Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2024 08:44
Behavioral task
behavioral1
Sample
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
-
Size
363KB
-
MD5
78b8376448274a254dab8c2b753cba3b
-
SHA1
c3465f85d2952f16b15659ed091082eeaf755846
-
SHA256
cf4a1a733aa5f9184cff122edb817f5c2dbacff9ff3dbf661f6cb2d1a191c3fb
-
SHA512
bb30fa58907bd7813ab1f9b082e81fb91a0e199b252284d368e3c2813615bfc30e6c2e461e19a9541733bc09743e5d17ad4ef524a72436df807c829e50af7c00
-
SSDEEP
6144:UY/hqaY3W3TATmNeZL249z2kiiwsLCcBtlA1+cGXQ1:UYZLkTmNMT9rPwsL5vy2U
Malware Config
Signatures
-
Detected Xorist Ransomware 10 IoCs
resource yara_rule behavioral2/memory/4944-3232-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-3251-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-8199-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-11156-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-11683-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-11744-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-12027-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-12028-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-12035-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist behavioral2/memory/4944-12036-0x0000000000400000-0x00000000004BE000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2601) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPS-pipelineconfig.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl006.inf_amd64_130cd40b355024c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\Tokens_SR_en-US-N.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\tokens_TTS_fr-FR_hortense.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_6f327fe9ac4fdb28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\tokens_TTS_de-DE.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\AppxProvisioning.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/4944-0-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-3232-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-3251-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-8199-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-11156-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-11683-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-11744-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-12027-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-12028-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-12035-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral2/memory/4944-12036-0x0000000000400000-0x00000000004BE000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W2.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_ReptileEye.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-400.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\submission_history.gif 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-60_altform-unplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-200.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-lightunplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-white.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\AppExcel32x32.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-unplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-150.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-96_altform-lightunplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-100.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlConeHover.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-100.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-400.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-125.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\logo.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-lightunplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-unplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-unplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\MediumTile.scale-200_contrast-black.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-black.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-200_contrast-white.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-96_altform-unplated.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-125.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-GB\View3d\3DViewerProductDescription-universal.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-125.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\Welcome.html 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-400_contrast-white.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.1266_none_41ea436edfbc2e32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_10.0.19041.1_en-us_f60df125a7b3d334\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.844_none_70ba370b2a07f375\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.746_none_4c95cf26b3aa5907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.Http.Rtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..workcollectionagent_31bf3856ad364e35_11.0.19041.746_none_97a7d79a62bf3cc4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.0.19041.1202_none_48a7253c293b8be9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..asconsent.resources_31bf3856ad364e35_10.0.19041.1_es-es_5b2f2a8cfd6a78a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_uiccspb.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_5bb1496c770eb738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_hidtelephonydriver.inf_31bf3856ad364e35_10.0.19041.1_none_4de31046ed7c765c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.appxsetup_31bf3856ad364e35_10.0.19041.1_none_13506cbfd4a8499f\appxmanifest.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_35ca3abc882a68b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-defender-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_25ae5be3a65685b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125_contrast-black.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_959e11afce3d754f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_permissions_b03f5f7f11d50a3a_4.0.15805.0_none_5e19bddb461bb26d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.servicemodel.activation.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_0fd4c8e5dcb88cb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_73bddbc9c1fb11b2\AppxManifest.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\Assets\SplashScreen.Theme-Light_Scale-180.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_88376550b126b852\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d..management-omadmapi_31bf3856ad364e35_10.0.19041.1_none_6f835e4313663206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_GlobalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_f449f22ccf00d90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_f57534737531afc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-energyestimation-util_31bf3856ad364e35_10.0.19041.1_none_e5589274aa69992d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.906_none_87b019d7cebd66d4\rscaext.