Analysis
-
max time kernel
148s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
02-11-2024 23:59
Behavioral task
behavioral1
Sample
888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
-
Size
7KB
-
MD5
888c9c3d4ac8113c9ebe6ae8563d0e26
-
SHA1
349dbb63c8b41daf91c7f5f52488ac9aca4de1d4
-
SHA256
fe7bba242f3e8f051684eec632a0a0bb66ea4bb69432a9998cf413e90942eb42
-
SHA512
c3a8bc425654d05e96cc24c928584cb81ccbd1e4b16a2c033465c0b914f2eddde96b3fbf1e8b74a7e68aaa2f2b915b5372030d514eef7ec2254f250731260019
-
SSDEEP
96:lPZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExmPiRxQyWmpp7RJ6rmQN:pzdrr1FG1WDCgmjPZ+cgmZU/pGMUA
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/3104-5272-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-5283-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-9907-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-10973-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-11288-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-11311-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-11316-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist behavioral2/memory/3104-11317-0x0000000000400000-0x000000000040C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2178) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_a47d9636ce0d7dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl001.inf_amd64_e09ac82d497a19c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgatew.inf_amd64_7e6c377859cfcb7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ISE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnttme.inf_amd64_edc94fc65bef3d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_12d9f43eb5d02987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_scmvolume.inf_amd64_de693592afe8a496\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/3104-0-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-5272-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-5283-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-9907-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-10973-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-11288-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-11311-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-11316-0x0000000000400000-0x000000000040C000-memory.dmp upx behavioral2/memory/3104-11317-0x0000000000400000-0x000000000040C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-125.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-400.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteLargeTile.scale-150.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.scale-100.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64_altform-unplated.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsStoreLogo.scale-200.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-36_altform-lightunplated.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\LogoDev.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosMedTile.scale-100.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_05.jpg 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-125.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-125_contrast-white.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-300.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-150.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-colorize.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-unplated.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\WideTile.scale-200.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\WideTile.scale-100.