Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31-10-2024 07:50
Behavioral task
behavioral1
Sample
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
8259b40a1d153db2118bad30fc331890
-
SHA1
8f51838c8a465a4ff8e7056bca2ade19e7ebe924
-
SHA256
5fe34d6176c29dc12f487d525fdaf589ddeea0f13521a0a1ce343dd84da81bb9
-
SHA512
45a11dcd21278cb499c6230c850a8e2bb1850b4fdeab05daa82a992ff063efe0b49b2273f9f9f5cfe2c37fdd45aa435668fd15e4b08be94dc2691f66bd9919a9
-
SSDEEP
24576:evxye+c7AXht3A0pt3ctzMA4rbr32bAgAa6Au9/oja2S3Ltx0rBeYVAe+AB:0Ye+cExRA8t7Aibr32bti9/oO2qGrBB/
Malware Config
Signatures
-
Detected Xorist Ransomware 7 IoCs
resource yara_rule behavioral2/memory/3516-5149-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-5148-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-9965-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-10995-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-11318-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-11333-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist behavioral2/memory/3516-11339-0x0000000000400000-0x000000000064E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipmi.inf_amd64_310dc613a7e31ec8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic_shutdown.inf_amd64_bce6891915e70bbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_6f327fe9ac4fdb28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lobbdggilooaddgi.bmp" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/3516-0-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-5149-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-5148-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-9965-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-10995-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-11318-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-11333-0x0000000000400000-0x000000000064E000-memory.dmp upx behavioral2/memory/3516-11339-0x0000000000400000-0x000000000064E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-96_altform-lightunplated.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-2.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsSmallTile.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-400.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\LargeTile.scale-200.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-125.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-lightunplated.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\redact_poster.jpg 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-2x.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\154.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-125_contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-400.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-200.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_en_CA.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-125.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-72_altform-lightunplated.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_wob.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-60_altform-lightunplated.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-32.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Info.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-250.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-32.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-125.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-400.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-fullcolor.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-125.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dc_logo.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_contrast-white.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\MedTile.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_de-de_3720d8aad101187c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..mon-printexperience_31bf3856ad364e35_10.0.19041.746_none_753a35e56850cf18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.19041.746_none_5fb37340a423d88f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_net9500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_1936d63a0e504b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.546_none_0da03799d18153a9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-gb_0b85a8bb8c7e851a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_buttonconverter.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_867fd4c490f3784f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_35c83de8bc93c841\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..rymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_e43068879eacb4ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.powershell.dsc.proxy.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_fd02813c9782ff3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v3.0\WPF\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_10.0.19041.1_es-es_2d82311f05bd85c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_10.0.19041.1_de-de_12f2bea8242145aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..onssettingshandlers_31bf3856ad364e35_10.0.19041.746_none_5e11b383da65f363\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dafipp_31bf3856ad364e35_10.0.19041.746_none_3d96cf2152a38197\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square310x310Logo.contrast-black_scale-400.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netvf63a.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_236ae9ae1b6f8ff5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.windows.diagnosis.sdcommon_31bf3856ad364e35_10.0.19041.1_none_15902374653bb7d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\wide.Personalize.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wsdscanproxy_31bf3856ad364e35_10.0.19041.746_none_6565ac8e2776555e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_it-it_c04c880458129008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-heatcore_31bf3856ad364e35_10.0.19041.746_none_c56105f0f16631ba\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.io.log.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_497a870fcc184d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-vault-cds_31bf3856ad364e35_10.0.19041.746_none_d55f82ec9a67f2a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1202_none_72f9f7c7a1b307dd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_product-onecore__mi..p_src.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_8f7f0eb716bdd67c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_f57534737531afc6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-400.png 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_856b80150089f232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..spaces-spacemanager_31bf3856ad364e35_10.0.19041.1266_none_bee3df875f7e71bb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_10.0.19041.1_none_936e9100bef798bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..u-education-license_31bf3856ad364e35_10.0.19041.1266_none_698b5e99f49a9026\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_uiautomationprovider.resources_31bf3856ad364e35_4.0.15805.0_de-de_6c27c84694238187\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..pellcheck.resources_31bf3856ad364e35_10.0.19041.1_it-it_6b366c3db45920e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\startfresh.