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_es-es_73adb5f5d3396875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..-gmsaclient-library_31bf3856ad364e35_10.0.19041.610_none_14266751efad2fc8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-dmpushproxy_31bf3856ad364e35_10.0.19041.1_none_fa8ada2a6c0711c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000412_31bf3856ad364e35_10.0.19041.1_none_a7f94c8737ad2028\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_10.0.19041.1_de-de_36b3a5db1b2aaf88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_10.0.19041.546_none_5dc9480d48614c4e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..hextensions-desktop_31bf3856ad364e35_10.0.19041.746_none_d2fd55f11442594b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..hancementmanagement_31bf3856ad364e35_10.0.19041.264_none_262bc7b233c1d05e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_10.0.19041.906_none_7974ea02a5c0cac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-provider.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_6972fd79a8794554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..necoreuap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e724bad26bd75b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..idgenetsh.resources_31bf3856ad364e35_10.0.19041.1_en-us_d8ec3431aecfec53\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..sh-helper-extension_31bf3856ad364e35_10.0.19041.746_none_976088a560b9aba7\Report.System.NetTrace.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_71d3d0048717dcee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-dusm-api_31bf3856ad364e35_10.0.19041.1_none_aacc396578b5401f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.746_none_0f6b99a629591478\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_10.0.19041.746_none_fe6d44cc0c90be5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-f..lications.resources_31bf3856ad364e35_10.0.19041.1_es-es_ca16343b1b8d5ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ernelmode.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_72f9fee303a9c052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.746_none_6e8480c2c3f34574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_10.0.19041.388_none_22f1f9821003c85f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.546_none_71896fe5367e9aa9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.19041.746_none_f2ddc6f37fdd12e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..c-keyenum.resources_31bf3856ad364e35_10.0.19041.1_de-de_7a4bcc820bbff693\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_10.0.19041.746_none_045e85893c117e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.19041.1_none_2a890ef3947798ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_product-onecore__btampm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8e068270167223e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Hardware Fail.wav 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Assets\Logo.scale-100.png 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.19041.1_it-it_407cb836d2b856da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b1fa2801f8d0496d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.0.19041.264_none_74486276ea9db563\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File opened for modification C:\Windows\Globalization\Time Zone\timezoneMapping.xml 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netjme.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab3f79387ada282d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-defender-ma..t-onecore.resources_31bf3856ad364e35_10.0.19041.1_it-it_b8756aaf82fbd08f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-clipboard-userservice_31bf3856ad364e35_10.0.19041.264_none_cd87c4ffc92d7585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm\ = "INJIUPKJOIOXSUY" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe,0" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rBBH65PP7s3q6Cc.exe" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.WoRm 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\ = "CRYPTED!" 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\INJIUPKJOIOXSUY\DefaultIcon 78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\78b8376448274a254dab8c2b753cba3b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5d68cf07e98554d342215143cc997d401
SHA17515d7bf764530504c36dda7929d233fa9961e7f
SHA256cf4fc1c5acfb79f3c1fd2e16229868c2e0ef770eeee1955639684faded5f0a87
SHA51287d1506331757eee0b58dd590588473fa3b1b8b48966be7f6b963adc0a49ad301583df7e6fb44942d7b4f9a33fe93ba3affb5046502ae6ff15dc5440f76d5253
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD58465df095ce747710b477cb8f4e2e2dd
SHA17eea55ba59f11e8f0bc86991b4299ba626ec793a
SHA256e412f60b94de3ace88b254f07174088014dc5114ba793aa548acd597a251a723
SHA512401707e4a6a79dbdaabc65619436e17111522ebaf0fdd7b549ad7145ad3945a320748e61cda0b69b808252e43600f930d20eb4bc267e9cb0f920778e79decb50
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5e457548ba93a0ab0b22113e325f1bc7f
SHA186c62dce21703445925f9092a50c8770294a1e04
SHA2562698195bcf5f82d6e42ae8e2afc3b4aa762f6adb3c551dc48c7c3b5ec37c13a1
SHA512e29c60ad909cb92518753b8acc05e44b28882d23163bea246fa8bff694ede54498d474f128edc2b990abd1affe1a63a23f49432631d20a3b4dae8929f6b16b28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD509d99c99133c57cab046edf97180bb52
SHA17bd769a0c2d03012a720f4585882ba02316af3f5
SHA25681b39d46f5ae231efe8c3c369047a5c3a3f23eca8d736dec25e0cce4ccee43ed
SHA51218f3e91854532f05b01418f0bef845cd2076e6aad48471f2b99fd277d5116e50adfb9ddfd8f1ca33685cdd93790aa2add46598f6f1525fcf0b636378187fdbb1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD57e5ac4573f6cbca5e5e5b430a9b04b41
SHA1fa5fe17e09032bc4cc9fffe9e3006262e5249f3e
SHA2568f17f9dc855a5ef3a67c798b12b523947b31ad5c4a281cbed00f10778caaa57f
SHA512eea780776d72ae6ba49282bfb067db521482ff128d13b46e55d20d4998a1fa7640c7c6522ee9d446c1967e612631e5fe0174681a919f83ee41d9cf94e48a5be3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5bb4161c097afc4d951bdab3afbdb86cd
SHA1a4aa42e5dd5fa0508c1bdf3ac008fc9deb81ca09
SHA256257ebdc9dc640089b53a8fabeab91fad000d4dc231a01fc11b9df10d05c6f888
SHA512d2c3049fd867552df833cbf52e98ee1b154c1b5a8183378756d20517797edfefb64e43141ed23d696bd3ca7eb135cc7f00dc64824d6d121d66901a33f5b2b961
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD53266f29dcf214b348038489ebe65152a
SHA19f873a2a32123d0a590a834e360cc0781d1bc619
SHA256128f65cf7250cefccaf40e121a00785dc31fd4bc1a04e854161c11f4a125138f
SHA5122b8d2907427d7f49c0a5126b419e75dbd6234b3a11549b0e33d67292493ebc0563071fe1260f91cfc6da9dfa4e99e24cb6a5d81fa6abe2e1af71fadc881da8ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD59aab360e5393485f0f1694e2503f9b95
SHA117908ded0f3a55a7bc92466048ef52f49f3161f2
SHA2565a7ecf42c751d55792cccbb74625c2a5b2f568e7649d1853147bb01247bc40b8
SHA512e46c84aff7428d2ceee0ee4161cc4de35b2c00fe9879ae2185807a10029ff889b59bd0089b433998e40c00270a917fca2c6a1c642c05726af50e82ee6582b39e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD57f14139c6d6ac8905776bee73d0d9b25