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-64_altform-unplated.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-white.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\171.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-256.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\tr.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-125.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg1a_thumb.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-125.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\4.jpg 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100_contrast-white.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-100.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-100.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Program Files\Windows Media Player\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\7.jpg 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-200.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\7739_20x20x32.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_dual_sdstor.inf_31bf3856ad364e35_10.0.19041.1288_none_b06a3a09911ef032\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_de-de_a369d8a4b817ac3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dafupnp_31bf3856ad364e35_10.0.19041.746_none_9ff4160625a200df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ncdautosetup.resources_31bf3856ad364e35_10.0.19041.1_it-it_67401f247610a75c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\SIMLockToast.scale-100_contrast-white.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.1_none_b5ee49ccbbfbfddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ureengine.resources_31bf3856ad364e35_10.0.19041.1_it-it_44e2d3f797c55ac0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netlogon-adm_31bf3856ad364e35_10.0.19041.1_none_b161ed0ab564b738\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\System.Printing.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\Panther\UnattendGC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.21_none_533343740bd8edcf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_10.0.19041.746_none_698e4a0bbfaaf49b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..tform-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_ac1e938990a73ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\ImmersiveControlPanel\images\wide.DefaultPinTile.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-r..-resolver.resources_31bf3856ad364e35_10.0.19041.1_de-de_e100efbab3b4d69f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-execmodel-client_31bf3856ad364e35_10.0.19041.1151_none_969496a90f08ec6f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClipping\Assets\StoreLogo.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\EdrCalibration.mkv 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Answer.scale-150.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_sk-sk_0ff0ddecf400ecb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_10.0.19041.1_none_0e1fb02a57158eaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-rmcast_31bf3856ad364e35_10.0.19041.1_none_0a6ed9b5274885eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_10.0.19041.1_en-us_7b4e70c9967466b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-photo-image-codec_31bf3856ad364e35_10.0.19041.867_none_877305abd8fe2b99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_405ef0e6387deb46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_inspectvhddialog.resources_31bf3856ad364e35_10.0.19041.1_en-us_cfff18f1c078b862\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft.packagema..