e94449cbaa7c3d2ca8c214dda8a1592350d0bd7c8dc897fde15a11986e
SHA512c8c4e89b4b291cf36c630b89908c9f01aaef088e2ad1504ca08c7ea22680ea623a77f26417428f738ff40c0580bc4e6e5b102158220b9193ba1e045539595774
-
Filesize
90B
MD5abb89ed5355a53e7fed3da28e720ddb0
SHA1c75dad5a2e7bae74492d26d13578ff7ff082e64d
SHA256addecddcb3129cc843b8c991c874d8b8dc85237df088d5a31d5449bd6ee75b45
SHA512e1f9ff9ec5cf0fa07614bec8d48033a145bba6c72bc4b90d598ad276cb4f51bb3170d97044f54f12fafd57a65a88fe2425b8a9da2100a2a102dea19460d61c97
-
Filesize
90B
MD57ad5668be1c11eea02b3915d56f9d247
SHA13c2862c14a51570d170580fe740e62bc9782fbc0
SHA2560e0423f1021ab92753a2a8802701175d569d32e1a5f9bd5ae10fdf3b1c9e7b55
SHA5122910b0f879f96da036a4d1b04a12f3779dfe58b54bea6b7656ed0c660adcf551c86475f73aa5fd5ce9cd794b38cc8bf73af36b0d6b7a194d285335d5ceb10991
-
Filesize
328B
MD58ca975ce98fdecb6a597b45885b00f48
SHA1c3ec60a7aadd20f33306ae7b4426b43da61b7f11
SHA2565b2113000e936648c2f028dcff4e789bf977cd2f55622a626f843dfe759fc3db
SHA5121a692a1c6136df99684993170339b66f76a2931c7e770704f48e05c892930a47a8c3afcc2fe8a8d86913ca8657faea89d41cf2233415546a07e889523ca18e6a
-
Filesize
1KB
MD5d8ce849dfdc3043e0a71078d407fd9d9
SHA1814e176e18932781b038118a2a29692ab58b0b5b
SHA25684f8d95d73619dc8fd9ad16440e1216e70c6fade021d8d5bcaf9e0da6b1228ff
SHA51209b18f55ae8c01ab056c1dc12711672a04108087b81b66d4953c1c6e8b481176ff350f6732f295ed740438aa8431da06642991e1cfb325c27e7e6e0238888513
-
Filesize
162B
MD5291b21e8eafd34e48ea0ee8e9297ff8c
SHA11fcd0ffcc0a2f5ea4f8477ea28fb84529772bf8f
SHA2560df86ed5eb2c9655a31afbcb8b48686b66e110df9199dac1222d1550ba4f591a
SHA512ae713c841c56ffac8d19b064a499e41f2d96a679ad0dea3e6a3553ee766269c2fa4fb780533d79cb79e7ae8f3131d37b1aaff6e6536a91eb7f313aaf2293ba28
-
Filesize
586B
MD5e0f6c1eb89a7a45c6106af5065d22a30
SHA16c3ff0433fb6d81d1a239d3f3eb7a559611ae175
SHA256635060e7fb052f5f673f299b44639b3d0c9b31d755a8d775717a962535b6ce15
SHA512b1375c6bf3c51763e0c1bafaa5e4c38d7e2e4666cf1c06fd987f4bb1442979d638d512d016c002919c598df2862687b98254ffea98a958e066b46ba131edef45
-
Filesize
124B
MD597e1155f0dbb5a0dfdfe3aa82b3c3425
SHA1609e6be5fad4e56afeac158beb87ec4dcc25c13d
SHA256ca3fcff60ecedd10dc097622569a3d2f93104163f6056b7a8438203c9ad7a5f1
SHA5124ca3f5a7eb5caefdb4bef935e94494f4efa0f1602f4cb1711fd96275142f4a937319c78ccdb4a1dd144e91ec2b00bb1cabdb1cd88a00fbb883d40677a0bd26b8
-
Filesize
8KB
MD5a6a20c9443aec0f0ae4c2de22183f42d
SHA125e068527b23a90b23a871d9685b746bbc298b81
SHA256da35dbdbb99f6359f24209306058b53f290a2a63607f4d69c2d32fda889edf1d
SHA51277a5b7952081aa6df9ed62143205f1369e8d59adad88fdfd053ec3a8186a1c6ffaed243074b75d428f826b19da4dc30b7835cc7f9498819530acfda332746034
-
Filesize
880B
MD5863c2decc07576618bf6b5360500058d
SHA16516035d13353a18083855bfdc7ca1dbfdf0c4ea
SHA256f082fe76fecc24cf16d05dd3279f54aedd5e1139f7838db7d7d34141c966a87f
SHA512d478d1c495df96592cab321c4cdae815eba451a79aa22a6ce37359a5edf1beca75a250bd9fffe44a65fd91130cba1e635c295b993c8a0739183294624ea53c71
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
1KB
MD5ed2bd0daaa47de26939a5d9b333d6710