SHA1b7584e332fc68225e51e1d470e0d6223be8c6c39
SHA256c6e03dbd5279e75cc13e1f260ae0397e20a6dc148ea8548e031aabec9554840a
SHA5121646629afd31e43bac988fef55b51b797eeaf89e81c226704906bfeb417fef82f3c87fc6f0be828f8b77f8e3a5d85bd4361cc9874687f43521f0c2cf90e40b59
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD59b9e9ef9cbcfe6828fb9ff711ac159b9
SHA1903164214a4da3155bd01a552fb3a84dc5c7cac6
SHA2567a6d48feea2a40d0e5e58bbccec47a98c4de80817f29d442cf79593b3186f2a6
SHA512acbebad9b0b1351ca6f97322d64c6408bad2e09fbf74bf2379e6790a37f05e0f71d68f1e051d22388f388d321f6945df4619ffe095935a4170965742ef016f23
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD512f3f0cc9a750eb1935c0c69e2584530
SHA1e0fc99217d3c59b37e844739c7d9fae67c00fad7
SHA256cce94e09679eadfcd24a37d4bc7bf4bc7c33d086f59f52d2628f53b511a24394
SHA51232a6950184bc578d5b15b6e737221a3f5b7682b4be857defb554aeaad43d2f2e3016c56b8bebc8c14dec339feeb7ec0093bb8f99365e08467b955b8d73a7f32d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD58d2e8ebaf396c3594b530380a7444afc
SHA17cbfe3eeb3f682ca8e410511308439ef31e8cbc8
SHA256661e9e43e792420eca7cdbd60eb3def472083007c4d038b93c2584515d8f6b09
SHA512b286aabab6dcc8230816a15e1af9c0f387a4b787e9f5dbc2798979e1c1d237cb5295c71938d9a5faecb4dc3ee1c1ec13085b96f0cdbb0bb1df4582002283ef8f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5d91b3890432e942329ac882944e443ee
SHA1f1df326bc8fb16393867f71c2db7f9256e1a6d4f
SHA25689562d8866b76dc8daac97a4b0069ecd11e5e5cfcdb3846d809255a27c712df7
SHA51263c62951eba7f7a624b4afaa5f9e80e50ed33e8cd4d6975e820e174936f186ec939a9c200fbcef383fadbdbd2c16bfb9cf9ab5db2015415a6c484b365ea3c379
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD594afbe8c322659df03b10db5ff2f222e
SHA187541929bdc6813d5bdcb182b9d4d2aefa61a678
SHA2566ebfb9d0db2df410ac1f43a63e155f6b0824ec852ba144d0e13dfa49d20b5afc
SHA5121eda6016a2f95eb1aea9bc9aac9b8411876ee3559be43bb474c2404e76568c5fea9bf9bc86ad7d9efe05b941825c662c95de67997336c5c526d536bf8ac9c39d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD53eec41283855438a51f26a46a0ad574e
SHA16b22030bfc809d51fdf74bec896d0ae4903b08cc
SHA2569c4a414931f87a10bf51ef154f032f5c96dce0d3f7dda5d5611f71c002b9c322
SHA51231d2a4a756a0a8ef8376063d4569d4c2a3b1afb4c21aa7e6627f4307b39d31439e018e57abf5a8060794183f2124dd5a3d958a9471408254d9c1c4165673c07a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5139fb0ffdbb482998c524cccbd97e533
SHA1a9fd2b8de7040d2f07e6c0808c2e9a9ba1cc2831
SHA256a55baa64dada84d9ec833abe3b5923d88c14950c988c6a36d9673dcdd4ab6a7d
SHA51294d8de8ac171f7751a0e7465c91afa1b1e906cf750bb5cd77b6210d473c96624b40c78a9e9f4e9b5a406e0eeba90a35a90e26db618429089d577e6ea400f1956
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5b1608e33dcd496a34dcac87783404fff
SHA1c578099658061ca335c33e0d16949c75a5b4c63b
SHA256f00ff5326373077dae486d2a7e5ccb395f259d8b9ded660b77c5ec017b533d0c
SHA51291fc072c004f3bd596835af0c52cd9001cf15f630f7ebe6148ccd09fcc8c30685c1ff48e69285e61974ebfd4b1884ecb3ac054c7afbac91735fac0a828f0a02f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5e3c2fc6162e16975573891580fc0952c
SHA175ffc4ae35f96a1d4ab2db0ddc17b7ec555aba99
SHA2566fa29381836f8123664497e684a79a6db8269576bd2cad5efefd166fb5464618
SHA5129c4a7a512cdc13f7aff12321ac7b9b7681bf20a3d36076e1aa412fad599250e86d18574e62168d5c490cebaa58cc4141bd3ca99989e4552c094e7cd803972719
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD533594c682cca34b9bd295d38697ad428
SHA174cb160b707daec73ef58a8ee2f1d7e9513bbd01
SHA256b64526a69548f5ee5a18f1c88fdcc4edbaa0e4c11fde12caba601f766660d8b4
SHA512832c2233c3ccb4b494335b2c8f4984be8b92e2dccde547111b3d01519b260123f4249e9bddaa1e099eeb813814c010c06318cac6efb362755ffe6252f22f55c6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5f25ee19ee40c14224d10570199ef16d6
SHA127c1e3c2e2fd5faf7537bb689c8ca1e7d184dcb0
SHA256c5a68fb22317ebc0291c0195b491537a297b8969468a9285d5eae30b57f9ec3a
SHA5121af7964c6216217d45aa0efcb3b1078c84c2f853eb4bc254ca8b00fa1a493c84b8b6e2a4419f2a9017bc67102320636ff3bdbb2aa3ee42bfeb8ef5da814307b6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD55853cd39d2bac24675ba6ca3c8c65892
SHA12e4565014f8efabb5bcd12154cae91011f2c4de1
SHA256d46e755c5901a952e4719144392ea0c3eb0ea14797a1d86dd706af26625191cf
SHA512567b877eb3e982f0ad08449d769d5afdac5dd95838087b680ae4e939af77621e6b5be244a31a21b1ed36478e2fcfb6adb289f37e42a5c8ea427c535f1889ca25
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5df7c96008e228a9abe902f7591094f9c
SHA1809d10419b89395091b2078667bc94c1dcbc39b1
SHA256a9e55f6cf8755fe789f82c3c6f658713ceeae1063d897c6db7e17477ac767cd8
SHA512ddf7f188a8c9112fb2c5da27639410712edb57aa351afecf50e0b36228941890a6b51475a243e54d008480dd7119b3a856f9a5e6cbe9d7e55a61f1a5358cfc33
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD59bd4c38528840840ac72a6bd67f42b76
SHA1deb25bbd232394be1c02a9601a63c56737208c32
SHA2560c091f8f517b57e1cda00b781287a273af6d841229a78913793796fed7e387a6
SHA51242c64d09c0a03f4cc14a7c105d3c71a8afbd34e4aba82c1bb621fc90656ec01c3cf8700708f7450db98ae0d2194be29d81322965f3c1d721b22805d201c3d771
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5e9c193ad84d78aa05aae6c17faf58ef0
SHA1df3abfb09dbcadd715f64109e0d67a6ad77a1aef
SHA256cc58be3a0a518fd335ee28ec751c0ee70c201b7236489c87055c37db8e7834c9
SHA51236ff416511d9fedea2237e026041f1fc241323b6ef2078e2b9c0dc239e229074d0dab8eafb8a009f30d2727ef541c0baed915880f9cc48fb538f751514685a99
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD521eb86232fedca29ab770de009104f54
SHA19b8bec6d65e8a9eea8669baf18033f9eba72b686
SHA256e91dff8dd44f32f61c77fb7ffd132d22f2cd38c8b83d1b9aea04324ffb7ee586
SHA5126c34f539fe586e96801fe76d7fb55e07e86fbf5ea9fc551143e01c1014e1f61e77e24b8241e3051967b196a2a35dc04372848e6763324640fd28bf9dbaf934c0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD56a85a93d2e3c2e5a0c4c9aa0847b3536
SHA16f3ee2600f392f90c1fb3058e671fe67956cf265
SHA2560456ef4ab5fe68b923c061c58ce0f9d89fbe0b77040a57c5a3e177c7355b05e4
SHA51293c33765ea099d7f54e701efe491b908bddd687b62ca5e78ff7d0c87623eb65a2f2fc513b82d1e47cb4ce6fc5c97efbc28fab241c0e8096af680fd3543546cae
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5e745c79c03d1801654f4a50eb83b44f9
SHA10ecf5bc52490681268aa0f5db06d318850ecce84
SHA2566c32fca895b9160695aa78766c22896e8993461731f5f27cef87119776634a13
SHA512a3bae58958cadfd9ffc5e03f07978c750b5e223a0610cd97f67b166c9d91dfef0a33d8a8a6b6a33417c6bc95d65b77d3818e9ceaf94edea8a7296113bdf75e53
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD54a8efbead878a5c9c7b2ffa617bc694d
SHA1440bd3691348f1cc04f0f8da7076c352112d8632
SHA2562f7ca8c65414cc3f75adfbda7ee8a39cf2c1e9c0ab140c81abad50f3fd8d55b8
SHA512e4c8f53eb54956fc0112b405e0e8479f4619feef9a373269a167be1ff58ff7aa713899296f651b16a401dc7ca2f0ae8a6bb31811fac0d7fad15663a599901ec6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5d4b63d898eda119502afe3f62a6fd301
SHA158fd300f0735251ae247f905c13983cc9769b507
SHA25666a584a80be5e81b44b8762d87a69e82ad85517a8a48dbf3193f75d6a6f05011
SHA512831c3c2966634dd7e37d2479431634be056113cea1910c9b79bce927b4c537c07b8c051ffbf2a3e2e75a69835a5164a97163d4301e7ec75f3eb67f7eaa57e20f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5db08b6833174ebf6accad7dbc3c3c2de