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_4413c095d47562c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devices-background_31bf3856ad364e35_10.0.19041.746_none_94c098fdfd235275\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-18.htm 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msmq-queuemanager-core_31bf3856ad364e35_10.0.19041.1_none_35a8f127fef72ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.264_none_034dd448b05af73d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..espaces-spacebridge_31bf3856ad364e35_10.0.19041.844_none_17081bfe76d80f3a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wwan-lpa-api_31bf3856ad364e35_10.0.19041.264_none_c2c29c19f21ad300\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.19041.1_none_56138d203a7fc4cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_rdcameradriver.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_38ce4d0ed1e2e9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_10.0.19041.1_none_c216468b91a73e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..istration.resources_31bf3856ad364e35_10.0.19041.1_de-de_f68f68fd78290aa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\NavOverFlow_Info.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4a450e5e1824d217\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.19041.1266_none_e488d49c8a22d21e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c1c6266f1ae3c1c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-2.htm 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_10.0.19041.1_de-de_75287cc2038ecd7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wvmic_heartbeat.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_424dd759b4db1c81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_856b80150089f232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nshhttp_31bf3856ad364e35_10.0.19041.964_none_518ed510d35bb200\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_a91c7b19ecb3924a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-rasmprddm_31bf3856ad364e35_10.0.19041.1081_none_1848e150b717de61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\73c6ae4303a31ae701dd97dcdda2523d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-b...appxmain.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b3b24982a3164dc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.546_none_e1e7b56148dd5ae4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9f78d2906280a501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_10.0.19041.1_de-de_71471c3319bede98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_vmconnect6.2_31bf3856ad364e35_10.0.19041.1_none_5c4aee22bbc45ef1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.web.confi..eprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c526372455fb75bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_errdev.inf_31bf3856ad364e35_10.0.19041.1_none_1aa239cbe9936d09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-application..ardserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_52167fbdea8017f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\d182a3c6e8e7b5a8d7b7070466afefd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Toolkit\Images\dash.png 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-webapi.resources_31bf3856ad364e35_10.0.19041.1_it-it_a311946260914345\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..indowsuiinputinking_31bf3856ad364e35_10.0.19041.1_none_afb44774b6e4cc48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\DefaultIcon 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lTFMbE460hA71N2.exe,0" 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open\command 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\ = "CRYPTED!" 