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..in-tools-mmc-schema_31bf3856ad364e35_10.0.19041.746_none_c9b01a9beb937907\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ispbroker.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9afa323d108c8233\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\431.htm 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_10.0.19041.1_en-us_e046a08c576a4fdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1081_none_eb97bc1a39a37318\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..agnostics.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_44be1c8d47c160c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_10.0.19041.1_de-de_5894d6ed4ad486f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..stion-resolver-core_31bf3856ad364e35_10.0.19041.1_none_56ee995a0f9b0e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft.tpm.commands.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cc1305a352d5e7c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ComSvcConfig.resources\v4.0_4.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..access-userdataapis_31bf3856ad364e35_10.0.19041.746_none_e7d71f7a2001dca9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..platform-input-wisp_31bf3856ad364e35_10.0.19041.1_none_91652ad0b089c75c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_aspnetmmcext_b03f5f7f11d50a3a_10.0.19041.1_none_41612d6a2791e7b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.servicemodel.washosting_b77a5c561934e089_10.0.19041.1_none_7ef7b04a725ea502\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_10.0.19041.1_none_c2a7679e74f61c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_ca50a32caa12ab10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..alenrollmentmanager_31bf3856ad364e35_10.0.19041.1202_none_1a780ff3456b7bcd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\enterpriseNgcEnrollment.html 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-alacencoder_31bf3856ad364e35_10.0.19041.1_none_d11d1ca01670087d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\PhishSiteEdge.htm 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pshed_31bf3856ad364e35_10.0.19041.1_none_11e3f0d3cc72158f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..tingshandlers-mouse_31bf3856ad364e35_10.0.19041.1_none_ac28a988f4f92e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50efe1c272cffbe6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..l-family-syncengine_31bf3856ad364e35_10.0.19041.746_none_3d09280cca1026c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_10.0.19041.1_it-it_0b3eaad9661253e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FCDVCIFTUOCAYYN" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\ = "CRYPTED!" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\DefaultIcon 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\W0OOr53bdpHuPUI.exe,0" 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell\open\command 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FCDVCIFTUOCAYYN\shell 8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8259b40a1d153db2118bad30fc331890_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD59ba4aa1ef69353742a8b3e41dd9fc5f7
SHA1eb9d436ee4e197443098b420bfa6e21a29932e0e
SHA25610547fe0efa10a92db0a89de02a8bbcc11da7cf1bca312e06e512131c0d41fd4
SHA512b4d8bc6239d903252d0a5be9d27936369a192483542e275df84cb5ecd2c4fee7f904692742317bd495fefd669a7cbabd16c554557a8570ae655423dadcd8ea0d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD596a7e4990c40d59842971ae9fc118ef9
SHA17e64f67c70a1fc60255dd8057def6e734a10a611
SHA256d5730d353fafbde27a21a372e4f318595d46a2e03edd5395b055a13197f7ff74
SHA512ffc8bd41538582c4c46177ff2d04902868b284065c391e7202d4b3db30e3dd36b6470e3b2ac60aa113879dbe875c7f15036074c4cf813c982dca6320b6071ebe
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5cda767f35a7389178eb0b658cd1f96f7
SHA14d431583c7d77b3c593852ce5173fba8414d0f09
SHA25614767fa259fec1520980adf23a7fd41af7c6585e6fdcecf36c61fca1fc8fa158
SHA512d2acb4ebf355009c40c68dc789c68eebffad05840fec8629f111dcfbb0522da3d67e16ddf06bf734ce362011722c4de306140d35a1b91823d77f1aa194f75da5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD59f4b529f292dbc9d1d493e72de9fe0da
SHA147a4fcbe85a230a3c9a0d576188aa3dd1a796828
SHA256bd34e5ee839ff4babb14a824725af3c0aaf2822906486258042686b9f8ade703
SHA512ca67b7f9b9df7ea77ff753b800526ced6e80231961f08a62b17dac8ce56fd5d0b244245ba1b8626290ac92f8fb10b412436ba334244a83b5c8e5b968567cbf36
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5dcdfcefa3e08fcdc55881a739da90784
SHA1abe8330045b91acdbf6681093b729c5648ccec16
SHA256640bed9e3c684d3dc9ec6a9e3603e288d7571c05059928d17c041d64ca7368cc
SHA512ef23b955ea3213dd6156749e0765fc3eca1f1f5227959781ee98fee6656d45ae672c44afa3b55c6a634d247d414af8ce590268995340565fff6fa500c3d6097c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD516c38d711f64cd6c41435b9adaaa0000
SHA1f92dfb61cfa6ef81239210b848a8c2d0f59ee89c
SHA256d616356d847029ce416014749d5a80de4361a19c5e25554a4a4d2ea841a30bd9
SHA51215da33b73a0a09872bd8fa0cfc2e929c0e0558a2e75a8b0ddcc521fef43edd0e8d212eedf27339ee27f3c9b616c1265ced439baea1b8019be39b0f14a1a6eaaa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD514ebd45f5ce19f608260417896689987
SHA1e1c3c31c87fba9425146a07dcdd4546e13274828
SHA256052530f1db35b84eb77a256e4bfd08830b586b9a18c1ab71e030c5a5148d5e82
SHA512c68d34e0e937bbe03827c0c33a6f4b3fda424321a2640e4f3f204c814b3237fc57634bf0ea5ebdf5d5dd5e4d8331dc543c424e957863d69d83297ea7b259c013
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD55dba8a7154b58775c01eebe189ee9771
SHA161e99a7e63e52aa439da678bc621015214d75718
SHA256f24a9c83480243fe0645734cd363d4869031e9ef95c4eb1b978186d205bb9902
SHA512f5333a48cc333c870e172398981da9d22f0c849e7e37c77f1ee412b108316dcd9d81d8f71d6892662d560301db80295aa572c3a29dd103a123af6cecc5a2072b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5c2c04bdcccf05cba77a4914314a19d4d
SHA1b7ed9b6d0527293601c713ca86b46316d7fe70ca
SHA2566cc17c25422454e966f28c2d346def8dadbcf30bdb8c531b2fb0742d5e38b200
SHA512226a0f9d0eaa7871161b57567e9e9e72b9b13aacd28d9c6f3ad0545edef35d5c09ea4132474e4112c1679c865791989cfdda473bb67a90a43deccacd75477c3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD504f2aad7b6c50334dda5d769ad9d7fc4
SHA11b8e63be189e975c5cca0d90931b0bd320f0a4b1
SHA2562e00f24b19f5fc437e3837dde2cafacd487749e4170b21737d061eb060843c38
SHA5125116053f53a092b04c6ce73200bb40abc3613eba3353c7c47a45dc3f9f7650bbe949ff5bdfa6a0f38b496aa6552cc0f5cf894acf4205ec6f8f4cecd1d29c57f4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD52d61a7264b2cc38ad299859bf30513d2
SHA193e7bdcd6cb0c4b02ea15b0ebcdbead455b19a33
SHA25670588f7ecc8e7712115ac4e3bbdb4cbec20ae353cd1fac68d28cea5ef8fb7894
SHA512dbfbd212e60c36722ee141b9cc07bce34316917fd3598db4a454b345961de6b847151f5436396104ddde356efc27eff12a126c665a2bd58e62ab8760fa817359
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5718c35d785e76e59307f63ca371bb6d8
SHA1cda44c0d5a725673ff145b6a3bbfa155e57f2484
SHA256dce99d5811fa2b6568db293a729ffdb76974acffe20369e58566336a80b1b781