SHA15a81ccfe8838b38f474eeb3b8700c8a515565621
SHA25626fe4165f47e0a6782e7bb87c77a4a95b59aeef0a6c9100678182c3fae248bc2
SHA5126417c6cdcaafcd0a9f158c3a3f465e2dd70d6b659ac669c00d3132d0b3cdc0350540145d9a0ea14c13d6db4bdafb20633d16a679cacd1c2ae5a9b40c8894eabe
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5c3c9cf44323ac37770759d3f883c8870
SHA1ae68c70885eb3f78bd4bf573b024bfe424ad7ac3
SHA256875a0ccb6f9730ae2310bb599d1854175539199f2a31754bb7688a32f7d82562
SHA512dd5dc369f0ee147426496e83d2c21013f2c93eeaa450d46101b0ca46f2410a7c90ea18cdae2fac31c5ab66f339b107aff2d0a275db6fdfe522e5518d8ffa9b31
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD51822f35a77567f11065374125e698b7c
SHA1664af3c02dc260f8cff3238982e3796b059da461
SHA2565cb89b6ad712588aae9ef76e7802d98c9db290b04117734404f361fe14753a2d
SHA5125385b95482c6dfa5fbfc9a7ab193d8d5fa551f48089587b42dd68a9a777b05be2acd11ab9a15603e8e2946cccb3db889170401031d72839b30ab1e098ddbbcd3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5320802353b26e92bea04bf639daf277e
SHA1e53c0d135488cde7e82e060ea4f85515877c42c1
SHA256f4acb90c56512adb4109ae8c4a41d0da40f2d4421cb1dc7e130c96cb73818b86
SHA5127d7b2d5391b69fac9f9703eed142197d656db0666cb9019ef1ac584174e14329321bdfc676cd7e4088e436e1450bcca6993f1642639a31ed5faaae635318b0c5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD571b9094397343241ee68241f4c28b268
SHA1f50996d3e88d0fe900b1c653057881dd8be2d707
SHA25622e416403acf8a66b6235bbdfd6b7632c5ed7d8a2a9224ef27bf25ed4e9fa86a
SHA512cc70b8275583fdc4804f3574937cf242024b1b523051606a8208a8ad1abca413ef51a4a6ae5b49d6535e187a40ca25a338478132c86d1557da4ce13a9de3329f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5de70c6061df73b5b9f3ca34ae7bb76a4
SHA1ed1b800bba0c1400a6d072f64f35d912a0009f3d
SHA2568249e8eb042fc83a3068a46bd7083dddeb0e0dedb6c69fa42853552d5a44a2ad
SHA5120a80fc66d94f490175d72a5444d5c08307953f24fb7753f44b4437b13db4cff1b392b0cc7d149e5a402780c43afc859cbd3d31b9a075b46e38e8b33787ea52a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5f7f2cd392892f347e59cc0940efa48e8
SHA15dcf38326c61921db00f0e1f129162f6090777ea
SHA2560ea0fe655cdcf498763e8c645359ffd0a214b4ebc9e263743679d39518eb28b1
SHA51242e3f00981c69ccbbd2f5a9b0cbf3dedbf613c70f8f108d158aabaf75955593ca0d5594c8621df05c3254c58ab1d107888f8b75f8c58bb1e912937862b4da84c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD50bbe0753006b1b138b7b7d9d4be1a7b6
SHA16424ae7b835e8e180da0bdd633fff8f2917fe588
SHA25661c89f5ff9e4470da72df5f7e263c85e9f860e2bff52361c007d585c6525e014
SHA512ce10492d92cc0736ea516de49ca452fa58a88d9f98568fb805307af15ae46f042b34b234d7c34ec1d33ce693a8a6bb6f6fe109963aab602d0972ffff6add1379
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5cebbbbc01edf68190556e7e3772f9649
SHA16348bb74fbd93881cf668525c8c0037aea8b6aaa
SHA2567c8a9b8084889af79cbf56f6927613ce9ec20c07f74d2bf222ee916217a733f4
SHA5129d0fd629486fe959c505762341d2712f31bee482b3f37ebd84fa30b38ebf75b590e4ef0a2a936c07c2c2fb34088f6a677faead1bd2108d46adc5ce19d34053dc
-
Filesize
905B
MD5413ba6421e1f7587471b8de3c817feb3
SHA143e8d409b58c0f51d1e23b26c13530f4596672af
SHA25661d82995ce8a7771b180d4721e3c902fa6df441b437196471e6d28763c2d3bb5
SHA512ca373215d864651d3c551f690d31a335fe2457b01cff9b943b2cc6244d25be7b9383584f7e8ef003fe84db526a28e8221d18f37147d6e292f7d58f1e0b7e886a
-
Filesize
153B
MD57145b5d799b9931efeb132d90454928a
SHA1f5104672c1b25eb12ae5a4158922181877f6902d
SHA2566b6ab6579db2a0b585b46f12d0faa1b43487cad973b0d070f400605feb95e851
SHA512bc5d22d59bdb80fbfb8711d1535402e1d6c7a62cc84e5dfbe389e6249b5db82566af4f11736425d3b0bac101dea3b37039a5a344dda7ed55a44b79f6a236c184
-
Filesize
190B
MD5b143ecd708546aa4aae177a3094f5e2f
SHA18a044bb6b488d369a74cfdcb552d2a4ce36cd290
SHA2569aecc5ee1fd6c4c99a2f242115e1cd902048756dd539a92041fbe487b8c5f929
SHA51217d3c9e572d2ca27b46c365222acd0135b43a6217c91e6427b96032ccfc063a676ab9935e0d41e346afe125f6abca526ea67b126b387c7c811da6d06dc778096
-
Filesize
190B
MD55aacce6448aa0e03161c036f640c34f9
SHA10c99f22248efc8671201d13b4c7e81f2dadb233c
SHA2568450b4f7f2c59672d12ba5f41a2d6db80a5c7b78749f232f5dbf0999f9289230
SHA512e5cd6274724adbe809af9fe403e11f0431f7029435a26e3a4e368a0a99eb8eef86848ff5a76c620d18a9023cb61dcaea9446c2c0fb4c2de88ec76dcde54063e5
-
Filesize
1KB
MD51f698c1f954bcaab36e974f6f5395ce3
SHA1017d0a98c85ec0716e4cf8f06a2a78a017bbaee5
SHA256771a271d96bd3578bbe36a7da6445bd3f7406fd7ddfd93352b24f7470976007c
SHA512da779ed2ec600041faa90f8eeae4b60d276b8dfc35eaf74855254797e8a1d9df3faf69e967509c3c653237e60521ba93c7e8f3f4324a4f601a56d03c7f9d6922
-
Filesize
31KB
MD581263bded5cbc4637a3febf3a080c568
SHA1fdae953de9465038cefaf39ac6bbb414b4893266
SHA2564486efe13309cd0490839ee866760e6e07557b9cd20460b64950d4749cc8fca3
SHA512886eddfd2c5ac25d77df5a6b517a10dec00c7b6c41f1f67c051bc6db9dc7cb64d07eeb84accd230721b6d64b5b75ca9a57951e3608af7bd7e9ee10542c07a8c1
-
Filesize
34KB
MD5eb7f071d4a8ff2074079ac0e93791d14
SHA1be6012796c2bf8436138c9c3c9bb4aacf10ace38
SHA2560fce5a89341503b8d807b8ee9179e0d6d614fea170c22c5908eaa4b00d300849
SHA512a7b5e6f7155ad0264ee140ab5a579ededd48fd50f0223eb059d30a73624b0fd38b433a3abed6b1ef0e56820ebb00519e60cb3e9960f1d7a6fe8348842e77fe5c
-
Filesize
23KB
MD5bd9b337ad9782307e1ebb37395673ef6
SHA1a143ceaa1ab40a61a65a1432f4ce451c3161706f
SHA2568b0b34ad40d0978a5e77d69042d2df2ad40528d13bacbe782821edaf4fb0a59a
SHA512db4d3482c52fec6d7cb4cf00c2f3f3424c316b3d785f24b233bdfc7882631e447f7652a6e362bcad61832c9aa751a3f4e770a28beb55bd6aa074183fbe3e8ccb
-
Filesize
2KB
MD5cb361f8b2232cce98a6db9cbaed0c073
SHA15465e75a6d8510097ceefd99ba8d9c9a856ce7e0
SHA256957cdb4e452c2da412b2fd393b786cc9fbb5801ce918572aeaac2d55d8fc5c41
SHA512cd8f3bd2036690c302d7437236ea9ec16dc6f07a4cc351604926e4fb101ec8ca74a18962f20dbe20ce1c9632083643b9d551dc4d445a56ac3fa473a0d5fc8bfa
-
Filesize
1KB
MD52ef90d579302683b326b443e3aae71ba
SHA157c358e1d2fc931936050c5841201aecd53cc9c1
SHA25695a62070174f809a2b0b157fb82c4b009f8d9f31fcf54fdacee2527d44365c68
SHA51255d12200755a5051e0fb719b68a628cd51d9dcd0109454cd4dd4502bfe6865ed5b96caa7108f6e0ad60e6c2492f26ad025ba4960aa6e7196c7af38b76a0d25b7
-
Filesize
3KB
MD512694658636236441df48f95a2aa19c0
SHA195975b196c95087c52462cba44152891ed9a2c21
SHA256600c36a14e9043420f2a2fabd2fc3813952ac3b2f8b4900266a434910e0003c0
SHA51253108cdf09f087d1db290c8d9b6845305de73967338b4077059fe3834bae1e63c413ec06855a1207b266bad5981943b79d7b77cde5b0610698526a8eafc86f01
-
Filesize
2KB
MD56fe741fd892f5f1b0d2f1a3b664fef5e
SHA1f2ccb6e3f7c1a169f6142b7f9666a541d7a350a2
SHA2568972fbf3fb9eff283037a7742b3e68fc08167d35cd41bea836f23109a803b3ba
SHA512029994f781b51bb0123c089893b3e7efdd9f0dbd510782407e5fd57a9aeedd2ab1414495cc00bb8f67fc4e0e5a9e5b80cb95b8c443afdc25704306d74dd2af56
-
Filesize
5KB
MD5a07ee34251caefda6b78c1ff34683026
SHA124cd424456f4cb21c6f46365b1c1c63e473877ec
SHA2566a36ad111fa66b3469a26e15f5cbbe928d94c44b3e57a6e4fd5f3d6610d990bb
SHA512d5044e452f2a5f91d00b5849554de6ba9b40b47c479bc5d699413c7072e24f2721917cd6caf86bd04670e261dee03e46cf0b603c80fe17d481defb7337bbb538
-
Filesize
17KB
MD539fe8c1fdbd0e5b30d9a7fb71343b41b
SHA11a4bb8a3d00bd72cc46a5d5d635eb6bb940c2122