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XAEVBKZRYEPYDNY\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lTFMbE460hA71N2.exe" 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XAEVBKZRYEPYDNY" 888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\888c9c3d4ac8113c9ebe6ae8563d0e26_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5343c2258e973f55f87d68dd22129fb83
SHA1089a400ac458ae0c231f2d845ef87ab4c54f7cb0
SHA2561f5baf2bd59ff6ce6fdf03a0ab18b639cd09f71a2a806c8402d9b6702ca113cc
SHA5120b88385812cb5e0dd301094c115c6f0ffa5a5c0a2d9437d88b4b8ae836ec9acbd4428219e553860e4bc0bdb5656808f2c653ccaac04cec96bc5e770d2053a94e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5023793f40f4a4049b5d023eb314c1cb1
SHA119a29fbb556bdeeb24d568f22ca91d2bfbcd2646
SHA256a29eb9528af8c6de528641fc78c9e82c551b65e0feb537e6212ce3b28ab055f5
SHA512188cccba351170fad73902a4dfb132ebe7ebc3d4e432efee6871ef6e3430f89fcd787b466d06aa235a7943be378899429871475809aa802be296ab27b9923cb4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD536a6d8b095ebc03ac5b4898a47e6a383
SHA18122c184487fc1ec47471456010380d84c60db40
SHA256f0af4c59b4b055b7e880dd3a2c457f9ac290a039fe6e73c832205b8c7fe9fd16
SHA512eacf1d77779477f1200545dff818032a7dd8e6de8910bc34885a24d8bb605be7d0c1c44c2be6a7157ec5b3623dfaddacaa2fe5d452c06889381174b646f05e60
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD567b257c1b4ea91afcbd5285e44729a16
SHA18772b90df33e80bef01c606d1b4ea5307516c9e9
SHA2560602812c6b7f40186699225aeb621d1b51d88ea7b95374c344a04474a5b11d37
SHA512aa55320c9c4979c96e20135d5e342fb46e1fa23e29ff7bd3978a732d5c25b131be031c507a26544c6708737310b1dda5b9cfbb927afb5d30bdf667767d994291
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD54b5b9085ab314f6e409b83fd6a167878
SHA1c88ac48c64150c2a8f18cc17beea900f176f82a3
SHA256ead4e739557611b6495a660b6c1fa4ee8ecdbe2b217060f83dc8d9fa5b0082d8
SHA5128cbbb5c2902473b71c750595bde1ef73c057288dc6326ad7b0dcf4471531218a68ad08a168c04d44f25d319f72d87ec1098e7b7481e61c6eabc13ccef105a055
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5ea6eaf2b50b01b65749f465ff8d8938b
SHA1afc69a70d577d643956f96a151ea74052a514894
SHA25629e61599e7873752222360d7b470412bce6ea719a8227ad056558502fed6ff6f
SHA512e7eb58eadfc6a146cbd6e9464cdf419595109a0d7510ddcd70cf6084128f1581236e9fe48670dadf77d3fcbc51944f9dac853aa9539be26a7defc49e950bf353
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5ce3740bf046a621c63c2c48b5bddc6a5
SHA194ce5bc43b8482fbf56071bdae520809f29dfc63
SHA256e8d26aa749004b4450e01e33b748487bfe39b86ce41f0e07f691c87dcb8aa975
SHA5127fa3df39a2bd6541fecd22a638330d06c712c0fdf217cdf7871884aefd25b95d34b022a6dbe2c2c8413148ed8ba10c242f89944dd3556d99cada5498f4567b89
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD534a0a8b1b9164e550e5a05c9a031197a
SHA136d70de1adc5641c84f741c1c7ae9179b606876f
SHA2563d852f7b6104d5f370c6241d14dd3ddef05ce04e1250b6516b218346810a3c17
SHA512f67295ffced8a16cc43833f498d5a22ca2941e6de4fea4f381b43ccc91ddb88542f8232a308a186739c53b2d75548d6a5bd68fc1cfbebd4ed03e3bb62e4a82f5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5b6f778d54186c3238e0fb38bb1ad1f8e
SHA1102409fb51fc15ea9821fb8fac35559afea3962a
SHA256d3aff27538d815af74caf02ead38903bae62f2c40ce494795493275877d0cde5
SHA512ea72d632d461119aa334c9baab05697d2cb87e14849901eb8ebf2c02cbada738d66fb0721af2536e97b77d931f84e164bda8698859672ab279a148629407bef3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5866b7e9544b7386e9bd377f4babdc92d