SHA5123b44df8463723b61044e5c658a74b4f3ad740c4ccf7b8a4b19ca27534cf64cb4c217e6854b56c23771a82028625dfab5eb29ff64a053bdfcf6a8baea3edeb307
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5889d2293e35f213cb9fdc21cde36fe4e
SHA145e11b9b48931c6c8844d6b99a7d495f69735fc1
SHA25698d1e68404d70794aba754afe88eebc5bd4cf118afffbc8d0cef71993b8670d4
SHA51236ca53cf668f8776792ac11d2ea9b80bee2de638dbe99c40d63d8520734732980ab07dcc6dab11a8dbd0bf2842f719de78f199a8fb49bd4b4d31708ff2247f42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD57999a8f5a26fee3522f48bbdecb87af9
SHA1eebf61e147d4807cb381646c10c9fefb1b0636db
SHA256eb825b492be1daa0f21cb0b503ecd3b26893ecf835331433e4fb0c2c3f5e8782
SHA512266639f3a08be9225cbb9b072aff030a0c611daed7d0bcc23ecc7ca76361f163c62871d9e62842bc3e72b648d37fade45f941716ade1778d653997b7963e0dd1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5a08d63c676c35b65699bf62ba10f5cdf
SHA1cfd644fc47e4d716c70bf881479517474e253f9d
SHA2560633e1537e77c59c102048a99262f8f31a0a6304c9ef17a73879aae3a92ce834
SHA512138a85df52492e386fa4552e6c2e59293922c0d6eac9c2d411a506d3409b60f675970a8d7dacd851c3fb8db109650cb13f804e87c18db0d02ed8fd6da5f2edbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5f868b3610ca3cd124391cb5ed873e12b
SHA12a0f8f6c0ed40c49eb2d3f2655e9443d836e27d3
SHA256204005e11f61c8688082192d533ec2246823315d4b0472b36ecaa23bbc638cc5
SHA5124468429f86abfff0b3aab09eaa0eb372ab2b9b805507187e59a86b2eb9dd6b2f7cd8e82c6f2335885747b6f0fef956682305b551d6d03d95e0a54d9505eb4a70
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5b61179d014558da0fe865c34d3894df8
SHA12b3aae3e5a01f11ee976b4aaececa8a7f08ad958
SHA256e0912b133bb58855e3748cbb9cc73024fd228cfe6f32af1c6c6cc40cb47fe53c
SHA5127f377e071294134c40736c591a591da7f31580dc1d64cf2443687e3995f30c315c06e2504eb7a4a2f5f09686c47db53f7a8485c41808ede9af61c7980d876434
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD51843085ebbfd37a4ae7d85ad67660066
SHA1e4fdbdacdad6c0af3cdabffadedde25a6eff95e1
SHA2562bb71dd3bc78919fdae07af84dae197a432d51b217ab09dd9997151e6185f22f
SHA512200c2bdd32b50b63cb46b0f5f6d76368b455867d451fa3268df63991f70539dc69e262f854fe3b3f0acb4d2472e43cce5a8d2ca56c640a7c7d41afb0057d652b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5d0fa2d9995d394fb874a55c344ea8eec
SHA1c533410372a90c7cdf5e76d2d5650f6601ae1d16
SHA256343899c54bf078cad415438f27f83440208e7f46074713345900dde05605c3f6
SHA5125e0f068159cccb98c3f05b12f6a98e01ea6542ba60c32f98fd97bb8d450e19e52be1d751381c11ffbbfb58226303cfb1f133319e0eea2dcafeb95a84bec195e1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD54b74e1b03ff36a96e6b3ab95d3e1e81e
SHA10a55a891e0316c34f9d0dca329a701ef7bc92c4c
SHA2562b5d79a3b1e44d2c540557dd08c8f7183e005e1ea11ae1ec0d9a1a019d8df434
SHA512bb9e7e378a04613d39d1ffa33f00011d66228054e0724eb0f414740c28c2d597ffe7f57587f52d293028682ae2d60ee51ed6091a8074319b61ffd5135269ed8c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD53692c5720c33a363477f539667975883
SHA1129699afca52b48d87ee5b998c76a9f22e580d4e
SHA25680e1d771c48f5d84eb43edfe0dafb56fbdf770b7a30cd953d84061d4b67453c3
SHA5124b1922887bf836caa583c57299130fb2b24ff7887c0d867a1ef0af8cd2f840b87f3d483b0d8d1fc67d6ee74fe3d41fa9b0409250fc5edb6eea66416bb3f06450
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD57ae1e7532477f32568e94cc633507b37
SHA110404985ab3e894460bd695b2544984fb9128409
SHA256a051332ff853768c3ea06962fd311d66f82f13ac8de44559f3b82c8c41afafb8
SHA512d3b00bd4277067172c749db51090e66edb3c8363bd70a309a5e5fea7a8027a282745b728096789214212924ab6ecd233593f96676228c5358d1ca2143482e5a0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5e0f57c0c2b22b691ae8ff49c4117d946
SHA13e7c27c9af338a2909c05e1b56d28290840d4752
SHA2567bfce4ed9853c9587b8c99db037331e8b571c842f9bd877ab040f205b067896b
SHA51212064e3a225929c5c6fcf74298095ca0285e4aff330162fdf752348b16859f8077a9df6ecc57cfa7bc87d1aa6134cf5c5dd3c6cbc04c6d438e6e706fe7560c4a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD591a0bf21558ea40d5dfcab28b53319a1
SHA133d2ddd705b34d1ad7f764f1e87c0d7a43318a51
SHA2564ea617973d9bc08322a3edcade3e6a850fd26e294ebdec83c9f854210444b6c1
SHA512ebfc67e7ae824021322dd6b57a2ca223072035d0631be8981021f61eb213e9d2f41d912abd75b0f0ec0509d77d98914f6c06c8869cc04f336436abd156feb0fa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5c3234dc18daa974c93fe043bcbe25793
SHA1b79b76552038066d63954fdd2d09638239dce7c0
SHA256c70eb5d66d193bdbefe8032f021d758504ee008d13895b5c81332cfd8f76f484
SHA51277ff71b25072e6a8d99ced41d4599887999ddace66791c93c12cf14489ca98059da258525781485cc0e372f01ea284123c8032ce2047f9832f1fa8cc03774ba4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5eac708ebf51df195579f66f5f7a8d25c
SHA1862351a1c7f51247965efb5e0f0d8671a7bf3e75
SHA256f85f5d55f1748d859b071f4f68fda5fba963fdff22b400a93a467db95b017adb
SHA51223f1a79dffaf1b47d9c493ef8ba5fac9a4310c79be0c2899e4019b1393e7b351c6defe70a2313963d7a2c44cf72ec9c2d743c95288b2b188f6d43a7e3656ab49
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD59ae75145ce27bef411de169993d893f9
SHA1240bae49ef1ec548c84f63e166705e92a1cb8168
SHA256648adcfc74a13f75f196276cd75038117c53040a25a87653bef915bccec208ff
SHA51207bfc842d2055f2c57ef0ebe12025cfb29a5aeeea0afd62f9dce13a72c4e25ed6b23cebe3ec4907f792d545abdcd8651aee6ca651cd28d9095e3d3dc9bba63fd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5b5b7f321bfb5ddf618a3a4e53cc48f3a
SHA1749a306ef5062a7907327b5541636f3740ae9e8e
SHA256801222a7319402d55ac1fa6155de670e7d5e7b103be86b65e68d7d0bd114ee8d
SHA51268f9d626d38ebf83e1d9ba6d44bad1ca8cc560da31e383a64b488736a79341c92e4afca8b3dd54b398330a7f98c95cbd72aac61778d4d5a542ca79c61b64ce2b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD575dfd25d747c087fc27e71d1cd7eca20
SHA12e5fefdc4db0f0821f80d47aae88d2938bc804a2
SHA2560d2e84158a69c951bf88fef72422aae9abcb792d952ca4f4b3d9adff385cb23a
SHA51236ea235111f9b0a36864f66c8f3a8225c70bcc15e05c8e2b06b5a7a7cc151242b578174365b8ea17d0c2b86540471afd561e09cb1306dee120533035c9e492eb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD500c8a58cb68ed1827c7036f144496eea
SHA1000b7eec802d36c194ae03faf2c75aa62d1023b5
SHA2566da963de21f24a99e5c64787a2eb84dc1e9143d7ae62eda078ef6985ebff3d72
SHA51230be2ad662b96187c971504fee8922094d2babe6a340497de4ad70bbb9aa62f256f61174ca06b98dc6df3f6b0e2e130d9d5a6ab2ce6d677b5dd0fb037b32a8ad
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD59c391030943fa08f94f2d177073db4be
SHA1436c91d103afbbca95cfd3867bf51e299e106d4d
SHA2568d4adb8067e69b8f284fb7aaeb2d364fba0089d47e0f687ea790e86deec4198b
SHA512d363f606a14616a439d350ac6730d0c5739c51e4479acabb27f3e039057a1f19663fc7d0a749c731950556676418d16d1113294751ef7ee4f2457878cd0c1a8a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5d5d6deedf24ef420522a5a03f38ce6c6
SHA17320d2f07e4071819ce35dde51691b638b546119
SHA25637661451356b23999f9aa437100e3a1fdcb362b586cd23971674a3d737c205de
SHA5126a6a90efcad71c8e190d34dfaee0fa4738ca9a0e16ccdf7b536b678019ac0a9f4e46b6e2c49ac4c1632a209bb9a5406b29088baae7fddd2a39afd214533afb41
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5ba364b2fa08a8dbae6c746648d110dfa
SHA15bf165f2bcfa17ba279ce082814d57ab342972c7
SHA256123a0ff54e60be65f365e0c390734dd2b0be66524239f69c778b0747d7b22907
SHA51207438599ec57be3923ebbd5d4ac39673f68661601a51d60aecf4ab0be5146974cf1856674c97e760b884c70a4fb119ce549f421a62890c5aa93590f0f321bba6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5396946027484a03a845753cc58093bb8