SHA10494b56122124b9bf88356c0ebfc2441cb72f14e
SHA256ea8bdc09589bdfa2ec26f5d4e95415be98e0d8e02a67c0729553505eccf3acf4
SHA512e95c7621a140bbaa92aa69b83549a2655f90112ae3a11c592f1accf43332ee4b2abd05f974013db820a7b6ee6f4680bd72054667d01631835bc55cc5089c725d
-
Filesize
1KB
MD56965c48f97d49498761d708e228b3696
SHA1de91550b330d75ac28ff1c9b9dd8467f3e7dc042
SHA25655b0747e46a196762b09460d975e28a49a39b16cde7175cfa5d148de717f6b8a
SHA512feb4251ec1b8e48363bd140b1e8254449f3107b5b29c0e6138a55c60b3a18b6b133f104962a50d9547014ee03c175fc934bfcf6d7c51ae883b47146805f85778
-
Filesize
1KB
MD5726b0976d80988d521069daa3c33c893
SHA1cdef6667d84a13186e3d7d7c3fdd5de348d6d50a
SHA2564186f4280c065c122f61693463981546da0d16097de982464f554de02a3acc93
SHA512debb898c6be76f738049311455a73fc4546cbc09b99106d8dd2221855aec1a61e2bc21abce13d8852def04c0875ca5eb8f316c7295b4025d36d0c4859bf551d5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD598a6fa366b16c1dca4534105fa2aed7b
SHA1b746a5f19d18aa91d2b330b2484e955281c1ac5d
SHA256b7746bfd6615b64f1e2272949234b1c09346e31be0fd8b6f835fc2d7373b6b2f
SHA512adecd30d320574b46ce26a109c1347af61f26f9f9414f47a8fa546f1bd23caa16bb1336b56d354d4a4726479d5e93bb299fe2a38aa4a7ca68a33e59d1ded7f18
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5b8063a919d66b0bf4f3b99a3e07c0ecb
SHA127e5b498cfd2a7faf10b0bcfeaf709db5b379335
SHA25612a2d47ea8bfad7f1473b3f91bd9e429b1d6497b208e295693bb1d1c38a25651
SHA512d5faacd65599a003afebccb6d4b91520629612f6e9f0c7ad8f91234c56a470a2ade93b34674b30af3d7138318d1a8e8ed98d9af010e3ab1ba377df553ff6925c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5a01100f88a302c432a19fc84daa197f8
SHA144e0835380ca86691614cc50318ad3501205cad8
SHA2565814c1c9cec92eb29f81ed3b311f54dbd634a49df465344845c4c2c719551e4a
SHA512b0d65359a96b5073463012fc92eb9f811a9ab02fab890247cc4a77a9e831dffce6a1173d6eb4f362fe774a071a1ff49466d4eaa9feb96a8642b8525e7ca09e5c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD50102d3c2c8952e5f825201059ab116b1
SHA1cf7067d8e447b3ae7d55c9dcc2ab494aa7211e01
SHA256f63d4862e54c10dd9e95ecd19961e6d0af988d857853d610891becde9cfa7ef4
SHA51253017c1e66d6493cb5b0045aebd729654ae91e62f57a624913e5d0cab211010afeb8631f54e3f0e5f74ed24af4000aa13a88b1056318ff53b963fe4d7e91d73f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD57eecb59f685cc4118fbbe7658af516d4
SHA1cb70262d1439bd0325107005cf8728a30b5d0c6a
SHA256a1f75cc549df9d3830493e608b92ee5dd504041c7794470b2b906e9d4e4b759d
SHA5120e8e98710f2438df012e893c04a3f39dff8a890a359e5e3b53e998caad2897e93cebf700ecd8da3d9955960daa8c21800d94e5951caa41c2f4a71f4a498a77a3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD56f4e8445b230d79729285832f4ff5760
SHA10b269e6b37d9dfc41a3013cfd05fafd1871b82eb
SHA25626e13757f7789dfa3c063833745e07309fc5afb83071efd2248d434578e45633
SHA512e62b4aaa953da29e9f9a2de92878dc064cc65fc01af652185c43b679014aae6a3616b8e287f638740407875ed609bd27642ae29b7ab495578f2dbba41fa4c614
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD52021f201264eac46f74e29481397c026
SHA13655a5db700f5a2c13b386a963c88aea5006c038