SHA1c3cb9485880fbfb52c0651d5d565500a59ef0926
SHA2564205326d224773baba406128b6c10f5f78042d7760716d8c7b1bd93fae1703ff
SHA512fa4458cdc6073b7d88cd16d8a359b319f6d4b8c9ac3645c1f8f6a97359767c4afeb3ec0d896041239a1e0e1e0f08ad52153d5f135978b0c04a0c24ba4773e025
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD5e2dd09239ac62d1c145c328477f21d94
SHA170b0ec00fc30234b21c04169e190f93eb9c3ca09
SHA25635d4023b4912ead157ca4151dbfbc218f73772f98e61e3c468d2570f2735004f
SHA512b31888be271c898aed54750a7e302c66b421165309bfb0dacc8b67d5db01b9020224b43590a417f313666f090c866ef76c47b842f1f13bdd9da69c9c2ed52d65
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD58ce3f78b6cd039cc325b0e2b49ee90b6
SHA19ed60322baa1e408b5dec9ad2e52250d5cb66996
SHA2566543bdf28e50910a190f6fd17a6a536f34210185ad22fd743c825bd6ebf93b87
SHA512bf278f19cc93d42037e2b6607376b76b10a8c3b157da086339d8aeb271bc7fa8be7d33431e28b43c8389c2f6d533362f804b1c7b2eeeb852e5a6e0f03568449f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD57c77850a694fc11923f2df7f8e6cf553
SHA14e60b3b408a3fa4b2b10a09a6ae44201fc3e45d7
SHA25647e7e040061a84b20d67074a343fc24f0d6873d7c2a083dd236700dccdf909f2
SHA51281aaa986b3885a8ee33a2be48db7b2e7190e8b7b4e638e6aa5597e3b3bdfdf9030379d3ae851b73ec7fa7fa4c85c925c52a613594a8ef516d258f88c392126ff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5b5529cc0fbda9c47b8f279df75a2ba0b
SHA1fc444184aff1d7706fce4016cb99fa6c8736700a
SHA2569512e63559a5df4adeaac5d5f408aa962e8b5eec6ed826be7a8c20243d909f96
SHA5123b0c994cc38871e1dc9e66f3227703422a90e0fd965ef9e8d6afee428831a1cfe12a3ce772c07792ee7dad2566d051d4f473808206dab0b5b778be0e7c984d82
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD52ab2982d1813fb7d86542a6c2bd0d085
SHA116de5ae291ed98c15adbca0d075c77da83a0b9b1
SHA256a0ae6f2d9b029b16bad758a8d37849f334e0223e5ea66cc0f04c81898fbc1f0a
SHA5122b5bd53c0957bd6c608107c611fc029c476f892c179b51ae1376637601a2933be70361159efdae45ad551bea136fcbe722ffa8401ffe2f14ef82470aa8a982b8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD548baa8ac235ffe3d72d60a14e17e19f6
SHA15d9443f982b9ef4e1da3d416ab83130f15b3bb9d
SHA256742404112f941f4510c445cb8268e541d6755fcc25f27aa678ba2f0abcea28ff
SHA5120f1500ed07024286df12b61892c818c5ee2c1692099abf3b324733279c2091e848c2077c8572e26aecd65c32df1da357295d60de8ef45a38c18796681977e043
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD52734e54e1e91a0c7191e361fdb7b79e8
SHA1df1d3baad8a423687871b3affb9d48f42aa3a70f
SHA256da8ac982c34a3c9ff68cba326cb262389ae725e631a7f6f67317dc5dc34c15e5
SHA51258a8a6a4bd9803044b634bb946c9774c26e58e17ab31ae022feb8d9b17ec764b8b12932411513d553b103577c023ab122de376e2f8172350a08a01fa25733778
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5328cd3e1455f9de213c32dc8beb16e3c
SHA154bc93819411cbe6bac5ababd0c87b16bff7c849
SHA2568262e114d4c687d29591c539136df6c5f5422f4475d46dbe83d25f17cdf2b4ef
SHA512c35bc276b01e15cb57aee17783e10ba14143952f26c2dab9f6cb6c5d124ae2035cc086eff6f543fa128f69cec898a5127c243af7730d3d4d0f1163091c66b7cf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5e42db9b9a6b45551d4473db0196c0527
SHA1a45b466a248c573ae82c789c34f4c74e090b748f
SHA256f6228811c6bb4146adf940401c02417a1b658c79dd80621feff44a4347abefbf
SHA512fac1ce59467926f77b5bb4de3e4999705bc24e8c3495c06187b1eb94affb8f7d81816300f7f4ad64672f3641e6961ad5a21b6b8c92f329c2581a66d89c0ec152
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5db352cf00d84cd108570a639d944af1e
SHA1652c9d6b015ef51d14ef650291b4806094d89d30
SHA2564d2c5830e207340bec3d454963587606812f8de1bc509d6f1ec319b80238573e