SHA191690e89eddf9d60ee72c175dd26180254763eac
SHA2566d6c31a48d9bbb816f74adc6a484a7e00edbcb0ac16a1042e811a6df1bc03801
SHA51288401842cb573d69a36756acf551213fd398046acd16741acb20f9b1d7e7e52d2c882b91dae2f2fdc6ab4c7bd0a6812787d53643ea5be457a60c548d4fccbe1a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5fc3f2edef8ba2ac156069687c161a90d
SHA1655f64b10bb85dad5074d2728c34ee74896d30ea
SHA2567b7ed762c4e7c84056ab9819b9a307eb2ee23c6623be82100de3600d0b6a6835
SHA512551d761c431dcf446681cbfe6488e8ff7263172f5751b2646a12b6575a76ef02139ec18263848085bf3664e351ba0e7d2f52111ea32902f7c219b2f43f174320
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD524910d90fe628560d28c4bd500146c5f
SHA15f642a75726faaf4bdf663a2205aec51cc472511
SHA256e8010f4ed5a4c8981c913c2dc8c20413730254690613ce3ee88d5923fdbc8876
SHA512a5480fececaf593331cc38eeecd8516684994d08eaaa27a8ca3375c01f1687c98aad8b74db4e54040d37e5a0516cd4e12cadedc2ac9a69f5d764bb19648f2dbc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD57437b8cc57d93af512f3385db85c18fd
SHA1eb4f5890255b2b88111a62de8c22dc0fe7bf0a33
SHA256d2ef3b130d35f6b6c3ded4a8fdbf7c933211d86ea3c578082a609fc54ab6bbaf
SHA51296754ac7da79e83b1bb569d97b698000e66de67a396c3d94200d029eb09062fe185dbfe168cce4ec8c10f26d0bc3e825d01d5055e1ac563b1808deb60784c811
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD575311d0c675ca9fe1485430c4066835d
SHA1ee206798f60083ad99c6a08563dd403e3a50dccf
SHA2566879e6eebb09abe21f2c41f3387539efcaf5adbe3b0011bb7acbf1ebce6238ad
SHA5125dce957b049ac0a3372d8d78549f30ad59769ec4dbcf88e9403ecf0c0e7f69808869caf8fc24f83af6dd07b9f6820756f7ce1dc960bf0ae3f9772272a49f62ac
-
Filesize
305B
MD57ddf4c6dde57dcb17565138cf75cd5be
SHA1bd88de3e907e1baccf5dce3ac2220d4a957f88f5
SHA2569d935365e2e54fd8ce1d8a0777dd20a21d8fc2d82d6c5d1e3bc4fb2d6974b83d
SHA512ca44dd6ffc3f71107611b5c96d775fa84f55368cea9143d6c3f6ca0650a0a1e55101820bfebbaea851dbf601c58c1997a0d4803b3b500fccb62918aa515ca08c
-
Filesize
153B
MD5b15613819262e8da55c23e43ecc3c898
SHA121e6f8a76f2df801f5303bd85df5a978764d54c7
SHA25644418d68bcceca5c1c3c21b36beed282db7fccb2423859093a7af8518149448e
SHA5128e929b9c6cd8c7fa9a48f857faa81e133a56c121e15c39b76e819e51219ff42d7c06fa13583b8dde879e2200eeee6820bf635b0fe2ecddf8f3c2c3254af71035
-
Filesize
190B
MD5f84af33b45c778d80093d3a6c74c65d7
SHA161eda953e120b6fda4287737669349cab943d3db
SHA256f1fec01ac9fc13269b7c89d037a2a4a8e794468c3035a0e5b55a55f3d8fbbbe6
SHA5128d1481a3f3b00da59cd347b4b1b712e7bddf4ee94b1c7d7327c09b9a7363fe04040b02321161b32f0b1fecb75c69342fe20e33802ddcca8c23b5820be6f6a68f
-
Filesize
190B
MD5f0fbc733ac182826117ce4a1ccdac2d3
SHA1aedabf651a419ca25545e5081829e6fbbef46c3a
SHA256bb9a6971cda165c71fe66837df69c76c082e1ad4482f73718ae6520ff3e2cd5c
SHA512aa911d21cd2dcb85fafc7b9f3dd708aa15baebcef50511254aa1f37bad1f3e456115872000bfd86de6e001b6c3ac3d611d9d74d1222f152091fe6486b147c3d6
-
Filesize
1KB
MD58363cccee3769acc2697a3498bf793db
SHA1ad04b1edcb77d47ed5bd79d499b5e8d3cc7c5248
SHA256c478fe73ce58e316bde9eb0a9f85f27423a4aed7dc2324b3cd4eb0adafa3080f
SHA512c2432ac2d9c833b8393ee7cb26d24273fa9fbcd4843f926c5a83bd965dd3e821977630b6400a93a31a18b4566ee39e5ae9e20518d8bbe86b3dbf2f2ca7d145d9
-
Filesize
31KB
MD5e548d063f1d9b8e10928cf9ddfba7bcb
SHA1cbe2a17a3f0bd97a3a3e7d96a693df74a1fb1d07
SHA2566753b2573ab748777a0f772928dd5fed26b8d520f10e475ea9b3cb99a37f2394
SHA51263dc0a47bc1611ada89fee31479ebd99b702a49b3a238d0bcdfa2e0efe916521dcac718bfd1cb2a826a50c6e5361ba73f8d2dc8b980956a5778af767845f8ab9
-
Filesize
34KB
MD5d94b7b2c12bfbf7ba4cbbc5ddbe1a3aa
SHA1d4b198f3cad2c9ab6721b2e35f249972e6b88934
SHA256d16de258675878191798d873ea9847780d2aa9dc9c6f757a601f49373cbdbbc2
SHA512249c23e8faf2b185832ed490e0259dd19b46ae23f6c49b0953f0bf3b638723aadc6a4f55dd2e9c007ada3188e9a4784ca258e052df524e231a263cacaf06db07
-
Filesize
23KB
MD51c0bb4957199ee048093fd1979fac352
SHA1dca9b509c94990720940c3be23fcbeba8fd561ae
SHA256cbac829817b8361acb86c25b364093ba23205a7f711615d63d6b7386e28a6279
SHA51250da2347c266e077eafa1091a1e6db7be3f840bf3c68114e2c4a9493497b26ed878329af56d089809ede9081838fb93b265456ca9bfdac7c2dfe0e7cb8ab9456
-
Filesize
2KB
MD5561aee08a1cf6990aa1b1ea0c1239f1c
SHA192f4dd6a7aa23d54e5229642cfae6425a64b1ec0
SHA256fb622a2b44318cd487af8d662f5c3a976ab65abf35cb9cac50c6c1c56dc787d0
SHA512de963b61293c05dd3a1b4095830ad17f97a0141791424b49ab9275e96fcf5293740f4f2100a11f559752cdcb8716f4ae7ea8ab64c0bc4053fda19ff9a8d397d1
-
Filesize
1KB
MD5b775ded6679628442482b433463a7f17
SHA1a924d8b285d59fd4e5694d77fd1ae9d6ee5e75c3
SHA256e48b8cd46fe5a36d942f3a2048350b588a0e5a9572d7a39289118db27b46b71f
SHA512505a314505f48e3a1e220db8e3965c56c693509a75d392b55df6a85e6d149f00ff4faea460d153449f2468d131c9ea185d61ca7e92f541fd6cbb4c7b7a98030c
-
Filesize
3KB
MD5815e8c803e888018751c04b0ea5ee0cd
SHA1c22506ee8643b8ac8700500b84f2641dfc336c27
SHA2560e5d1e56243940b8eefc820d9477a3bf5a4baebd71a5480b248e7fc8f2ae63ae
SHA512cb197b714ef3cb762a8c541e9a0f28a723c59b59a5e9289a53f287f5067ec1a9fa9d128de685c609a0959582eeb90948b192f4a45bc513b3d58d59de48cfaa3b
-
Filesize
2KB
MD5bea8e73807388c666b33b8706d5abc91
SHA1b4a0623fa4597aa37bc6594d894f4381e8fb3759
SHA256b0403df521de29cfda07b79610c69ed1e5daf31244f43e21a1e18555c87a7285
SHA512e9a3e0d92f94f21d7a285ff79f9b83b2e3bf383a397791c9f41e8f47f59003c4d2269e06ef7c6c5268605a02115971faf43322bb9743ca24ad6132c659a96378
-
Filesize
5KB
MD556ea54f5af7c0eb7398463b79ce550bf
SHA1cde90df814433197ac22828b0682c719e005e2d5
SHA256b219c4807386ade89949572565cb549ff99f187745ce66a5b725af7cd2e76b8d
SHA5122ae131ec54aaec6f3ebdc5ad2736245deaaba14c402077e3052b5575e11528355dcc9077913a5ba568c1a4f359ef32b882cc5220caa527903528521e04610918
-
Filesize
17KB
MD55b7f144af9a99abce22235b7d2b0e72e
SHA19bcf1cc7d021c486b7f850fef01cc4a1e2640efc
SHA2567799b119a5ea33101e2c12214d53671650fa2d62ee779a9155e58350da6830fb
SHA5127155becb110c3e31fe7d75c5923af4ef157c2ff5aa60ca353bcf247878ef314d6de7c3896e941b5d74a95762cb8d88d3094ad08b931cf5858062e8dfc245a8e3
-
Filesize
320KB
MD5b8e335849834ecfc6fa9021ef39f6b85
SHA1bc75f3ac30fd69e0b4a15a89f4a83db39003d14f
SHA256d797c63c2262811acb954a9ea9ee8a9f48b2a2f87c15f146e7da62afef97e20f
SHA512263dc3eaf0f62dcd4d87d07e3a27929e80d6d72de587c00296ed27fecc631d1aef2ec414043933995f5887b92a867da309c0e6e2bb6d35eba94a72b7a631938e
-
Filesize
1KB
MD50a6cb88ffd6e846badb7a3304ffb7cdb
SHA1877789001c5b8a5463a8bdafbccac0550fbb7ebd
SHA256ddf8400df5dc99d871d8bf2b3e3136718d5b8ed35687e2c8c6bd77923eb29c4b
SHA5126cf722ed222eaf26b9663ccf0f8aee5f07b08dbfe357f982441aa73340ba6a66b5979449a0789ba982f61c43ea4c5cc0d51ae656c8f4e2aa9a2c249dd10b1e2a
-
Filesize
10KB
MD570ae3817fcb91747c1104faf628c3a7b
SHA15bfdc6f3638ac6656ddbaf44b5bee89291e4129b
SHA256a964ca2f0e79283b0091075bee3b15b65322d738e295eef8b0558a3a2506d841
SHA51254417bc266d24f496c5c1f3cb168ce1a120ad646c65d91366542a8215ea0a4f43b743c6f51643a46c2f018601013c3e13eddbb942fd964b1d04821ee3cd34fc8
-
Filesize
3KB
MD594dae33bc6c6489c6fbdcc95e890d031
SHA14e023dce0260a58ba4e3e58c9dd55d72b107a1d8
SHA2565050de90eb7c4709c880f66adea117d7ace45c85017cb49b3f599679041013ec
SHA512064c5a140d98fc0888855811ffd4584627498cade0190aa37aad3c29676bb1e7a66974fcd40d0a6d3b835f8add6199ce2af4af53d0fbbb53e377c318abfd5cdd
-
Filesize
162B
MD5ea91e0790cb522bf3350d203f9be790e
SHA110efb10ef41a0f59e8ddad8212d2757c207bcbb4