SHA256be5c6a6af84679fb4cae6d9c93b66e7347e3596bbd5173ef132ee50a4e599516
SHA51221034c0ff371d8d26886a166484075ab53e6ee2738a4be14848ebcfe3657a067d81beb0d14a0e77dfd8a90b4020cc390554d6a6ba8af0b7ccc0b679f29a19992
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD57bd9950272c46bac62c6b27eca5b0e68
SHA13299d1934b7706ef5b9e909ce3a37044d9463362
SHA256c3976734efd896e5ec74419d6ca7562aa89609ac5ca4f6a4134dcef2e556edca
SHA512a777f9bc9d5fbe2329c2b63a6d01c8559388929ea4e8abeb57fd4c4045ce02a7003c54c36ad12c93e470f5bb37451e14977c1556b88f456e427c201404275a33
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD593f4315632adca049dfd91f51479aaaa
SHA1ac90756b23d2eb71ad8e5648d1d0f5cb407b7402
SHA256eb916a460e089d2aea715528b7262c160647b9aad77c6176c8c11aa9c8ca9d23
SHA51292fb7344281f239c851970c5b533e8a59a579b4645679bd070c19e69c6392ab169993d7f963e2f3e65dbe6dbccbf3e7ce0300b25e3634ff2bc8efbb42646ec0e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD59d0ddb0c59a4157ce6c818279229fc2b
SHA1daf32afddc79715b950feb2427e7bb26f59515c1
SHA256070a7ee682bc0bd08a8c3fb5c9e31e1cdad2bdf20478269b2323204bcfcf3a25
SHA512a441ea2b551336a251663cfa331cb9c89922dbb5d574e274473b7579efe5607c467568fa39d15f5f076913908cb6448e589cb76e5e6797b95ef8ca80b97777f1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD576868b23e420366d86f0bbde71815188
SHA1d2702497db1442f3f397fd7aa92a47a146909d54
SHA2561803630801148acd2abd22112fa536f360a0cb500992b221a8ffe8f58a4b59f3
SHA51281392fe085c4d3f67625e66d71cd844a6dae2fa42f155f60b0e9cec15989a8d453c6e6b0aaf7190b70796c37220bc10f20fb982bd3f7492ff70edc52374aad07
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5181868e46125292dd65742739b8fc3d8
SHA114308cfefe4a464f9588d753b477c68faed1a35b
SHA2561f6bfc33224b59ca7d20ea88eea250ea09e01d673a409f3a2fd960e758ed1ed6
SHA512f11252a32bd80ce2852a2d6456fcbdcce48391a3d37461f5bd3c6445de036d5c63edd85247d981ee8e6b06ceca404d32ee945dcd3c86fcf1cb8f9e9e16d31bdc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5250d52b17e77ef57d4bc215d8e9f03af
SHA1ff2b0790943fd7fe09eb1eb163d2c2adcde5c263
SHA256bcb5c0ed56f9181494b7a70d86e14a15b5b0e38ce996eb093d51083bd09154df
SHA5122207c87f39dc6135291ec4d2648a66902fb24875819ccaa8b0f86f2fb94a09592967c28f94cb4d94117e8ad4c1cf3811ea23d90965dc2981dbc53a447d9fe083
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5779c96e2535d44b74c3f80ccd522a9fa
SHA1c155b32b385fd5ae1a0a6369fcb71753e96f6300
SHA256e526a1a6ed6926845d8fe0657ec27d134ce4db36c5e6e0980452008df5f091e7
SHA5123fc3b4ad40807d3972664e66727311a6ab9094ac5be7ea3553743478979cb4a5e450b2fae339e42c0c562947015d1f0cb6d676eefc19c9d975d89d0a19a3cf3f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5f22a4c09f0826a4ffb1d979f0bdfd107
SHA146ccc1ea203e839e541ba519c10059786d69d6e7
SHA256e0034e0fe7b414702ffa2aa6e5923920854ba2573679037c7056103afb9f5e39
SHA512f2ba4903ac92cdc166652bc11177aa283260732ab2fac5c41df110a46cb274b27dd9c9ba253106e9918e9f5b04bb368e33f50dc5becf6e565c89baf20a4e4599
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD59b84fd8a349f9c1c16a767e196f168a8