SHA51288c53e440764cb72c55f88da8a00051c4188068309ae052ee35b93371d32699735327d9ec5b5eb7824bc56bfeb7cf20cc50ee510716c7a09f7b52ba4afcdf742
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD55014af0ad40c101afee4db5f180cd61c
SHA1f857b80865786a07780b5b416ab282207cdaa167
SHA2569493ff547a300f93dae68faa552a0d5f5d03ae1823899454938b0c8f0c541c96
SHA512946a35344160ceea92118e1a197af938ce8ea0bb4d65a8aa4f96442c8fc00f00dd864e8d0a2bbf73425a836432f731f508cbcee269cd5f2b5eb559b0a3c87b81
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5bd7bc31a4dbcf7d1589ba569ac1be3d8
SHA1a835a4e13541673304b5e80a1b446827a777e3ab
SHA25608b7ddb9d5cedc4e41e8da038b2cc8f65e610d6b77255f37e9f5b53465a107bd
SHA51263a50905981628f9a4c2ab3e53809dfb927d3a6eb169f106ba833af809357844e56acb2304e6266679309bda6c3af874e3c66267959503df1178af067e7d8ff2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5ab039f5901d719646d2b5cae62e68224
SHA1bb7906585fca4e964fdd991959b4f7876bfcb011
SHA25619b1c542a02a93c9a57a5ef7bec05389de2e73661ffb702156116ceee073e7d9
SHA51215f33367d6f08432c3d1f4a0e0b6e9916eb3436dfbe4f8016419ae0d8767f5900a7e447304af018b022a1bc9998865d4ffd0830dbe3ea5d95cd5a57bc7b723f1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5387cc456f6c5701ea906293c56cea33a
SHA14e07af7cd53ddeb0748a288192c80da3f56e8641
SHA2566fe3cada86ec766bfa5d062fea28493f7204634b4f779f7aab568b7a2d126124
SHA512104dace375bcd027cd5919135c23ebc486b9fa51a92b6fa912ca9c52a7741beb11de94fb7ef8f19386fdd8b23b3535061630985a911fbb8e1d22f5b3a5e6cce7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5b44b6a036e4859d82909081d39f2883b
SHA1a9e5aac9642cb66c2c73011bd4192d2ac84fa7d8
SHA2568b6666998a33317fe785bf676d6a9da4bc00f58145793a7f7d915ce37c8625cc
SHA512cd2f9a29882a994f91676393623e09c9934227dc6e531a64191b49f555264dac7ba560d6f971c768dc82d0a09a2e78aa86d252b5f7bede120d9e5cd4956a3f52
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5abbe204b3b033c80529a84e18af91789
SHA147aa13bfde87a749cb81aba920ca76c10b14cd1d
SHA2568a022548a2daf2abd4c8a6e78e74c31d8b61d961aa788d29151beb0b52b67910
SHA5125862e52c82efc72851778023f9bcb1647456ac8a6c7861f9cbbb8dfe62aafa90daa73e08a26b25f050378c91cc0f3b183d0f0ec17cb97969ccd8bd1fd121240a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD54524144ef3e91a77c0022c5d1f83aa5b
SHA100a07f45b58b70ebf3a7f08c2419c408f8b393a2
SHA2568a253f39c07cbaa11be80f755a9924c09c7d9b60744f409b6ab64c4bee0dc6bb
SHA512b6581da67dfaad4b806f0bc44b2c22b94c56ae476c1ce4769600ba2bfa4cffd2f59f14face285b225f699bd78189281bd9b1c978b99bea1e4e2231398d072b31
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD597bcf19fc5aaa892ae66789a7b3b1a77
SHA1034c3507ee6c9ff4587484d4abca2f2985124afc
SHA25622c6d0d11bd3a540c410a73c3f2bb2dfed4f63e43403f34b4c4689a0e1cb14ec
SHA512d212ea442cac34cb96e712d1daf79880a8040774e2a11f88751c97e5f33711dc32daff5a090e9960725ead6f1b41b9c6252d8216e5c3f2f0fdd688ad90fa7024
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD540e0e8033f50dba27d2b38182043ae8f
SHA15e9b6836a00e0aade3fa89ca20dc2febbd76fc95
SHA2561a1116d8c79328f776a5ae8c8f31ba92e46ab0b614c533912d1302f0f3416244
SHA5124031e8201644674b042ebce15dfce30407f48c961328662b99c1b74f75afc35f7a6e92a0a272c634243ea6fa51850a51a7b6da0e9e8be9faedb3b265a8bfbf39
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5cc758ec02fc21340e24667399c67412e
SHA1c6017d8f811a88e4bef5ba67e70dcb9fcebed499
SHA2569befb363e22d7fc234c446f00c3a0cad05990f43e2918272c4130f0d0af2fe86
SHA51294a9dd82f21fb2de2073c5cc01ffb27461ad019de704eda61802e1cffa2aed5b31c562160b969b63873ecea2414e595006b819c91636c99bcb54702eb21396bc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD50b2ea6483c1f1c7511401a188de49a51