SHA256033ead1419b4b988dafee4a41dafe335616e4c9e7b0c6bb7919e30deb1a6e33a
SHA5129ead6fb39f9446104a2ed612d10e526867105bf920ba44fbd64e51813c5ac22c2d39d7388c15f6a3f58d9eaff6f43598d0ac2d742063cc0dc4d34fd552e3d17d
-
Filesize
1KB
MD5d2583c998d1694fcd4e5f7ef4cdf8025
SHA1f6aa2906f276c6e7ce24f2f67c823eee6c9e6e7a
SHA2565f5d83e68a9fca3e7bc9dceb34e7d798be093022605bc9057fe2b5ed75e3e1c1
SHA512c9da922a1c4c92ac102e39dfa7d8848de49043d62d590d1551a26f22aa2cb8b88e8c9a5e7de7ba361a493e9d29e1a274a17d773a14799518b49e35aadccc1e45
-
Filesize
3KB
MD59c8010c145dc470697b00e3f41d7d522
SHA1879063502bf766620abbbd1c2039e845c54b3590
SHA2569a3750c580df77e06be7677b2db249becc9fdd9de3ea6c1a43c0b96b7d17f49f
SHA51280f60f1551d827f4d00cdacbc5c22e863b8621c25880b32c5c220e796dae538b5f17403f934192e71f0ae8052994984c36f91a89e28fcd3ba2c3857bc8500c28
-
Filesize
1KB
MD53b18bfc52da53031142ef155c5912776
SHA15e6219f50d7a73dc10774ab5911408eb13c9fb0e
SHA2567702763df9d33779f1a551eca636e0514eaa7c8e6b774604eb011e766cd20536
SHA5121472888c6db6c83c9bbd50123d7e0bb285c5a65aac933330bb252f358b1a309ef359332307333c4fcc7e2357ba881e3b51101a1d5b53e672030a092e6e57cd36
-
Filesize
28KB
MD5a70d5d4c20eef26c47a932812a10580e
SHA1302b83be21954463f75387290128c6170cd5f5d0
SHA256c05dd8d5d4f8f33d2010fb0af56131a03aeeee3a26fee80344f3436bcecf8d1e
SHA512f3bf6ba8bcfed5edf5ee3f92aca6319b426d805c588867cc624bcc39bf46ba83140c7a06321b266af5edf01f1fc31380ae6dcc5286342e759aa5bb8890caf96b
-
Filesize
2KB
MD5ef17ee8ed2e0031303c2f8710426a55b
SHA1fd456a096dee68d08644d2f1bf147a751af3dffd
SHA2560be7b1a58304384e257997af3b12299da5f99dafe639c36d01bfb8161a2065b8
SHA512b382ce8a85a0ae5956825c154b3d8d50bcdbc38b2b4ab633b3a17ddfa61ef7b8e6adf1320b6b858c7dab2f3c6a7a0d5149dcfe148512389ed31d1dd04f16f9a7
-
Filesize
1KB
MD556f6f0e07f65472b6f5ccede052a79d7
SHA1eb4bf1e33b18228bca86b413189e2946a7c3cc47
SHA256d6006d8bd09aca54e52d46154fbef3d33e987d6e56c2c4182397a2042a85beb7
SHA512b31fd24752919a24ce9dd447af3aba67ea8ac6ca4d59c4b31d14bb0ef1d608e52e513c0791b2a8787394abe6e1690491d0e1b27f2d0b9e9f9e9499df5c8b7d1f
-
Filesize
2KB
MD58423ff806fe4dd526b747ab08c4aa357
SHA1b1bd868eec8e6924c560e4f2e9cb02b0e7ced7f6
SHA256ab4986e8d57edfa29e89b27f4511de74e2cbcbb18d13a3646bae4464bdcbda09
SHA51263113815278913b4483f8dd295e5b979b7bf631306fc576042c021fe1f018784761507d8d2f66743d3812c1ae4bf96d23f0a1c3f45c9492f6a8bd5b171b8e86d
-
Filesize
1KB
MD5b9599b8a498b83625020f23f1ca621f1
SHA1f67ada4bb69117198e4f8260f06c546554e77917
SHA2568cbc296bd56bca4a4d2297d8f342a74464279bb664ab312296d3763964cdc8d3
SHA51209d352912840af6475263b5551812e08848947c34f01961e59c00cd30c7e4ae4d1ccfaf5506d6fc60b127e40c190f727117bf0c8e07ab144ef6b0210268e1191
-
Filesize
1KB
MD5dd0bc2e3b7ef4a5275d1befcbe71d82c
SHA1b5333e1b1d1bef1422fcc2b9ed2652a01b669a44
SHA256649426f1349f19ff510f01bf9d9f9370d614a8e859cbf0a305f5bfebbf83ee1d
SHA512d3e9c10164ae738f80adf8640ae90938eecaddfb39f59db8ad60235222d91cd8c6dc1b6c7a89235cb4847a7f8c405705ad13b003770c5c3cee9824fb2714c50e
-
Filesize
1KB
MD5bc67f86f11dd3345839dc3aeabe515fe
SHA1296870d486715a6276cfb074e65293c9a392c49b
SHA25664cfd6c5b13980df5676746cd555e462fd06fbbadba110ef7d51e9642d54a88f
SHA5122000a1a2d41496af3db102eee8c15a51c61a6403d3ad2e23e706be7cda3c7d488092c5d3bf9d51e6ef4fe5cb615cb63a11e9359cc5426b7c7eb1d1d572459b0e
-
Filesize
3KB
MD58ea11b8cc0026b4a9ec0cfb7abf2d8e7
SHA14afeef611e5354cc0bbd6a9b7052d8050d2ce52b
SHA2560f023fb3b06d467bd833304c1c4ef21772d32a6633e02ec2b9f2ca69cb655d5d
SHA512fa07e32aaff702f2a15827fada2837c58087cbfdb2454ac7b763a488cd81431336bde8450631519853d4c678d78d515d02de8545db15fe4476ed2259c64a3044
-
Filesize
2KB
MD5b61a01ad5a7e7fabaf1d94faeeb2ae61
SHA161ff623bf59f206be7d36ab8ee102388913c8129
SHA256056818a3ec619a2e4ce878dadd4f7baca1d13e929fbfca2f2eac796b22c51fcf
SHA512917a1f488b665f90034789c222e13943c2d8f4f02b7f2087a5931eedd92df643bb1fcde609ecf50ad1718960a0063e3e5417ce3eb5a68edfcd5e5c1f09c311e1
-
Filesize
6KB
MD5994a254f506b020632cf50eb90d1589d
SHA1672d0b39d0c4511708a570b81a53c1cc5692e0b6
SHA256b3800997ce864596e3d4bea243280bd650e94ec416b70989c2a97195250a9fab
SHA51291712a66f32f684755358983f330af7992deafdb0d5fdba4f67a30d4e74b9b8df5574fd90b5a81ca0d53738e882f3c6d4bf707cfa2f222a84fe944b84869e44f
-
Filesize
5KB
MD56d45af830a5f85cae84b26bfa15a786d
SHA1b13584cfe5831ac77d33bb53f5337b5892d2e648
SHA2562e9a707a7ba58e26ad3ec912939ca13bbf160c6457439e22d4bbf3c9c4aff8f3
SHA512bfbf1adc8d7334e346f6753f3ee95a0142a48571dbe5d50623b15c979e016bfacdbe00b864e3a4c14621948f4d9b2a913c6fea0a2d33cd8cb5e3d405023b748e
-
Filesize
3KB
MD594a2ef07661ee8745affa21308ddd0ba
SHA1f5664a16e87d4fcb5be47ca6d4574ce605d08389
SHA256588c237ed27f519a7a20883b75717fb675ce85fa20b295c84fc5aa30d725bb2d
SHA512e5acf7eabfbbef60d60aebcc67108239e1a20b2de7500537439cdead082ba3e0d1c43cef223ecdd94668ab7cd40a20dac7f7629600483402699ec858e7d8a665
-
Filesize
2KB
MD5eaba4c646497dd901e7c7f44557fb7aa
SHA1bb320dd5a1f98fc1ee156256fc8b2e985c65397c
SHA25651f56b85d298c84405222baaad6e56dbf5dc5b69ec60971882f160b88964ee68
SHA5125925f32670ae9a40413542bd629785e4bb312e880a4e22fd190e55a16684156f1bae4e01ec313892db69c9820eb8176916b6ac5e4eb8b9fff14994f187f10e67
-
Filesize
2KB
MD521014205c68442dff73929524f0c60a2
SHA1d98f35d9bda1f2b02c8d3e16fcc797bad74b8450
SHA256f1fc77de48cc47be354138ec690a35ffc359053ca142807867b16bc0e0f0c177
SHA512932b7b96445d61ac6c19ade792c1a12d7b493893628cbd5f505c31fbff0132e75dce6745776a1bd78b5ba2c2ca017e5506e6ddfd4581ffc0231c1497a861e862
-
Filesize
1KB
MD55eea76c7fddc0a68a652d0b28a1e3961
SHA1920f05daffea676ebbf99cc5bbade12aca6ac069
SHA2568f288ff6d861326de0fee07ef8a3cfd69199cf4f0452ba2a10b74139403ff46e
SHA512a3fefef204cf51d1e43ba410add687aa0d94f1391090220edd08d984a36d68b1e72a3febcf2340393551857fffb34aa79e7b8fe8f0c2a3870171547e926e2639
-
Filesize
1KB
MD5add6636c97ea0c07b954ea513c6d41ea
SHA1b8c0606bdcbe75ea982281df7f56f84a66fd7e4d
SHA25605743f2f7286a227f0f2540ef66635043b62a94e4f3d85103975817a46459043
SHA51290e24a338b5b6ab426267aea985026e9e4beb2ff16e7b07e35a08a824488c2f8851dd48a9e0e03dfe4bb21471b1a25eeee3857446f5c32150ca0de58ea58c889
-
Filesize
11KB
MD530890305c070fbf7adb8953b65741f18
SHA18c8263f478afea905e75d2030483c3659cee9d1d
SHA25677d982da7fad8cb7de9993f481c42965450cec4791bded40e24ae4f8d112bf6a
SHA51294447c0216dcc8698f16328375585fbc8142aaad8d02f51d43dcbd7278b308aa99aadc5f24bf6490445284cbc1da63636b2760a817c12c3cb98f3cbe3b1b18ed
-
Filesize
1KB
MD5f931ec40b2607d035436526c29fbb0af
SHA1d4880708a067b5f566bc626bb73668ced0a1a4e5
SHA256ee231f4ae2ea427bc46123f67b111f587008a0edd0c68ea7c33aac341090ef81
SHA512f3867b999bbb9ab76658dfe254bffef4d70a1881de07636287e26528b88407e0942d6728b73faee32c119cfd8e6955f5122834c94bdccd118afc08babcc4e466
-
Filesize
2KB
MD5bb6f384bdee9324f8bf34cb621a24b9c
SHA170bb8d217a4894aae1f2f23fdbfa39081ba55a0b
SHA256d1a48442cbb5b3627655384eb308c0cc20f7c4b85032da9a0270470868428767
SHA5123b9440c3dc018c39fbb05798e63a18adc354e49a522de0bcb6da567d6fc4eb47c45d7d0eff9b215b12ce14c14abc854a59e971eb5cc7210514218b8fdbd82ec7
-
Filesize
11KB
MD59b25699bede3dcef85f224237d14f73b
SHA1b3aa17399fc46148d032a12d908328e88b00b871
SHA256d85f0e508120184ea1dc63c2bb4a0905944d3a11378ad425570b77aeb3c09086
SHA51295a103d36b5d28a4f137e9578e9b6177baabc6d1cd55578ab0c0aa9ad2e0220e27fd2f44d83d187e7b16a83fff23712ebe4a8069ce88b6081b0eef6b2fad47d4
-
Filesize
11KB
MD5d49830d23f5aceb910cbd1aa6f6a161a
SHA129659d9853d1d1e3f60c61be6aa5b91441789aa4