SHA256e5a3180c314c1402158e0a97ba333fac79193606791105b483911effb103de9d
SHA512aca2f9f1f0ba34e2fdabfac66c8813294e3f057b58357e5162b636d1a4adf2b7fa3d18dcdf6e6d104e6a4d6512f79b215aa56660cd351e1b337aef456ea21325
-
Filesize
320KB
MD57a85b06b1e743a93bf9548c1ec5443cc
SHA1292b5906a4d8460b15271c67a7985d09dcb11fd6
SHA2565aaeac2a563b82d488484046ebc0e67c994ad3edacb5592bb5db13bcacc13e2a
SHA5122dbd7098a55656c7f21e9b60224e150027af93d51f62e329cd76b8e075e957a442b62f850eed113dc76ef358ac57eda913583a67a79333a581ce9f0e306d2278
-
Filesize
1KB
MD517f703378d20035f1b1fddf342c8c549
SHA11f8f42bb70928eec9a5d8ffb35e4988f0bb799ba
SHA2566a775df772e604f9573f5200978b6586a74fe69985d71653edef93a09f669c42
SHA512209e232d3c20084b86b3914fef40711ae377375de024e11d7bd7781e1f3eff14b200aa08e50109a8c82bf8c69ce709689dbf1b25fc91232e451730d41d742efe
-
Filesize
10KB
MD5516e8299090f5fa0a051935453093464
SHA1263c3361aec0e90134d03a6c4309ef8ceab6b4b2
SHA256c2c2394b9145309068e73596690c6a83df2fa9feeee0ab3996ce7258fa05db2c
SHA5125843e04f1cce15e9cb76a14d40591ba49ab204b302fa918e19851e284c02e594c70dddf99922ba29d4e49ceabb5566bfca3a1cafb2ec1801e5e30dbeb6ab5587
-
Filesize
3KB
MD5fd7a587f26bd5cfd330741741d0835db
SHA195793e0d97f2860b0d1f2bbc8b51835a0a43a3a4
SHA256f7fc506bf52d94e4719fee19d5de212639179ddde64074689a3be2662588143d
SHA512b8521e92bcbd5ee07d01d22e799fe9c02d6ec9282fc4bda2c4052eacebe21a91867d7e55a0b252a7a19c17d98efe785a3cf8c3c58443e917ea7f018cb542eacd
-
Filesize
162B
MD5a2ae562e91cbc84550510ea648150f87
SHA1c6398e8ec663e5274fcef73130eeb464311ac308
SHA25612f7395596ae5508ece32283fd07a32c7c004cb526bf73f5a3468e84fc140be0
SHA51236a1a189e7132af149af04907c9d55d9ec84b52b3ca258c9895078abf90f3d07ae6c48810a7e13c7218af7c056f6c2f3a4dab3352574a85f5c3010854b18af75
-
Filesize
1KB
MD5c4ed8339192c9fafc562d2afc8deef08
SHA14c3ff8f2898f321435b185a561d1c2f780727e1d
SHA256d95c9ee3cbe753413ae02dd8c225bfeacb88e320f1f54aa284b2af25e3be481f
SHA51290216a43a8a9bfc852751f80ce7ca3d220970a401fae026aa3c9cc464b3946ba8a4ddccf48b1068d6b98ddaf150da7345a5ba6915aeea643210f89c316830b71
-
Filesize
3KB
MD52b76f2f56e0dd7afb790ed375d59eb54
SHA1973a5d5c4311e140e3fc280dceebc57ee9d7b06c
SHA2563bf9f74b3807064c890ca2b1bfee7e25d71dde5ddaa0670437e0f67629ab4581
SHA51229b3316cffeeb462837f035dc4ae618b2d89cf51cf962438a0804df9ba93f4f23212c655f83bf6d1136ad393200aeaa0263f728fd45a5263320b61095b70cc49
-
Filesize
1KB
MD59ac43a46e5c90bb3f6718069d7f646ac
SHA1066dde829d1b70c4d3ea19bbebc0e337228b6f03
SHA25690b598c9624cd6346cc7ede09d3c8693d8b7e01666961852db350fc80f803fdf
SHA51264de5c7e2063f3cb511c187b7a0c7cc6d2f1bc2f50424211e4288ebc4e7792cb361704d10a43886e7fa26faf62deb4e2adf32c7b9956da6381d83204f0854375
-
Filesize
28KB
MD57819ec67a0caa7d83d7cca2d145b1e1f
SHA17d68642c201f8a7d4fb33489ee3a609829037816
SHA2564cb6091c53d350978da2152f141ba6104c247db9d5804740587a343ff37a09d2
SHA512ded76a6d8cd4687434bd1524c4d54db4c000b7a6f0fee54eb69558756654e60812ad0c1b78179ab8f6436b9b4a6feae833af1c3957dc7ad1987c569ad1c8e0dd
-
Filesize
2KB
MD536e28b536695b72005685e962966dd93
SHA19fa2bced91703b054e8c2551f48b85201a4f4eeb
SHA256f6de7b9225d271af843da1e4cdc8eb376ff42e502d20860c7ea30ff1a928da18
SHA512a48a19f7497ea6447175b2eabae997d0e856694fb97ae694417c4ea0effee1ebf24e8003e9be5f00e44ff2af515aadcecc02a4c046f64586ae7ecb0932acaefd
-
Filesize
1KB
MD5894641b00508081c65ff8d3f226091bf
SHA1ed2a3f119e76654e01d93db5361d2a7ea1f6102d
SHA25673cdc1c15da3128bd33f4ca951e107ed5d2a04a0dc788264f5842d05d607c4c6
SHA512283e2f2fe7abce7695b3f1c93db2a655a8138a5d8bcfdbd3245090631c2756b594981a599dee46b020955892db98e4007e7952b98b1fbd0ceaf0f85598284b3a
-
Filesize
2KB
MD52124c275338c5b870eb447935e2c12f9
SHA1082a43b893c7537d59079f6e511e39d287b6e6da
SHA2560e16e7473997aec150bc2d83a0ce83659c276197934ca6c4a81614ef03e05925
SHA5123fb57c29cc6a4bd93ebc2810ece17a63cac589802a34a96a21e18bfe6009dd4af60bb0a202e80c98542f0cf4bff419bb1377f2a0aca5aa190170f74f32fe48e1
-
Filesize
1KB
MD52bdfa77ed5ae933287564d391bb353bc
SHA17a8cb37d8a04dc3636673f67e90d9cf1f03c5ed7
SHA256bb4e9f4193411453c8ac5a1339512b74888b5333cf9faaa4eb86216c1b2fad41
SHA5122b907ff5c6991ea8c2f4308496be175f761de4a2e139894aef12744f0cd2ac4f38dc6bd98488f8968456632effaaf17460acf30183170f17731ee66eb6abbad9
-
Filesize
1KB
MD5d0cad5d991bd304221cf7304a5cf03d2
SHA1be9ece7a2e5f3d992c1336a7e601b2b951713bd8
SHA256fe3b62ec34740c99dc94ff3e2936962540f357751c09e5de8503a5540dfe816f
SHA512e92f99565c32f5f3972a15ab7b5907a5aec7bddeba5b53c9431b93bd9c90286934e3cae44204e26f8cedffed0fcf383b41cfd7eb78fc91087e71e2348f005c16
-
Filesize
1KB
MD5f9176f17d3a705284a93c61b0d5e12f2
SHA16125557c8cc3fe5f0560e07a68e413309d7078d4
SHA2567b0648bd50349ad1a3051507bb6000f3186a3e2cddc7f2a59c9a7b367197061d
SHA51229ac1844877e50a117dcacc8ba4a15a78f7872a2457e6dd2f97c420ee6b5f6b44ef62e7f2ce650346a7731fe3f78b22123af52565e2fdaa803f6347a769746b2
-
Filesize
3KB
MD58868948b8de7f9e6289d0b16f74c9382
SHA1b0ff3c4ecd3afc0a8788cc0b81beeb8373116a6c
SHA256ef3c3b281fb563e4dcda166937a854d2792dad9fc056ca5c9fe0e594d5633273
SHA51275b335b63d4bf44d4ad15bd3526613fad5938ab928f41e80d98a44b4ce795655631c3b5c5b306fba3ca8bc7d3f0a4df32ff587d88f9ccea617d0820d9a1a5080
-
Filesize
2KB
MD503cfdd7af0923bae4ba8acb353670780
SHA17d0d020d996076d4d3ae7ef2e2deaf1e5052b26a
SHA256fc7040cf3dcf9931340c2b7fa7fac5e8d8d0a8063d32873cb968fef7a3a50c0f
SHA5122ac376e5d4d19549574c7e44908919641e00843facd5ff2ced405e892d960f7815703307bde7530fdbf14e2d3828dd2aba049e19d161f603bab05f043cf1fd58
-
Filesize
6KB
MD52fbf77e9c56d27c015bea39ca71fe2fc
SHA1c1f0fbe28e56efb184cea580140aa6570e3109a9
SHA256195b01c6a585d96fb26e8c58a0a251b1723cc0db8ceea3e6c314851cdf0053fb
SHA512ead222e5882b565824e3e40cc5fef277b123eb76985288c0fae847d9c347b93399db0bc257bc5a892964c836cdfd1ce83e11c276a94c9da639091b499c54f61c
-
Filesize
5KB
MD5f35f7998b15236b3780c03ab006be59b
SHA1b3e427873664d526b8c3f369f6d03513444891de
SHA256d51674aec60138bfc59285db5c94dde2c44e5457535b6773745f79ce7f7abcb4
SHA5120192188f955a74464978f08ce1b87d33a54ad4f9e62871a51baed59391a31c2c54f7f7d08636adf0d676abd50ce2a347cad2bb18a81e52913448e53f409623fc
-
Filesize
3KB
MD5b8f406e038efdbcfa67a4f20d9da5f01
SHA1e3ee4fe5afccc8fd0141545124f0086749cac614
SHA2567c257770990af0970a6329537d40de9f8244e223fcaa66474a835ac6998cc3af
SHA512c01e75c4ff9fd990027195b2020fa6d9bb2853799a6a390521b512875f6df1a435fc726c58ab5f82c3f38f3294225459361a259bec8001b9917555e79899ca74
-
Filesize
2KB
MD580c14807f00e7a9a6a11aa12ab7a6752
SHA1adf6d0ce1a9d9880ec671c78409b6b9150686d6a
SHA2568ce48b0769b23b0bf9178578bfbf20ed2ae73d7d8e9c0ee000ee7d2c7ea38eca
SHA512ab0b8e21bc9737a8395ddd1f7b34f4c6607625ca3ee0c2deda5812a9de959f2cffed497baae60ad6936e639f4574db6c052daf0e17a308dec90041a2b9680822
-
Filesize
2KB
MD55cbefd520ae19bd78b56bf4d719ad4ba
SHA1f46cc07efe948701cb3301afeaa304adaefcda9e
SHA256003ff199d99ab99e541001c65444835515d7dcb71c84d1c68743b9770623970f
SHA512bce3de57beb78834d215d1734d11b876f982921d3becb7ff9a1e9c840123bc0dd961d4a39dabff4831955220950480eb426722267aef6227386a1c7254685248
-
Filesize
1KB
MD5bb53b8ef62916aa27067caf55c491035
SHA162d77f019e4ff81f0216c89be3ffe201ed272650
SHA2562f429d2a5f79531944e1164c6de6861e7a98327501d8cbbb2bfc215b81583042