SHA121ddb46e5be61ef251d622220605ff07c5cf7277
SHA2561d49f74f20e9ad11a0d2c51d519e8cdf19d5ecf61cde42116c0bd51d3c51b75f
SHA5128ab2232c927224ec8ce8cb007609a567a915aac66d92df7c61021051c2c2cc7ce3568c059bd765109ab4a5e2be972da88863efd73fad0105ce0068d2fc28ed98
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5e57a23cf69d7f43d2bbdac6f2fea50dc
SHA131437ccb6d31e2651d7b084de26e85e7e67e2b1c
SHA25664a6293d8edadfe062a2cf84e982260cf4ca8678de805748aa41faea66e2e0aa
SHA512a5884c88730f8fd4aa02b47f7bb43b526c2bfc77ffc5bb699a34601040ab7023f81fe702948ce3420cf31abb86f50af84780dffa318080503ed2cb7cf2759707
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD571546893e1d39114c5dff9b181a62773
SHA1e01d07dbf1e9a31351e3d8bdfe44c9ae3ff38933
SHA256341ae7ee3386a991597bf05422bcba9ab6a69c53ce447eacc51bed115dc929a5
SHA5122decbb5d82492e8279393a0f39ebb0eda1a8c8433c1433e35b1953ac6ec4c767c1d43b9f59356e4184a581f32ca84397a7e9ffab14a70a72229b6851424810d1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5b2f3255d1ed70a7164cbfe5dde888be3
SHA1b498175ce7ac6f27d2d9ed62c9ec46e471942c2b
SHA256a317dced0c56d2c94ee5f2215d76dfa05e399175148ab72a8232dd066a375ce1
SHA512e8d60563b5865515d8fdc4b1702adac51d1387d8b790b2afe14b26df2e2d937f399ddbb3d0e800176a52d4fa9bdbdc1d1fb5278662d5cca8e74d65f21ffb1ee8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD52398bf770e9068aa171128e245bc8c72
SHA1b3711e8c58be70bd1d1ff5c1746aaf322059485d
SHA25639fbe02858f4b9d356c56ef03067166c9c39dc5e854bc991c58bac4bdcb88382
SHA512c7595fa1956f4fe9874cd102c57c65488c142ea11f015cac225f18deef96dc74981ddd574721e3b780a99145c54b8c0f80128c1f211620ff9ba4e252526d73b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD540493289f5ddd4d2711be147a2dc364c
SHA1a89efd570502c87c24d49f91404ea5fdd02a578d
SHA25606bd469a34e90736252ebfd39dfa6633a890c2aae24222ed98f564128803337e
SHA512817ac1cecec326d7b372f85fb90ff071c630d4a6d4ccd28a7d65d5123287af2617066fd6346fe6effd3fe977d1ac21174b57f81f353c9cc309ee408779af1042
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD577902dba31964ecf667c70a7c7cf5ce2
SHA185e3a9365d2698a93c226fa17d4741394c69e4fc
SHA256428efef442fd5bc7b17e87fa259842cb1359dd72a7fbc68fbd3b7916fb7bbd5c
SHA512d5a6bc296e07476c66539f349718539be3f1358c0bfdcb95885cfa7dab6028e34b3465f71d0a94a0b12ead0235d2cc8dda566ee6479c6fd6ea6f40bab7ff870a
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD57cbd863912ba57c9a1e21204bd14d2fe
SHA17aa39635a822194ba3580abaac0c78fa5b4e166a
SHA2560c81a1daf777c4ad0b1e1ecc9a1a76981baa57d60e33aefc26bd7ff6a2e0eeed
SHA512954514301d72845c62904ab03f35574dab6ba72f24d376caf907b66f97f626458f7df8e74dde36f6c9fae951e39ec53013da0fe01ac666dc1b2fd945195d39e5
-
Filesize
282B
MD569a98ef655778f1cb3764a923acbae80
SHA122683321e95c9a631039d15fc49ac5d3e639ac54
SHA2562ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e
SHA512610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2
-
Filesize
153B
MD50341912209d84b4389154bafe67762fa
SHA1875d6665fd9e945c2d29ccb185ad7d565de1e7ea
SHA2566ee7f0752f66ddab52ea7a747dabebba5200bfcb614f89c7aa6e238c9ff1632f
SHA512883eb411d91a1369b7e6f26273b28601264aa6839470103a7eb35613317a172da4dac85d7d2310e619426bcb428a5da8e8832a162319b6a115c30489c0dc62eb
-
Filesize
190B
MD54a43c6e7eaa35d7035721ee031c35ec6
SHA157565def31979fa30fd0396f7fb3edac4ccc9583
SHA256d139a633044be84f5f0e126b6717e91615825d7b7bbdb67fe4f855509cccf6fc
SHA51201305a69e9b9d3d755e66ca9192c86d966055b64fa2249c86f3a7cbf63175178fdf15d20b3e363af5a18113b1fb380eef7906475f8c46bb1ae2f3d6df3e889b1
-
Filesize
190B
MD5bf156af43cb4eef3de7dd47068e487ca
SHA1ed06c3fe93452a0fa270223483637c306a61af5e
SHA25601fa86fac524d8471fcc71142c74847306f48f86816006ff6a8a8052a6ca0e18