SHA256bf7cda83a229ebb453be3d164a3f5a25e44c7303b838204e0b6ee67321227b48
SHA512f33a2fe7952aa39449a5ca293d47c16566ac0b9b02b230506b5d40fdec68dac33c1ab17aefff3a39270c78833ab90ecb678c2feb6dc117135defd54c4c262f8d
-
Filesize
11KB
MD5b2dbad800a07599746f103d541567711
SHA1bb8e93c79829567a336bc1f9d3ef9fe01a420a48
SHA256ec06804c7e86a130c975fe35a85d43203babdba62b875ed8b0dfe0280f80fa6e
SHA512f63252ae32c3d0536e0fa3e33e05f0c1d00d3bc01a14de028c39e756aa4ead597fc85c99e53417a9a03820e50310c0e90bbce13ecf0800ffd54887eda44b715c
-
Filesize
1011B
MD5064104555e29fb18a2409b4b2867d0d0
SHA1a9d8be205b9720e404bc02fb54723ebdaccb7612
SHA2567f6e02538804ff372833951ab2fa447cd8a649fce22a1239a4f6da6668cb7170
SHA512dcafb30f8f32a87c66d267494711160ca26617aa45e7185a3c36e306f9814064ae23486fed91b96fa27c7128c04b178fddbd3b819dd89a700f749017acd1bbe2
-
Filesize
42B
MD525af3cc5d40aa2aa61dd6bffc05aa63a
SHA173ff32c4deec652aa1601fa43a1033d5288405ce
SHA256a0447af44c016dcbfd5f81e04d396c7be78f96bff0ee962ffa31de2d5c9ed0d8
SHA5126267cccba235139e430ae71c063b7daf9241932167502f8dccf2fbbf1086adbb223e672910b7347bfdfc6f751944c9689e836c97884247ac145f33b94ac11871
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt
Filesize77KB
MD5334cddf2703697e94fc2ff3772b08902
SHA177128da386867f2945a85799a503a28980fa4ecc
SHA2567b30a0dd6709858deb79dbcde3af02b9cbc8594cb2d3a31de6c43ada0c1ee138
SHA512619771106bb6a9a16fe338344d772aa10984162e7899cf479590119804050b95bb4121a9ce211c43afd40e0c6cb61b1f2d458e782a9c7ba423c33dcae2e94185
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt
Filesize47KB
MD5af64bc2e838658488313960337fbd066
SHA11bd5ff7c3259c4643c4c2fb05b2fe26a8c2f79e9
SHA256fc45569aff18e9cfbe752ff9b43f774e8d777df4bfd243772d43729be6fb54eb
SHA512f71e22748906507dce406d21113d1b6eccf18e3c12af051de25928bbba89bf9f596cdb6a65846d8f0e39b72821742987f2ef442046dea3fee4f768327a479add
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt
Filesize63KB
MD5a715d39abda3156d66b9cdb880bba9b9
SHA169f0767f3e5c936a142c10533020b4f4f43c2c6e
SHA256aada6835e0f42c1ce31f503fcf287252ae745804903b2714da5489dde821e828
SHA512b3c4d3613ebdbb04ad862b997498d5c25f2cf73aaba469c4b5662e0680e77ce7f493fded949cebae76c556750eebb194fc95378830b880ba9fe01a662dc2de9d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt
Filesize74KB
MD5ee5c96560d4e2bcd9748e064472dff13
SHA145a028b9f9596ce79e74f2e664cc92436b2fdf3d
SHA256efd3f0941ac94b9cec9e9bb7c7b5fb14ded28f2f9a4c8e5ffedd4e3603225c7e
SHA512136b2d2cce88a764689d529d5c59c70d0e790a373a86c81b28e1e81a8e3dd8b968eea93bf14cf101c38eff97c472f6a2b7ecdab87348d5794a815f1465599788
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5a592545469eb92978c14bcbbcf109361
SHA1fd5e8785a90610b88eeedb68c23e521089ade0f6
SHA2568c811733663e5e7bf6a73abc5fb20f221d64720397c22f49709d9a0ab2d86674
SHA512b6f83cf376d86a3084dd92e554c85a2d399674c4c392b499bd36cc84ef148146f4c816667090e13d6a61b4089fe9d94bec4b39966e8a9af5b714b98675e8feb7
-
Filesize
21KB
MD53f22f5713ce539fcf6d8838114d478ce
SHA18c392d52b8fa9b57ceb9651a737d2f37d076caf3
SHA256b4c068c362d6b0cf6c791c4d0097565ebcdc568494af541e456e9a26be25464b
SHA5120f60d8206d6e49f0cc0739052e4237dc111e4597eef995afa5afdc9029ca12ce8b51c15741f333dec96a26a87738a945f75fc50e8979a7c8ebd1842370106514
-
Filesize
1KB
MD585a790e088ef20cb920e55fccd9e3abc
SHA1f9e2c97ac67ab8c73e96bacbb9c0bb5fe837b1cd
SHA25605c4a615355bfbd13fceb882b8830e5d448582f0d20c8293963505de771bdf4c
SHA5123b672c9d07f8aa4d66ee23187796fbe9d1a89f3c7786cb7ca02cc9a9946a924fe8d5f073454704ec57368cd7d4f7cc7f8eb3894e922c4f8b44815629f0fd3632
-
Filesize
952B
MD5e14bf4272a7523f737823b203146806d
SHA16cf4b418d9188bc94332803f9b98e6854200e5f4
SHA256de83e46be0e2a2cecd20ff77e39ca246ac7f693a3ac6d4eda25e30eea91027db
SHA51242a70d82ec3d297a18847943471edec35f65388748c81b092b45a81913cd25a9f9b057f258948d32d708c993972f8903e4756f381c0842a45aa2c5d5b191fb72
-
Filesize
121B
MD55bdaa9b09d7b89677b21ada995d279f8
SHA1cce9f2591514801dfa449566920403ac67c4acec
SHA256cde80a6e5b6b78c5a0554cb6f06baa4cc28b36fa44a056c4aab520cd7245cd70
SHA512f07874f57da75a8afa58f7badb1a3480788b16f9795a89bec41f7734b0a3a8dc8280d1f7339f2750a6ab3ab96efad0bc433380e6ef8f442bc9888aabcc3f39c1
-
Filesize
1KB
MD546e958e61866143cacb6beed2f49aa07
SHA1077a2b821cb048fc3c0a2cb900d1ebeb40bf6d0b
SHA256e06be3a5fe04792c9c0c5d9f032c69f17aef41a7153cf24882b68792ee4bb67f
SHA5126a942810d5bc9d3366fd217941026e3e5d9c98580b1679d793ebf802a0746413178b53d25809782e2aa9600e3a63f2b768993b37eb6da5f20a147fc2a06d6deb
-
Filesize
8KB
MD5b36eb05dde9c33027b4aa575ed3d0e5c
SHA1fd393d72f6d1b3d89f94626e80249a3b243861b9
SHA2562ec2c87c2d72c4e13b577213716022103cd5c247fc3ac203174d3974ba36286c
SHA51235eed723ea084c1fac3bc1f6317168572eb7eb5b998c988cd1604ff5557039ff35304cfac13f84d6f53718b46858ef439c5fc5365ee26ac04e2a33f6ff63b36b
-
Filesize
61B
MD50a0cc02a6ca6994eb4fceac44c7afa3c
SHA10835a5df7149889f277a59e073c6ab204a6f4cb0
SHA256852f255c7d12d7bb8331d0ddfceb753809a6df2fca2246fce4e313026a539853
SHA512df77bb0133c199787931ac24584d6822dc92887a1b3ba0d9ffdd217158fc38cda508fc49374df0879edb02dbf670bb1a1b725b7a8c5be3c53b9845097dab0a4c
-
Filesize
914B
MD5c00dbaee6dd519e7a762e6edd03be341
SHA1a33024f8e2ee3308579b3b19863c4a586bb2e0c2
SHA2562d71bb66a4a2f5b78def681c4113a6640fee102d57dad0430e054b49359064af
SHA512c3db67018ddf60b975b56d94955a85650b307a02d5483e6f0171060012480688342726cc8606b4558cca11fa48899c4c4809cff86eac1881555ae58d9c406d13
-
Filesize
90B
MD578d9e0c31323f304e3ec64241334811c
SHA108f625386e7e4caed3854856a502739a57ca3e06
SHA25654b0b723c5ae6d70f6ddc4d75f71df8cdaa90b5ed2c10b5fb54ef386c1510d2a
SHA512cb44f05c8a4702149c3e36e0fa297c286694b371db1e90f7f8185ea3d277dad00977fbb3dd41a105d69b753897d9b77aa7cbee16d9cb0956e65ca81889fdfa2c
-
Filesize
90B
MD5ec5e34e63c569df639ea7188a362d7f5
SHA19b028cac58e2bdce5ee63cea867c459d80517aed
SHA2565779568e7c575de8d58b5334e9c083a121f10abca6748a140916dce4a176889e
SHA5128b760b8f010fd7c6c8e7ee0cfa0309ba11476d36384b31ad92fb098553f1d118926a6b3aaeee2e41ef64f2854a1a2e41f18423cc4730b1cd9834bfec9d2678be
-
Filesize
328B
MD503ff9942dec367f512453aaa401c44c8
SHA1ea3eb756a42bb35de308f2aa999bbaa1206ab974
SHA256b4df63302433e5fb07097a8c56994ba49a7e4cbb10e179b5aa60ed3f5e2580fd
SHA51279ea8a9a5862fb6dd8bdabf26cd0a7b3fea5c02027f4d32e9c73a5a20c4e27f5727009c0c379a917363aa152b3b0039091aaa4bfaed6a15ab0c6331301551559
-
Filesize
1KB
MD53a0db1d37f690ea47578de49d68cb948
SHA1776563ae66bf05aec62eace580e132522ef75969
SHA256a35c370460a7509d768e3226e24286089d02e8fabd3483e3b73024070b4c774d
SHA512f782ca28c137ba33d26c323b84d1b2c9c5dcf5da3a1d18bd759516b016fb375a3e197d9bff0b645025f8bf77749ab4208efdb8929e1236fc83775867d02f32d1
-
Filesize
162B
MD5730a6f927cb5ca53f5d5aa978906a5cb
SHA1559c49cb4c62d55b958d2141b6fbcebb9893ee34
SHA25657c658c2b27dd5d8ace2e316e9d7fe0658fd86c85c458a9052b52afbc79c9f67
SHA512053778675099b8fff90a90376a1b80f3dc3bf838ba30736bf3b9d4c0a71ca4ae74fccb52c53d705f645143995d3529f47593aef593659e6f2d436e22899a146f
-
Filesize
586B
MD56914726b5e0755eb9b23fea5369fcf17
SHA180fce348d4e73481785c991a063b16f7a60be522
SHA25678fc0a5e58317de63565a3a4bb670a5b1762e5c7588101ba110a821ddad672de
SHA5127daab4b610c0fb64562483782303a71930db9b50e16253552a920b36fd3e39950749c1bc7eeb4c852f447a48c53fc63c8634037303ff41ba5dc388dffd0b8af1
-
Filesize
124B
MD58232a89d20d6623404a2ba95cc637ae4
SHA17f459d64359d8fdf7df69ff4a98169d4ff531e7a
SHA25605dcf640fcb8e79bf8783bae7245ddc4bd62a600e12f4fa8e0964806f27a5880