SHA512811b20d524919506cb898f1c7a95e0de082e9393ae7aa507434f9c2184f2a14af5a4d3e0b8347c4fa8471fc1b73de8e4f9553f7242d77e10cd618939c86a5b65
-
Filesize
1KB
MD5a8dbdeecf8f75a4dc396c5edc636e49c
SHA1aacbcdbd0efb64e95e243cff88ac35c178018055
SHA2565783edb1ac9e6306beb2385d71229347e974e9ac5ae2985d42ff1fec65f8fac1
SHA5120f354f5dd119e1ef6573c747d39d0ec10b1d8d1162768f7f8a6705c6c2ba79c5bd1d47b85a304d477e18220fd3e53a480bea3143ba4157c9a5ba526400fdc29e
-
Filesize
11KB
MD5a8ccb0e423418a8cd0cfa6ba58c07d8a
SHA1c1ebc6be5df198f457fc906909af6e38d552d576
SHA256f657db21c5a086a84f6370efaaba34450d500d68b45d40a332bed5c2ce8a1adf
SHA5126a5351ce228da8c6a54d0f1a017c1be9febbac9d9baf52ff1510c1f740c673c6d60373ae4a3d86af4124a6612ea842038ae0cb4243afea97400410d56e3b58ed
-
Filesize
1KB
MD547b60dc470209ab46765eeab47b17d44
SHA15f49bda9ebf107a2d853e0ad4c07669b06d5147a
SHA2567b9910175f0192f7dc51382511d5b207bf41378dac9f60cf2a50888e7452527e
SHA512266bbe62e3ba57f15d28d46ab0a221a03dd2ce1c9bba01615eb1a1130707474fd5f0c7cb1832878c59ce6870332280843c1348265d353c54e36786eb09d17fda
-
Filesize
2KB
MD571ae33744bb4972765e47d3030d4a9b7
SHA11f8c59006cd93e3899e31650b944555b96203637
SHA256fd2b083c976266653355b5de10ba188426d3339304fb1a3ff03bf3131c1934d4
SHA5122dc868817baeef9d6c538bf253d3eedcbd46ab69ecf83a0387260cac0d462cc46df3bb8913ba2ff5aef2edd184e322d7887f5b55f6ae93a68364cb05d2823f58
-
Filesize
11KB
MD58dbc4375ff3c274acdd3d508e3ae79c0
SHA149191bc32fe29fac9ad70f1f977da09e05667626
SHA256476e1d62a1b86daba46ae09fd3c1eaba2e72f2b865818213db1bdd34e46c301c
SHA512115c3e1fc9ff8b6e4334bcd2aec6743a40fbf784dc565c18dcbd613d4872a20af48e1dfe53eb82714477d9651403bc299adcd1356302eb06ee79cb897ab3444b
-
Filesize
11KB
MD5d81fd5552dcb4f458926a430b9989459
SHA146622f17351e03ec2982e494d37804b8ca9a4618
SHA2565eed7b5abb14388d8e28c19bca0f16ccb21c63d27d7332f31b28723779b379a5
SHA512d26cd0e1e851c77d207fa55b8c75452a0520d8f40eacfbcc70b297b6f31ceff7d8799a7acb9b75d3532b9a6b7550dfc1ad9f330ddd57e9d05f262c7471af79f2
-
Filesize
11KB
MD52a949af3ec7a0d9cf8745a68de13f6bc
SHA16e68d9d15940c8fa5df904bd2319c88be4b0c81a
SHA2562b54010a471883bc4d5396ea12929048550e46d143e184f2039efb56b9134787
SHA512f2bb80b30d178c49f1cd9de09e36b5b0735fb4df33525aac8a27d5626c364be3321483654c3bb14070e99676914ca52307e7e0920fe074a20ee54f14365350e9
-
Filesize
1011B
MD5522b1bc248186d1d313ca464912795fb
SHA1f458bca787caaac0905099e3f0cdf96320953be8
SHA2563a9834a6b5b129beb830481d4933951d6add6b226c1f5f238ee6263e9d05d702
SHA5128eed65b30265ffe4ad6a65f6afee6680d45b3c4cdcb55983dace1133d3e2c75770fd9ce627f58a0f9b9849c350fbc3f60d2323d611ec9b91956862d08a9cdfa0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt
Filesize77KB
MD5a6571f3823f0e65cb233c2a3c38b4ff2
SHA1818141f79cc9723e236dc3053a53213b7e2a01d1
SHA256170340dba047b43a87894b0122097d03a418d9742fb69669a5f4d9e00ee1e4da
SHA51244abc3291deb9d2ec8e6f2cab4de2f7677c1fa96075e07ca65b6bd7583e786344a63c4875031ec585f09d2500d98029d61aa3fcfbd8a83fd6604a48c0ab12831
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt
Filesize47KB
MD579fbffedaa3e604d38db5a3f95cfa9ff
SHA1843d3d61a370c53f3949d9af66d6d5498911ee71
SHA256d137a8831285c7b9760de9dfd70cc428151b37e21af3ed83bff611007193d913
SHA5120ff82ce7bb70e148cadd5c302c8df99ffb2fc3784e32042e00aba9a2a4548589bc2ba379729738b96162d121e0a46403db26308405ec5ebeda0d1c26e6309e1d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt
Filesize63KB
MD56f3b0a7e4ab45c809c49d237be9fa3d7
SHA18a449718b6513a0e6821f94c339ab63406040d40
SHA2560babb269831021be084c170457d61f622d743faca4fbd93369520df011810d3c
SHA5128fba49fbd73b7c800742cb5e33da3b0dbc0e43a4547385ff359b6136485c46792d9ebdac77be1d28149326485c1e8d2d983eeffa9a7e6b269e94f7cd636b542e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt
Filesize74KB
MD50d19622f24bd66366f414c72da62afef
SHA199b6c9b87ca8b92ad0497726f7ac033b957a0f3c
SHA2569d87c43873edebf49369b1336bd6a07d73803da47559d5b8caa9d0b4df84c93d
SHA51287721f1d8e577da951e03c9caa3e44c8115f69335bbbe0a3da31c13f02ca0e6b3d79ab9f47ae124099c8989e428e80eaf6b7467d5fe643257eee2a93bd4de1b6
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5bff61b43f5e8515f666a3a81f6b98311
SHA1973e9e867e34d0ae7a50f1d9356016f6543abd0c
SHA256a5221e8e4283e8b138d13fa262380818760274a524435a863b3d838653d3b6eb
SHA5128d31fa13bfbc56e3731bf1210656d6f49c74c01e0c1f7efb804fe45e4617199e2e1a16cfbbcfc99d58d0d2f7809fb0fabeb5a632cd08512bb393a15333e8774b
-
Filesize
317B
MD54f4364077ee37d91cf0c8f77229327b5
SHA165631d1d03860e32067c35b4dc8462044c56e9ba
SHA25661accca7447df485ecca9dd5957d0e8b49ab204c8639a2d6c0bcf75e74b1ba61
SHA512828659e1108c09db49a15b036ab562b482f652a09051c13ebf73011209f51c1ca553436ba8d567d6462cf16a61856818f0da2184317b71e7f153a281a4d19416
-
Filesize
21KB
MD5b3cfa311f10bba5769c1637cdfd6a058
SHA1f12777d8e2cbcb8572afdc62be52415380738cac
SHA2568c9f6598f2ca76713924a3a3f9850457faac138b5d8f1be96b15081e89dedfa5
SHA512cee60f7b0a4f052b982fc686e6e4784da21eb56cc91f75a6342ae5bb00d2643b9a771268b33b3bf7031aa183c3574e5edbdb2282c074cfed3c310d70e296e6bf
-
Filesize
1KB
MD54f20923fe9b04f2cb1aa8cb3b348ec31
SHA1c93cb5e3829c618b45bf1386d9945aa5ecd503ae
SHA256b679e3b39093fc9f755d7acd5fc312e6e1a3059d9e66ab903ecc5d5e7b1dadc7
SHA5121094d5e17c62763d6ed5cdf448d0272d9681f5814b82cc8809ef10c7ff954e42bbc511131feb0b3a4e99ef42d20e664b5620a6ae279ce9b331e1dc687e05a784
-
Filesize
952B
MD58c0802e3e077b82bc6938c5f150bc445
SHA12ea910f95c70f81530945c4788a933edd1acb119
SHA256a5bcc746caa5e07f2582121eef48a67278cbde3074880aa4ac094e13f6b02a03
SHA5120ca130bfe5abb1e41f8f8c659a5e5a4c8eb1ee070ea96351f8892cc2836f58473ef2be8d3940b150b019b53219983a80486f55fb79c02a8a965e2ad7a42f9350
-
Filesize
121B
MD5ab6e164b141f0067ede111150147fe48
SHA193e997710902083ab9e80a634e9ff45c32a59109
SHA25694103fa56f49515908bd436aa1ef0fa545d4a0a6642336f23b588b675fd784a6
SHA51200914bfceaf9ef5e1c89161e1ce8953168329aba95b2d3e7b55c1fe822468dc935cc296b09408ae88696ffa241e0931948653d0b5f8ace088effc6e3793d0727
-
Filesize
1KB
MD5af2881ce84476e13ffe98bb410ac8a62
SHA1c07ad8f74b89b5cdddb3455694f3c61d533a05bc
SHA256c24be7a6f41cf4bfd840a001005251e6f58e93233cdd9759dbebcbeebd7dcbc9
SHA512d1a7fcc1edd65550173b631c3cb930017dcc693305c5abed3288fa7aaa323d6837258a1667db507f0f67fc12809c38912cb3d102160cc78af2cc0ae9da733b61
-
Filesize
8KB
MD58b41d711a76941fa28177eeb5d3c2f4a
SHA19ae55f52eecaf4c4e4c8a46103dd8aa957f5389c
SHA25665dc85676f731bd8133d2bed66fd196b5944b9623e46e46375b666cd53e3e161
SHA5129f599cbf20f6b5df804d0bc28381cd08b30f8128e184b6681ff3691baa7ba7a422907fab641e993abc14a80914d811db58572f0fd80ace7e141ab5397bab1f8b
-
Filesize
914B
MD50409e995b527ba74673d393e2996e6b2
SHA1c2bde88beba536a4ef2e2b892f5c952969065f76
SHA256e6d5418e3ad983ce580c7a21d28b391671e1a6e59defe79fa38fa2a896c70b87
SHA5120729aebf45ca42721b17967aa8249ff228bd837121f8c0d9d74b26507a18fd2f4861b78ac5d065e0635d6a073951feb0b99c1c04b2a36601adac51dc50fb8a82
-
Filesize
328B
MD5237fe1b770f2d8ca11f2dc71a9765d21
SHA19143380cb1c2be274869d5a65b34f57456398e82
SHA25649cfabd73923067b2270893d282299757ee366ed1118699ea9fe5d4bd0e22595
SHA512c7a6ae832248bf722c198de196a55ab94f72a03aa5958fdc915dbe29928d371521559fd3bb359ca2f30555c9a7508bc87ca5bb51b870e4bf2b96241b38becd96
-
Filesize
1KB
MD564c69bce1f01f617aa86f3a71912dd8b
SHA1d8d2f6deae934367daf034b6c5936bc1d025fffe