SHA155f56269a75b71f663c21e527e642e25f35a1c11
SHA2561d429328332de966719bf5c151880dfe9a3fe4bed6a4579eb4ba9ff5dbadcb90
SHA5124cdfebc76cb57f7930b1e612afc8e5b89f13d604058033e47eee71288cd49326c38f3bd3a58e763dcc1c77d2163ec0a8feca3edf8390cfb08c970d3fab98c8a3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD54294c7b38c8b38645963b73413c32125
SHA14deb391486bf53ad01466299a4dadcca5d05909f
SHA25692ab494db79f247f15322f971d9271a7646130f020129d661d1c7906691f11ca
SHA5122a902351403f6f816a7f5dd90edf4693cb55eb62a9bf7de4e0adcfee7d784c79d1f55ca503ea3acd0fb296685db532509aae8814f7bd5c03d419bb6365a7a03f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD50845a9200cbbda5793868f332753663d
SHA14246542af6ce0b75feaf2c27c3cdb409578a9da6
SHA2569908cb03a6db04e3914c6d59b7833fe766e96ad312569ddcab44204de603a892
SHA512fb40d2822b280726f6d92f3e4edba7021dbb7f9c0dfdc6d01b183e2b0ce463937aadb941e8da934129183442493430ad01e113d1ac251aae711558334a60d96a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5494543da3c3687cadc747708c5dbd362
SHA1aafa3c6560399e060d28dd6c9e8b9ccca981af95
SHA25634391fcaf93f5e61b1bc045f5b04f85e081e85148efe2bdc29b96d8932c4aa37
SHA5121041b0c19d82dd061fea75309d60e20d7881cf9debf80f27007c71c34a1286b64fe27e4e0f2867f35c99bb7e0a06e3da2e80c7497ed91f5567acc832417c46cc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5ac16a4e7f093d3f14439b6bf11504797
SHA1f8bdc5a23a021b5083dc56d8c3bc483b01ca0a81
SHA2568c0163a68ebe279b55579bc604cb4f6c44219ae0659c8a1f01e7b85695ecdc7d
SHA5124b1b83878b446de4ec270d89dd77cd292552ad04e87299155c70b6a0e623a047f9f55eee0a4b41fc6ee005b2751844494308d77e275455d7a53f3dcc86f3046a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD57c7619063ecd7fa355bd43a82573bbb8
SHA16b619f7d3d6039d14fb816041c1bc9199ca9a6e3
SHA256438ba5844bdd89e9aa448a405ccb59cb399671a33d3dfc6c565a2769cad4d448
SHA51270319b631a100567eee6db4ebcfc66b5f36c5a80889e0666e643b7ed688d4dbea4cc3593bb4deccbab07de121905b86e922369122a65fe58ab3e8611b66899b7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD50a9a36dc2572844f9dbd0952edb71a35
SHA125557d1baec716b4a6d01d1f5a3882206c447677
SHA25680accf52c0d16f6fd4ee1c7d3c87c376275ef792f4f369b27d529834294b358a
SHA512eeb61531783277fa8b902af8a23366b91f105b9b14a9e92d3c46333e5a76e364382453666035a72f6def6534645bbea0b677ac1bcf2011e7e72c54540462a0dd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD58261760bc647e60e75f241ffe3eca863
SHA17568ff25843a82a8a7f9fb1aef68e2a615f0ea24
SHA256b52e02766e13c729797762e1b53cb057e439e91303660d7edf7b62beb2ec066b
SHA5126d35e7028ae162f270bcbb11633d8a1080937ed407e0c1138a0c0ac4a480439a9d586dcc4aa2d0f084e98d11c772cf5e7152278e0844ac4d59c9f97e46db39ab
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5b6c194128dddcef31394862c1760aae7
SHA11854211c7c491fa2b8f8b44cdbc5051ad711b5a5
SHA256007b8b4169ac83c9f084db104408ba6c3143ed9dda57f472fd1da5e01b6dbd99
SHA51221801a06a9ef3e7ef4b02af26f3720b738b52e4c30e41b2cf0367427f51d336f7179b5b4531c80ce03dde0c0bcf3cd1d25d491c94df53dc9ed9daba02e728ba5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD50fbb2170d061828891bb951a92e6fd36