SHA51250f4e7c8c2278f2f96c53b683e85e250b1119b9de106d1d8d828827872fd1e3355900a51d40ff94ba3579ccf6fbed0fbf2e251ca5354093c89a94e94b03d4bd8
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD54110eb60848106db4c3d4bff32c82a7f
SHA14bae6ac0c033567329811f5d2bd1eb3a7a4abadf
SHA256e29a7f8814584eac27a0bea6f5751ee5e4c4e9936af0e68b672326b614a8d7d2
SHA512bd322c5b94915dd9cd552014f5127fc9e7bc39763364fe75c5581f4b7ad49127d0b30477e94ccf9ebf49db2c099e0d954f3a2eee2d331268559ec6fa714cb68b
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5fcae871d1d25c8656e6edd8e946b0dd2
SHA183d95b45788893495747001e93ab710ee6219afb
SHA25651034aa99a033509a5a770d00fd0c278ee566654b9a740b3bfba397471e94219
SHA51278b179a7a11faa042d3c77c735238597ee7b819b530fdae0f8b2f441fc4e59514af8933dd3c261e515bdbfa3c411949381b2d63e608a47e1a5ad99b6986744a9
-
Filesize
8KB
MD58b446f9178c3a3f54acc79737d98b126
SHA1fd4dd084167e012f2866d2e156b6aa8564a5373e
SHA256089850470d33f7d5e5c05a14362c449e4383f463f6855385777205cf5fc7a7ee
SHA5124445abcf78ca7b61dba56eb809313aabfaa3f6e184084062c7cd039b44953ca845b6c727de418037d7f38501598785fed37b03a487d808a0c49319c1711b3610
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5a32da0a3095bc4c7dbbd71ff7d5d5486
SHA1c6c7447999da3261d5838ef9fc1cc844847f8a82
SHA256d134cf262d4b232febca4147907820d9edeb00c6f0492b927805ba54fafc350f
SHA5121c187c45f7dd49c8605c7c48522540e2a00a721bc28bc96516eca5c0ba148cc5193b6558d2af4dd71f187b9a39913fd43a47a1ce2f3c947b5f242d1316060fa8
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5a0354b630bc9606d21dc0307821a48b6
SHA1384ca2b5f7ff50ec1974dfbfeea63a6b841336ab
SHA256413cd58597af4cc6dcedc6a9375274f4037932dc9e79780fa0b7c6bd13d65446
SHA51284c9e79e5f93019f6128b86d2fd5c3b27c5a3df9f1f8f93e0ab3d8d2a561fc6dac7d46c343c26ed5f7e94b8ef642c972bd050fba4eddf29432ed25b5c2fa59b1
-
Filesize
880B
MD54aa2354ccdf813ecf65140dc6305cc67
SHA10d5fe86f075b4977b7550493df9a3ccec0f119c5
SHA256c9cc9253a9a58f33ee1bd47da7906cb03b70d240e66d5b2347df0b8d74efb005
SHA5127f588275a6c0325efa25269fa39cba117beab8a6fe91158defe563320c63ad12686c59ece66de2aaaf1432d7719dd850531dbb0295bd6cfe06b87ff298e34187
-
Filesize
49B
MD599663ab38edc0bfbb1458bb51634267a
SHA1297740ffcc87f9423624c3542f8baf60b3194a5d
SHA256090cada03cf6cb83dabef529297bc20a6d9c93decf18f579ddf6e3cd9bafda51
SHA512a07daf116475a5297d4d662b5b3661070f58fac3a68101179b832d4d6ac83cd405d221e4da89a151fd3714d0fe5fcd663b3542f937f78a15cc4cb3c7f5d2e5b3
-
Filesize
1KB
MD5a5998a2146a90b2c4e16545b06cad4d2
SHA19fbcd6faa6b4784be01924f3426af30b5c0ead05
SHA25697df07c9dd9e4e51aa15f7914233a31bb5086272846f28a7a424f9adc46f9d8a
SHA512ef9777b107cdfe3084fff2673e46807e679745b59e7a4a0e97821b58bd7f34bc8dfa3a349672073b6463fa7b182a98472fd0b5ba41210fb6255f8590fd7cfdd1
-
Filesize
1KB
MD5261025787d049e3ae3328c529b31e9a8
SHA1b1eecfea3ed2c36ff0474f7ca7c9d622adb20bc4
SHA2561ec7d4cf6054f7dd6d94897f574cf45f514f22746aededaea0ed599bd13e30b4
SHA5127f2ff0c81898f29d311b9fd53b3c103f1108e188e30b4c641da5a045e2fdefa47829c4bd66c2c95dc25043dd5608871cb79e3c3e5727ad8a7d2e68879fa93879
-
Filesize
1KB
MD5b764cf4ed844fccd4fd25159fa7b41dd
SHA10effab6b6815ff67e7dbc68da3427bd834a421b9
SHA2561afea3bdd739126bcca06b8d34becf2d7c377814c9e2df5479ff338bc4c8b582
SHA512d660e38a5192e2f76033f47ad7ed588c33a31c6bf2fb1d7ef86ff5e2e5264c38c3aa22a2de12b1753329e9f354cc96a553bdcf016697444f658a4437884e3bc0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5408c771133296452fbd95239bd91c1fc
SHA1503abe9e4e2b6d9eccba069d72834a13538ac1a0
SHA25645dd6f6b891516eb7636ea6eca7e58071346bd9d3c45b480bddbb1193835e098
SHA512c1c7c966398f0778711e585e4b45cd7af0cb9d0fe5f60129f2337878b4ea8eeaab20577b4564352ad8d2af8556f0349cc940b2b652c354c639e0d42848eae44a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5465a66dfae146f990393db15dc6c21b1
SHA16169297616bbc2309219a1215503d6309323ae28
SHA2566ca3ce02d53e3061a2a99e31f451d85800c6ef0f46c72137a85d9a7bd6e56c71
SHA512577d0f263fbacf5123c46b81f83ea9ac0bd4756cb39af06bb0c8dfbce45322c6a88b6d4bf131180584c8b483f2d8aa166ba66f760857d84e22e0128f84f7fe55
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5ac7bdef2edea9f68daff891dcf56ba34
SHA1eb8e3082bac9bcadae187e076961af3b620f5623
SHA256e3031d2a7d8e2638681b3d8823dbcc7d4ecf4190b614e8b9dc611487311df4a5
SHA5121bca00f6e90c77ed84a214be7ad8ca0c04155d4d1f4152e2a747245a0756d42aa612ac37de7060168cf7a990b31740b93348ee7830ec51df55392e9999bb8d06
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5d4aef54bae5e21060694542a98dea4c2
SHA10ac7f3c4d79be910660d29b279b723ac0d564cbe
SHA256c8f1d999a9074bf340124b0a511c2cd85ffee6e46037af88706573a1fc4af9be
SHA5120eb38b9e8d5a84d0f763d9675c9f5f6831d862707aeb428b46a1bf353d4c575d8802983ec0df64345b47c0acf8110e634e01eb9afe15f524f1c72dc7760cb2b9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD572c446352fd9f40bf68a39b653f3651a
SHA1514d8d0c283d460b0158b36e87c75ead4c4dd3a9
SHA256b48ff127b4f73d7d44cf13a01bc840287960710da177362717a03a9c70c376a9
SHA512fc4e617a4c6faac14d137b6e2a6042c5be6914659135eb307450cada0d8024f34d26ea5b41388695e46a52522e0f45e68e8e2624ec830d47db40496387ab79dd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5e2889cd4d45188c176503c242118ed8d
SHA14c32329b00e3ef1269cb881dc71fe72f268ceb5b
SHA256e4ae1afc80fdf66b1308f8b0dfd640e22f3ab3662142e7300eb6ad2341b1553b
SHA5123cb4fc803a343cae9ca150c9231ec22abd9eeb6a78f87943d13845cc6d1c28639696d99461721e69cd66e8f9c38fb7e9ef95f6c7ada6bc63c6276ce86ff5d835
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5767eae0418776e7f7b87d84aecb3995f
SHA1e73190409aa76f3bd21b7bc52c0348e4e94c7194
SHA256690cc9a0ae417a08dbf6dcbd585daaab9ec4e72ec4f4dfff0a214b41285a6871
SHA512701190bfe375ab14a67a04b6e5d16dfbe71c214ce552a68a7fec1448c10d8969e3130d1bc0d4fa799d86f3fdb4f40179871374b4814f005b6c00d8e8c5db65a6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD57f6a7b5a8be3b398c567d1cc9dadc7b4
SHA1f9f3fa66153fe2e3481ec67ce70a73d9ba276cb1
SHA256309b7a7659feb5cd6996a81027c5c14ee30d6da0929d16f3069fadf2fd21fe5a
SHA5127abe49e220005196face4d106c3d60c6c34a169abda7190d63c84d746edf6ac78f9473e58d1c03011ba9e34f963f6a344eadefcb3a3e74b0808f5d744baffa93
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD505a0c0a09709c2da1b7309e6917c46d4
SHA131d6a6ebc5a8cf8378a69532e5cf25a04d99c133
SHA256c066771f42efc01561d24f8dcc1bdacc3d11a295f2db21a6cfaaf6a7eb9d3271
SHA512f389a71c1ab0201f5db096f3fcd3f7746655982f907075ae6919c562b4ca8f9b1f81016c930b565fa7103edccd659c12c4134279bb88a891c38529b248cd7e47
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5dd6ffa651e59fd8ace4f916e1c05af65
SHA1b0ac3d1f02710318e006b97e13df8afaddf13b1b
SHA256d4be597a4790147f5e5c9a8d4aac3a019d0f70fbb48bf9300f7dbeb899801ee7
SHA51216fbcdf1efc78c5718949f607567dfdc9fcc4681a076e4bbc537d97f7a35f2c93318b441f428b7f618696901c3f5b5925ad46d2f5397bf92c3e837e238ceee10
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5d1903cf55ebb769c14e8a1a1de9ab261
SHA131d7b4bb9d975751c9ce17ad6d870f701d5d89e7
SHA256ee13bc5203150abcaec29d761b9a7391d3ac8fc65e709ab37580897d9422bd3e
SHA512ab433bc3d78631b85107c6f728dbb78788838af49d32faafefd4a089c7a651e358b18e0c125b3fb2206d5d7bc599e96c98a98a62c5a371595e1b2c762a3cd2a4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5a96be47765b8d5fabe01dd012a3e7651
SHA1d28d529e5554856ea780bedbd1222867bf416097
SHA256b9da33c10b0805c7e3e8e3ec8c315050513385eabf79fecf3de6e71933824922