SHA256cde373ec91341cf167ed0c7663605fcbde03722e949d1e74c9df94b4df9df2a4
SHA512bc5f241aeccfd9127f3fc40dbfe36d73416de87bb40cf7c62e41430a6dea0c95f727f5c144ca9e17e26476368e3b576a557296667f8ce073743b230e801c4530
-
Filesize
162B
MD53a1aab894e40c82f6e9bab34ee74b2db
SHA19ee1de63a81374078c9c6909913f65eb7c632207
SHA2560e74c9db8608e069f09a32b42ed785938cdd260e396f91cf6a8e7ec71b315c23
SHA512a81d85e202f0b1aa431c883f159ca31a9e53071d3ac8bb48c6b58f140001e205611e803373da68d9332ca8b0ae72e8af79a6e407b75d4a0706cb25cba0f6e44c
-
Filesize
586B
MD543efde16d237ae0984ca17d70a4502d6
SHA112c40a27ede36ba0c8def2a9addf14d163cfb372
SHA2563f4d1750de790345bcff0307b7a9e03f8da9cc67b64fc6a66a972aa8a074d56c
SHA512d88ae318b5f972d34773bc0c76dc5f403612723b4ea06e4498225ccfb3fa6cfe30d50211226d0a219d202fb892ea4e2bb9456420432602a4e6f8999d14682e03
-
Filesize
124B
MD534da1c6b9491df0e52ab0d6d1748c927
SHA110f314f989ade8ab791cb41f516306bebcf3e4c9
SHA25672a01931bd70a45e9e8d9e03bb46f0cf1a65f33ab9bc024eddd7cf736e71e01c
SHA512abc019fd958b10cae9630de1b395fee4239ccb800ac0a108ad6339610f9e53ebfa07572d05a2d9a24a3b8c4a0400444bf40a675653843a0d836e30ba135f4416
-
Filesize
8KB
MD503d7778de012f6307aab2cea89b448f1
SHA17678789984c16eae5886da44c1fc2752f2a8ee85
SHA25626388886b8ce98c3ee53a71c7e907e6224e5e074263606dfa410f9f9eb8fc1fe
SHA512012512a1ac1ecf5b32abef78b23c23994e736de27ac8fd47ca76d9e0ac1173cb1663425edfe8cc120b6d43a315de846c1c94511e2a3fce482cb1a25f71743419
-
Filesize
880B
MD541fcea8975fd581689995e9b3105960b
SHA1f44e028efd65a725e6190ecd46b13a3211c71aa4
SHA2562e8fa6dab561b00c553912102207e1ffa305fd64cddb64f4ab869c226d085f45
SHA512cceac1b78dab5f733299cb1d75a7c562755d781d619db078ad77df5d3f43a2414b4140708bed47cc9895b97571506dbd7ca9aebe0c9f13b688660edfe8d5f4d9
-
Filesize
62KB
MD57d24c05f490cd3d8c2b42a17db72136b
SHA154cd74b93dff38c3f1796ff2855b159a2403b897
SHA2564c96bf4355ae5cca7f568a5068340bc86357103cf3c356ff8536194271085b6a
SHA5120fd995df58de99890b245842efaaa0d757c7003ab5d1ca69f8e3a35c4fb2a04e03a8e25d0c11e84f15f675848ac3e9fb5234c19a655571c7e8cc0c625b6b1dcd
-
Filesize
1KB
MD5093fd0c5955d3924011db634f409c7f4
SHA1c2466197eb671cbca13a39e8a1fb0cc5c88424d2
SHA2562459a61fed094198efad28aca13c40058f5299c29940b0a90b21a47a0a058f77
SHA512607d1eaa82c29ed2c7f9eb10eb9ce07ffc54613d0b7ab77a2cba541e5769b761f56181b75f871aec883ba6cff9b205408ad939b0580e12f3714f1962eec5eb5f
-
Filesize
1KB
MD5fab5f2ae71fbd2a5872c287ac4d29c8e
SHA13885681e58f210828f0045c0cac549aabacbac3f
SHA256ab19eb708b2e0d30d308a35c3b6e387f334526dd885789ec593792a8128ac315
SHA512b5dfddd1b71972a84ab461a756dc4007d33d5881f725d8c14d8a79215647e390c73b0f0af04230ba6fc280ec061d70e5046e183abe96854e25c9ff9d967007e3
-
Filesize
1KB
MD567517bb60951a9ae3daa0d29c43ec588
SHA147d946d88ca5a6bf524bf6c7c00c22c90866177f
SHA2560e02b4a9dcaef76e16c4687fb9a0f8e6b7b55d1773c396603175ce34a11aeb35
SHA512091ce15caa2e0f009a17f410d8b8e2db0ea3bc0c76ccd9b67f667cfe372665845846ba282f4f039617a6aac21790bc2998bea3acac7a3b0bfe0c503e27284bbe
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5c7921529942cb84535130e12ec904379
SHA1e7eb805fc286e8234812bb0d7e00648ebf770d74
SHA25644989e910bcd39794f6f65e7cca0c29e2ca6bd4689676d0c0672cff076b7ae71
SHA51252f36aace5680c19b47981a6da7bea8026e9e157096981727f996814b0030d7a1671c01b685728f24e059a6e5ddcb27eff608829e1f2aad452636aaaf09b3895
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD59e98cec40f46375b178b1d56623a890e
SHA1f5a80d07a7257b90c6842beaa0e310643a7e8a0f
SHA256a766cfa8c1c8d0400d10d26ee1cc346ce69c1d691486909bc79fd85167bf5908
SHA512e06aa00a4c7000b20a84614ef625bee57cbcd69e4aa4d98d816ee085fa47ec2f90e515120a8e59283b6b528bad9d45b2de17a4442a75147c8f0df87db9b0da81
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD595ea4c6bafcc916c32b8ba073f4bbd9b
SHA1d65f2c010fe500c23f9a3041a7f5aec675320d46
SHA25628b39babf917099d37001e2f12179aaca39a432e4d8541f5ae265f26960f6853
SHA5123c4c3714f6fcad6f7202ed464998bcb590e7b2f457dab15a4f50a116046d0e7940b0ffc6e9ce7b12732cc8be9a1180619939e1fdd0cf4cd5cfc0f61d831ef1d9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5b128eb6aea3f27d6241217b238aa0a5c
SHA1b8f18d23bb727026dd8524b4a9a0de693fcd1c25
SHA256dc84a0639ff9f6b6a19c831d91bfbba413c05026ff7c9903317524bf6f25aa2a
SHA512273c399af8f0ec2a37f81af02875fa4000800847d83a744f24ab40e5785419aa920b27dcde90e776fb72b22aeba24847e00ae4c3fee31b9681b7a188d4b6b2bd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5837985450c6594278d830232e7f51375
SHA1c72421371d07d1f298fc04b50fac9749dc876e0a
SHA256867847dfa4a849d4ea5ccfd12a790463883137d7e37dbc9b82dfe04029cdd763
SHA512a3bb6237b7da195dc3b8c3409889d24d3966c3a1429af81d425af1d12c28f701e5f5c45f10a17f1b5855a3866c65f975368da98e1f5db71a2f1e74b5ad4d49db
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD56dd066971f271d74ba4a58e1701750e4
SHA1030023abba882ea80c33e704c87d70dd94ea8ffd
SHA2564af2b02639ebd19aa7e36ea9a67e42596899ee7f45a9ccdec0c4db78709dd5b7
SHA512d725f22dcd11964cb950bba890ee62b0f750ed1dca97805ecbae6f780d903565f64eab49ab8ab549874bf98fe30673b01bc4195513ef2d43e042717e9d059107
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD58096b0d2e66f4c25add8b525545392a3
SHA13c92e77f9cdf57279570cd69b9c561efa1083299
SHA256cc789615487c142771c183a389eecdb0a32149f7b0062027ee6762582ec0794b
SHA512296129012f7065b2e6c2ff7ac99603febc490282d80451ac21831297affaa3d2758946d224fc991cde7ca7502edcc6f9cec2e142b734cbfd0a9779dc3d354f85
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD53f49b89da5fee3e8d67c2780ea468c53
SHA1ed19183bace43b2936301527c46ade65b384806e
SHA2564f0678787cf3aaf70859885bf6ef42ff1a6df77ea86342fd197da7714dda12db
SHA512dcbfc7bae7093f557a0ef08579da54a40afbc578a96dfbd956e8d3fcf519d77aa82bebb044a784e5050dc6bbd43d7e2308227a7a725848553dc072587187e98f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD58f79c94621a8e4a669a7750803b84760
SHA1b5bcd482376e9c3e4c905e35234980143fae413c
SHA256a15b5656d17d8f459faa86826e811bfefd049f65e1569776511918800e6e2738
SHA512db5208f641c1368f17554f64fcbbc52169bf9a7e50d8f0f61b405785d26454d42ed11590b829b3dd35c39717516711d357f0720c9ab4edb660b17e9d423246af
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD576a7fe64495944b8c6e2d8d5fb18cab1
SHA16d9a4b33d26abdb8e3cd66955aea3c751d7f3682
SHA25692e104bc3d98cce209147224747ba9104e0fb7ab06b46c8a24f2da1d57224d25
SHA5121fc21bd52e168741edab4c690c9c469d0fb8973dd37cd16637f7bb743506b4fb87dc37569b803705cf2ee4e301dc0c3be2ed834a9d317c86230a3a3610b10eb5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD59ee3eec4987ff22401335cc0e933b795
SHA1a9f0c4e2363810cc9bbb844266c422f1d6f54b64
SHA256fd3817968d9452138d44b5c12d304da21b4de2adb372b39a879f32c175155b38
SHA51233e4456683ababb04585fb41d8022de2424eccfdbe2ebbe8d8e2df7e06f9f89a37d826d0a9cc409b080747e412bbf5b90dc6559791824efe8110cf5b4c97e000
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5f86b4f06406c66d1034c95093cc56be5
SHA1d68c3726057b7d29769806cb38f5e704c1c531a9
SHA256f2724efe980a037603241bf8cd77e86c36db02a99b2c4e16e64376795617008b
SHA512903180ae47cc4d80e2a3c1b21f12e0914065efd00798757f774b9ef2dcbe4533f09d210ecce709a40d600e8f88af9061d16d7a26942dbeaa9efc89d6115c24d9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD509619644394f237ff9f6b9db36b11ddf