SHA1985113456eb782a1a0ec30150377837aacf17946
SHA256ff84bf9e3f5733a36109fcfab4f0c889e6799194dadaa10c145621285415296e
SHA5122f4de05b407df0b773ec61de0d0ee5ac094afc82fcbd067d161f5581adb2a7586369caf28e50f7140312bebe01d0e759428b624a889008368e43dcab3d3c8e41
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD54b24c56edf4085e7e2a8c585a3e674a6
SHA16ebeca83a177abab7499920b7b132ad780b16b07
SHA256569d859e248650a431c1bc0c77961bfcf1e063abfad9216b7d74c5942cb39c77
SHA51248c83a46973da6b227df7617e032a8e35895aef278403efdb2c300cc0b654717df0c8a9fce04f845ea669a58e7039209e4ccab55937ef7bf1df71f8c04513d6a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD575f6c3d394e0eb65672a75fa2e98a260
SHA1ed06876fd2c1313f2f2bcac3d177dc968cb8d97c
SHA25695d4fbedc53869df6f2727cedb14590c037a211bc1b87ee7b9af7e6c6d1599cc
SHA512fc2b44dec0a3ecb31273e9342c4e2db1b7794e210beaf02b2300e47ef8591caacaea058ca0a635ad0f4e357eb5373cb0f6785762f1d2048c13f9e2149e8f229f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD51400cbe808167c9129227d6a42aa5d2f
SHA1a4dbfff5e60a5b89c939457498f044c8e60f76ba
SHA256c8497e962a24d90d2d053fa8b4aef2bc7be20cb5118207635b383cc33c7504b3
SHA51245403bb898c082440e97e1b68c2e294b9d448d43b3b3b02098cbfdcac94203fde06fd885d47ffea34c21a5fdcbe61f035a7775a04bd51a533894440c332587d8
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5286cd60589a7bb054160238b4d9c4500
SHA1b33eba9c1d3707b33661c995ad762e0418cb2604
SHA25695905576a4705a39dc04d1c2ff0858178a64e80be1c7641c1461b9c55f93da13
SHA51267fcafff68c6bde699060ab540b202450c8cc3d229f2859d57d549ffd2e3048d0014e36b9ae9d59be81c0bf46769162ee5236e6b12322b721f7038d8b92e087b
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD59d4a2da8395c3e344ffe8011797d9de3
SHA1ef607513d61016bf7139e03ad3a00bde2fca5c8f
SHA2560311b7c0d3ce3e6c0a11e300e95076e2a4029d0b2394b470ec0d87e07ca62db3
SHA512919a660eb9436041aa3679b8fd23ad11efa4961e18da7bca3c58642919beafbc3add6977770d63733de53d341b68908f2c114095a00fd19a51dc824f84c47f06
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD51f15e67672561dcec29b86aa6e5f483a
SHA1cf65373d786fc307b8116b2bb3232a355d0f1cf9
SHA25637882becb00e71764a9ee765cdeaaec3ab7a04412902b4cc79f1346b17407098
SHA512588d84e30f668c3c8361a2d3c78c436e15a0c730543bff3d3617a10c74cc5c6d7f5516ae3fcc4c56b1970a729be4fe33c40bab316965dec4505ccb751dd8a820
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5656528cc385a48312891ddbd50bf39be
SHA17f3e6af5f74ccccf3cd806e354c511a2ee709766
SHA2564cbe872883f05cbb7be009a929de8b057969d68177388ca626801d1b328d08fe
SHA5126b0c572ad8a3b2d4df0f221cf18d1cda02778636a46c1f4e475f67db0fac95118304644b190aaf9fd4775c97c1301b8eff11a32122d2a2ee8d6178573515439a
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD59dd1828afa9f634fa80af457d5702c22
SHA15be3e06a5960e85eef12ed399315856a440ee373
SHA256af102c045a4c914f7e18454f149b3abbbfafd8b442fce014e3c00c61c4c8e47d
SHA5128b82c3310c06dff33fbe4608026906341ac92be78f65fe8a78c6cf13fb2a3725e98a0af7bc580d05a9bd321fb4b0116c996c0ad18dcf23645c1e40f4a7f96d95