SHA5128ca3982b15dab3f944779e85e3422db3509f07db5fe047d3ca4d5b9f0c7b5d9441020f70347a12176ca9f87d2c49f25d9c41794e7e20967870080b26c06a5c32
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5e32ef7332dabff2fb592c6e254af8a8b
SHA135dc2f6d7480c3684360b1bd3cff34650f34d435
SHA256fdc8d410bfb862177d8b9f9402da005b4cc61391833bd6f9487238140f2855fb
SHA512bc22033cdced88e0c1e80cb3a7b05c001992d039a61719535bab9ae2a601ae513d1aa73433780f3b0ac120a6d1309add7f63b56071229fb72965863fd27074a7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5155b825e97173b9805080c10934ed05a
SHA1a9df3adc342cacacf7c04aa021ecfc01f9102c98
SHA256fd04c6b39c26087f35ba8378eb79dbf4a55026ec3a82833dcb04a15819eaebdb
SHA5128c15192e7c350eae6eb34703af96d0c15d29640fca0c56c9dc93f1b20989197e7dbf430add4ca9f33b09485aa5dcb227710e677c3914f7e2174fe8cf31ac046f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD531c99c3be4ceb01271786dd15ee99854
SHA1d9441344da1256a2356577278cbc7831e84c0af5
SHA2566c9b7c28061a1d7859614a795ce28bc84c9cc431afe26a3a6acc6ef71ec8733a
SHA51207e865b40e00010315c59dd8d28387bce15fb84e6322719ff67101e25fc64bc210aa47633fb9f037b06cb2a72af8c049830e8366fc352590469b49b934e20ef4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5113f330511693d86b7ef6016c49a051b
SHA1f63bdf8c30f37aa63eeb5fc118939989d29f5adb
SHA256a3f9d107636a82c7f7ac96e635946ee5b8f826cbdc60dd845d652b223b962471
SHA512d856321b413f8aceb0d33c7ff444daf4ef4138fb08f6a51953d7592598a4aeb766effb42c3e21b650cacbbe11c2d97f2bff0d9cb9c4e562a817addb46af2f9a1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD55eac2b298d4cc86fff713a8a88928e9c
SHA16dc60a7a170f4c07886c6eab7902e18ca0f29e85
SHA256f60a4efa9ceb3d1923b225fc4bf4bacbbdd22734e47a8c05d02810866796b7cb
SHA512f9a1e309f45dbd9f78876b7d25f936c5e32def3c38ac18a0011f913588673e24c3eef720ae1f61cba313c2f95c1ddeea3f0494bbd5ae24f706e3045a530a49c7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5e1254ee120dd761b53144cb0da53d207
SHA1fcc07fe183cfd26b8d13c727973708c2409a582b
SHA256dfa912c7cfc7e15167a1b4ea71fc00c092425e4ba80d46ae5f16d8dde4a1fe8a
SHA51202b83d486a9fb45551459088009550b0c44d57f75ddcf1c2299b2b57f78fdab16fb9ffd6b03617c884608efef21f79e0c87a617cfc31fdfef581c063be122e79
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD51d113ac8b7d9ddfc5f2d2da0dbf27cb8
SHA12d93a0a42ca183d1d142968d898621a569238cd2
SHA256f7fe75e982eed217124a51005c7a03bf40d92bc865d60af3470e359d551d2bdb
SHA512d9796f96cbf382cc9c7f062f23f79eaad162eee0394b34ce8ed3ab18f0553e5c52b04bebd36ef0f53eb76ed808303ad109fd724fa067dc472556c5aabd8bd930
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5abdf9ad81e269f18065330cce0b3a46d
SHA1dedd6e7ca63de063ce4f4737f731602db7a5409d
SHA256f5011c5236f25e4eb4f89a6cd8de1b5b37d9d90f54c6f4491811f20ffa0543f9
SHA51229df631f9da6591407ba04f1784aad26540e78f660d2115cf4f69c60bec8abaa76c0e03bf5bd0cf18c6eeb0157f8918056a2a0ee3a2382960499f855fd2fd0ef
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5e7bff026ae7fee430c5dcd74bf0cc89b
SHA18aee7850a5804f681055ef48155ac95c879e10c6
SHA2560e422c526b1450931be8cac1eef505623b4bb4a44896ae5de19b00c885d7d7db
SHA512ac19630b4e45dedbe46ad2c016a836a96b00f0a6dee1dd12aa715cc26023629e19fa99ad9421e6f6fbd96d7811fb506aa2346c15bec62291bd448b6c4ef213a0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD58afca11fd015af0a7eebe71bbad2e7ed
SHA199ada22ada28a4465ccd1ed8d3937dab4c0f34aa
SHA256e1371c7bc41dba47c6cbebee84d3c3ed05596b2ddd56d7e520d0bb9d6e31a38d
SHA51234523669067f86e46b9442691e7d853fc3008a55ed74e1c098a5f49f539f912b70479165675fcc6dd0180f84f8904d3e685de512ebaa4ea8d70684bf4f481d1f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5dfd8de2035012dbc8cf197b7715ed379
SHA19b51963f6edde95f0df09473d817e9a40276b1e4
SHA2566d3c3b79c15d2d6566857451752f2020b537f96772d08d8e2f5292501dd3df95
SHA512f07410ae6261bf10c9e0878f592dcc42987ad227dc9e41c05d11c1e795894e1ee78ab2a581e8dcb2b8766459aa2ddec33768b3f106e22b20811dadd7b5424c28
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5f907ecdae4d65f95d8721d6180011662
SHA1d507576f16153db8ba3c0e5697a90cb0a7eee213
SHA2566ad46c7cf391ff804e8eea6c1e4444d1b84ebab670049d80e5e7e5eb5a123ce4
SHA512f8cf172d405f003a842c686f577db1cac1f7ae9ad051b613dd864a136b9c60b26fd1f19bac7ae50c04c5c7686f7a668b8c9c2e0bb0e111e667b6df7178ed608e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5b101a6b32c1a16180aae7b7189587ded
SHA18e6023ff8f40829a305a352bdc29922989e1e661
SHA256385100fb166f9873eba2c3f6185fcfa541ba10a33c455d1485508ab1f8153ba3
SHA51223ced4c29c26d7a706dceb43b934174b031102cae0f76dfb6c8204e5c6fe5d6eb878c8566b65ab262f97634c0448ce0bd1ae37c9adc45c46ca1ee631a5b17f04
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD585aff37dcbecbf8beb979981b4556f3e
SHA1fdffac815e087c89cd94db564bcf54702479a1ad
SHA2562924ccef62cabcb3bde067aa800eebdb6dec7479ac3356213278d2990d2925a1
SHA5125cc202f50c28a3b1339d92986b2d54f05c6be2acbb85aa2052877cd0250176148777861a697840aa2386841d7cbd09d0290ab2919bf5a776d17062c4c68be1b6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5abd6f674a8f1be2abfb13284fd988e3d
SHA1300ad04f067f13fefe53bb7c215e4e6737b88581
SHA256a404712fb406123bae33fc8bc1540b752d54896e48b11199d523ad73c338a72c
SHA512b035594dd73f7367affab5191a4b6f7adf9629efb20b54146ec644ce95e1ecce477cb0ff145db141cc9026499ca2dc710e73dd7fbde1b5db45e0705e5acb3896
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5095e107dfa346970a63defea97d2ba18
SHA1ebc0520c9334482b5326544bc88552b4cb21e2ed
SHA2567b1f34d07876aeb4fbf367161fab11232354d5bf0c31fff6aa00700533d40bd7
SHA5125a43b1af85607bdfd9a70ddd20c65757721c4c4a7cd8d49e63b2a7bc54c4fc91160db83bd43792f1b83747e013d5311a094fdff119180b7ba79065118eaeba72
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD55db84b7527ec8a24074261bb4207165e
SHA13b78aef4d0c8b84e11c1ebb0efcf8775ec5a0ac3
SHA2560edd92dc5c06ecb20441da39e09b48009084ed4537b995be501f165aade7ad99
SHA512f52319b78437c32fdfaf4073bb3c7e69fc73abc70a4d2565ecf781a248e381106f3e471b35816e48a59d30ce1c048f24b83416dbcc4fee24045d0233e30cf383
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5a648f2035e6778183e1ff329fe1a8ed8
SHA1e5061cfb1b929c686f33412969b69549604494c0
SHA25659754872a01d4634ddfea6dee8d1e3ee645eed9d5264a4cb3a6942a67bb16aff
SHA5120f7812d8ac943d8f9660c003fc90be7fc6f665d180fd5d0f97e767d0dd0eddb8558fde6da328ee5da412e1eee26673afef41b0148ab6374c56c54842a454cc97
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD55869ae9af3b2e7bbac816847b6a925c2
SHA1c954a8e6a56d4228e9ce825e6ebd2d151e2701ec
SHA2564808b6c4a710bc08abff35a673d7b04e6e3292defbbabf154b2cd8c47d3e72c2
SHA5126ce956b6afb31c5c61156d7aca9f20f386fa047616cf36d3ab814858c1b4a6bcb1f67c3a89c91a691b38746b887e5a9e78a91d12da6e69f2c7948d45caa35e5b
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5705e1b1ed9cab89067be7c7f4f5ff1de
SHA124fd09db3b50db83345007e18d5c73429771f630
SHA25696a50177d6ad4071d7fc94d79874ed8acd29d60aaa5a256ee0db39c5ce819944
SHA512f0c94cbecf30856a30d57d8279dd47a3f87015b5d1426815328714a172c8b43c7715d221fc24a22eae962ad0e9463b3e0f945306863b3f992af279bd5c709b71
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5ab9837164fa58b5dafde1a0846851380
SHA14b89062e6ae7366a7fd8ad65d7ad6cf404ce7253
SHA256174529545e1f520a70399eeec293dcd82997b9616da82e0bf3114dc18e0df330
SHA51296998ac76a1a42bb87b477e667616c355fc9da340f420b8ebf51697eb4e6f9af368de12000c3723aec24e8d0566b5ddc365973e911a2a9d4ed1848324cc94dd5