SHA16e02f69612b736383eb679054907889565e908d9
SHA2569c505f5e6d7795094f3309a986271c82aa57041a434ea2f1dbc9a4ffc4eccfae
SHA512c436c36d57f8df20875658cc8806406c90073214d70d92ce33b37684f6712a63d2d0832d17296971400937c1cf0d189ffb39490409f679573e675084650c78b3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD534a609b3e24a98ace17dbc72b0edb9db
SHA1f1047b169aee143051a7ec7dbee7d6a94f820c58
SHA256e4d04a6a8ecd6001a36c4530f27806a39476884ffab24e6546a0a49ecbc39d1c
SHA5121e5f8568f94fe8c13bf7a7a4218bff2c9b22023f3a3c4b6ad007a7eb576b58aa646e3fd1faebae38314a00969024796db31af79e1739fd608dc5372977fec7f2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD525ea2729142e325bd4c28f797fe1933c
SHA1ee79e7652701abb84710989b65a17ed5f3f584bd
SHA256834045e394cb6f6fbdeb5127dcd4554b5d62ccfc9368c7a590890b2c3aff1b9a
SHA5122fa17ccf0f3fe9b4060ba46b6db5df7894d70d0509fdda8da2236d8cde2cd174632792a66d8823eb81a5f76ac1e88c633b270de74e82825d7a8cf8c7b7994bf1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5c661da98c56158c120728e2634ad7fa4
SHA171b528736fd6bf6325c2c918be7717e71054c1f0
SHA256bf604fdef27f51bef8d5320b514cf7bc4b3c6203cc1907961d0228dcee899634
SHA5125901590bff8a995997fe06e0f49e5fe55b6ccec551a33efb5836737f01a7a260e97de754afcbcaae139ff5d74d14ce3d65824d35b9e1577eab0810428798e1bb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5e36ed447ca9c3ea3935fea7d457504f1
SHA1db59b1e27196d6c1e5c8ab5205f49775008ce3e0
SHA256a41c8519cd75652a01e6e114f28b339ed8772d99825910ec385cac967b1e26a8
SHA51217a7e79f75c68c2c34c540f2e11a5abb523b9b0cf7d6146f4e6bc6e3a26d95588ed54d3ee7acae821620f2251867483211f0475ada7ca329d6d57c5fe7d8dd34
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD55f72bf4874f7670d261c85458f2eb39b
SHA1c62bd7cfbc935a724e7a6dc3beadc3063698bfff
SHA25651f495460d179412e70c76c730884fa7e03216d11d7d8ae205b5718e92d67997
SHA5124b1b13d1ce71235ddf2fbdb74608dbddb15626bb72e9c34ce7d85d602735a3180d1c87389a36c12e5986b84b5555f9541b864b180e124c881c567688a3758257
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD598b3d85aea497b0ecc82094fe208693c
SHA16b19f7ac414f0ed36651b921e529b5a46bbab870
SHA2561312a2561a93d5a360f555db04199e22e419ccb8b3ffc8562434ff08f00139c5
SHA512db2adddcd47ed57c0fe5b05e78828448cedf92cca40c165a2bf57de687702eff73f0e934e6ad115d75653fc5a9a993bb61fde23f6330f90eff99e8c28a51bc51
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5f0f709d8c9c0c6e9167aa9abbe0e72e5
SHA1051cde7b3a9cc17edc4775d77b927ff75d75c1da
SHA256a90d9ce58f7fddb72a0157f1cac4b061c79fc37319557fc6297fb8dcd9da2e92
SHA512f9c6444d0afb4fcddb7d97ea833c3ac7edb1e6c9d32299d05e5f626641bd1b1f463283f1ff697f9a7f9b7be180e6f8bc1ccee4e0a62b1ae5f0c0aa89983b330e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD55cd5eebc7dd522fa0b7e82d0374a7a5a
SHA1d96b408af48a9b185f524b1f7e9473c32a141e0a
SHA2566dabc132edda78f2b59eecd12b0518579d1fa3e5d40b44ff0879601aa91990eb
SHA5121aa18583ae9a82e38a2dafa05a2fb64065bb5523889bde2e90975412347112282c1b259df2b6d605c8f81082d98d415c61a2062b14dfcfd0d7182b2d62d3a3a1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD50271655c18afc81c1d96c2f8e20947c1
SHA19ff9a78128698382bb898374e46d985e0ed15b0d
SHA25651434494b6d6285a2f2d95cb8cbe3bbbcc0ee2a162b4b0ad7c7c78eb0d1e6128
SHA51248fc6805511aabe3e9abc87c2203a37f764b589e8cd0f57e9bc5328c1d39f4876364619c87402bca6a5738cb645a0ec27a9f6999cab25844b5f9928e14cffe1c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD50bb65fe3952352f03955c0e6944d7c81
SHA1496d16d14ea1f7c008fdfcc0f4df2c1b063d8e25
SHA256996348b58e75e20d42e781481ff6bd9ad82287de9bd573f1cb6340efc919cd50
SHA512aa06700d6d04c7d2a555b82a4596a4d3aeca125f293d5bf4186cb299351315c273084e0fe427bb5e1973fe7a41a07c9524f038c60a05d3782917ea6937ac2a34
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5e0a2a5376a0bca5421aff45374c2d097
SHA1394175728c13f313857df260c74e44680b7bb7db
SHA2569ee7e6d63cf82d4fce5b9d9d0717f5667b62fc683b53b9c325af8dce744ae160
SHA512ef1d386657be3c2e26459dc4d93428f2774aad94076724f510fc968d98107bc7f6047375ef1790599620b582c28639dd330eabe646a56b7b5b08ec2de1a38734
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5126d974f3cd908500891376297d9fc09
SHA144427eba006c9ea083b4273463afb6c69594cf1e
SHA2565e96e426e0c7b42135b6e252e68747d47a7afea8486c9258ae6e2950d7b1bf8a
SHA51272fc2e559ce53ed62c5f6c5eaef3db08165b5e916f40b475a0d75b7e7179e69c8f959af2aafa4d9e59350124efc1732048e0e0dcc43f22e50a7e0ccf9ad8f123
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5fb67c57b2dfd41420fa7cd31cb0b21bd
SHA1f4a57b2c95a08f9c5e4435b4a224c47f965c75be
SHA256c8c83e0e12487194852837db23459f7ccb742f7b2d94cc359bf06e0a1ae05bfd
SHA512d84b9462f47ebfb860f95bfdccf95c2751adb17d0ff6099f37fb3c11db5373935b0b36a2d56709ac95d3b778e16a43d42bbaebe911c2fd5c7302042609f9ca49
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD547bfed768c66e24203a613b0f8e58bb0
SHA10fc3c0494654b2d60052f88a822f6250b4b692af
SHA2569a51f5c50fc7650bd7721963591c838179286463cfea2d040393a2e667ae9688
SHA51299273e5ad40b6832988946e793647ff4bb6d3119c8808c4d125c631ee82faf09eece1a52d17ba4a149708ea31a67d1b54cdb0aad3c669898e6516c992b49c582
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD54f645801c394b89394f1a074f3f26a7b
SHA1ad514ba602c580e5815642e34f81b1854450acd1
SHA256959c796866a01a8c79b23cbf7bf32e72054601074186cfe0e084ce164fd8d0fc
SHA512e5beb0a7852d90d9bae1fe037265b879f5f9b32f5a1ec8bab291478985b0a907b71545ba90c8ae0ab4e7aff19f582571936b610efb850dc3799a2ad68e705187
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD57c83919c251d0791fa4dde31c3f0199e
SHA1cacf55ccb7dab3b45709cda71581cd9a9f496a78
SHA256ae8a11732fcea1e73cdf5286739b402b5a47b70e74dc704cba313ce86397139e
SHA512ed3a1794123ce85fcebcab9877de0999214041700bbcc6417e3ede79a29639572d952356be9ec6eb7b36808fd8db5f13944c990909b2104f9cced16181423dff
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD54fb654869926914750533c5f179ce598
SHA1f7d9a38f64c9e6f703db54c06cb449fe42d4b555
SHA256baac67108ca5a9a79eccfe21f5e3dd4d90221e72357773c618808d34c2aebcf6
SHA512efc88f7a068fb2e5bcac7191edfdd3891e39a956db4f0603ae9a578487e7bb918fecbee5edb393937135f57aaa987f9c384c7ab4eb96c333c5fd211f68ca6250
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD532ce64fc620f397591223e774401c69c
SHA1838283e36110ad4aac848baed193321b5fcb4bd5
SHA2566625632dcbe2c7295cf8abeb8946853eb3053b33534dbb6dbf765d42633247d2
SHA512fb12538108d5f1663d6ee3fc225ccbae8143a919fc7acf07f388fef81d912c936e476551743459f3ce2cfb8a0df70979f878dadaa8187d28420fe4d8d567fd69
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD593da3630e54eaeaa2dd3bede99ff56ea
SHA1a26947b1c85e8a4d3553b8c9338637db60d02016
SHA256163d9d1814ddee6ef5d24006da0e3a6750f5ab545f7b74111cda884aa09fb9bd
SHA512acd9eb67b3ee964df11461bf8f698d53949986016ce7ba8d07e7ea88c698d6bfa0b7c11c14595efbb2612b6ceb5969a81fd28985579a1bcf9ea63a0036ab1a00
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD52a6e0b5dd78e4653c56629d62a3599f5
SHA12ef87dc4005a8f719c1e3ad6b126bd1bce6d2466
SHA256e8e0f369091f9b850db14d51a52ece94edd1869a2ca6ebdaea3322070662285f
SHA512077c7639dc7cb9e9605873ed9b353001cefe96b5805d8814980469a8402f990e44a7c91ceaefd172b3605a507fa2fb014e8b2723f709cd3da7f3ded66db584ee