SHA5129aeed4e3ed6423fb659f3961e5b6b4f82b0f2f09bb1577acb5012717ee31039b6d36f600e5a79093cda60f9dc3641d368ba0610f6c57f779c80eba1918dcc497
-
Filesize
1KB
MD513a9a345dc0bbce042281ac688a588d4
SHA192f64d7e13481b1fc6d635f1c2e7cd69ac6ca6ba
SHA256bc6c455d95c2af0051abf7b13e96d68d9fa60e0a76fcb67e7dc248c0f7e52d8d
SHA5122148c83c1baa4989a71c640ececfcaf2491ca572a1535efcf0bc751fc3f086cde446e1cc92a8f6e0d31dbd5b096740f1a50b9dded0e42a1282a6e762ad431027
-
Filesize
31KB
MD53fba11527e6ed745f2b0c022ec1acb16
SHA13649708b4c03aa1b17baed96860f233d888c1e2e
SHA2561e2b73a3e54e48e2d907de4ded7c8cf15261b391ad6d12a9be3a22b719c61731
SHA5121ff83eb2f4cacbfcdb1c8f4e153e4ad3beab7276134d0dd0b70b8f5e47502c3b08da990db64efd8bd7f31f8ed4f69866aa3c988cd802d44b6553e12bfdb50142
-
Filesize
34KB
MD592ee532a8fa5d4a368d2c6702d943cd3
SHA1e05162dfadcab0d0f8a0cf31bc66f5e420a1823f
SHA256c2000fdad0bdc720de249dcf2f9943146ef17a394f60a13f891d63af8f26dfd4
SHA51277775660a18811d58af6442d8f4054ea05bcfc05a98523e44db5193b42df2af84d2524a1d0f64d8dcf9c33468348f45d3512ab3cd8ab40bbf6f1908f41310561
-
Filesize
23KB
MD53ffcc18e805a2e97fba39d830f7f39b8
SHA1c4dc47740c20b784fe52253ab63f052eb6d1e0cd
SHA256cb19e30beb4ac0dff28ca96162988ae6e5ea97008aedd28b1586ad1e254b3b7e
SHA51296cc0bade096bd041e0798c09cb9b4adcacb099b42249e1a1312cfe06c25f5b5c045a59b1f874c1c245f1acc1efd99c51b4137ba93391f8c04ac835fecb9fab3
-
Filesize
2KB
MD57d31ea278f843d36d3783cc06d5440dc
SHA1b74644271e498c6960366b6fef3e6d666de32a09
SHA256f07b79dfc94cde51f8480ed5f7f548b434379e9498019c7cf4097ad9ac296b33
SHA5124830731faf5768c9e86c8cab5f8ba0efea38d99aa89c986578f6301ebd1be7db7ce38334d567e5700e531dcc3db3e1424fc37b8c5437684120f3ced1d290e363
-
Filesize
1KB
MD50b03adb065aef9ab7c5e4fc2db147d7b
SHA19b2a617b342d0586d4e58d90cac4f7762cd785fc
SHA2566b5dcddb46ba4d9c01ece1b5c1d0c931a4e0c96912728aa2dedff2fd894adbda
SHA512bd58f408ac04c1b6f98397bc4d6ee279dc9baa4b3e12db7d71e5feb2c1084d779ea897e01d3a8a22626a55aa262c909969916710e3ed60a3622627015a1c38e6
-
Filesize
3KB
MD540c1a7cb2985a37514ecd2cbe3daf949
SHA137f7022e89feb55cdd1952debc34fcd8a4325e10
SHA2563107fd53084411a65625cfa611e7f02aed147bfaede00baab819ebf1b23d5e0b
SHA512e71bf907678e4af4cd05ca524736f2b42d85e60fcea172f63d0490e9e1652d84dbd20e1fadef28a0489030fda0d196b4d46bb55c03aa0b5d40694bc833bc0c66
-
Filesize
2KB
MD5ed647bec69d11463eb9bcb876141e91a
SHA1102313e254c42099f9ce1f53f1518ae888ebec07
SHA256f50cc04b58f0ac3b338d104059c5e4791b0c925c161fe70d5cb9fbcdae2ffb34
SHA5126f7b30518b7147870d522bcc7ebe9c926d7447121aa9637da4a52fa934574baf00e222caecbce7a0907e0f5094525b016fb824784e93b836a541b7c248e6847c
-
Filesize
5KB
MD57234c02e6d93e7abbf1525b0de1a5ece
SHA1ff5d520f6bdad9f1118534d202ef5c6f694a8834
SHA256ad9d0da72db38101da572b7132304e29e1412780375f7d0086131a9b545856c2
SHA51234c2a73aaecf379de97bd8f9220ed9e8e693cdea28a16d2f7c2d1799db77d9c7efe0b4ddd484594943b911ea9c98fd6c92faf2246b5db22cf40a5e706913fbff
-
Filesize
17KB
MD5c937283d4ef58540fe2c642c90416a71
SHA1487e2a32c2c41a99d0a3e571fa0a3223928ecbb1
SHA2564f924d8e480f79ab020237a20a951e9c98ff75d190d3281f8c2f5a4444fb92aa
SHA51210acc5145cb9518ec519eddb28f9c3e31ce547d63a741813efe21678788b2668c2139bb2212a24dd0c450e7e75517c4a172f8bca4f2a91cfafb4cf1e7bccf784
-
Filesize
320KB
MD521aa0a7506308402ad3018b6c5f02889
SHA1e099ba8efb95bcc85441d6bedd5afc685d36d049
SHA256939378e18b4c419b86ccd7f90d1f8d26f57b509facfadbbee2faf6b5ffb77499
SHA512702ce56f4b9a60a497adf3ac348fd062a9ae77d11d0366d9cfae3f939da64fd7a81d983682ce7347e497dd7736582a601f70aae7f56748f89597b4ef7ab28804
-
Filesize
1KB
MD5fbf6678caaeddb6feb95821508d9aa93
SHA133cb292905588f5b0e7152fd036a91d688ed2712
SHA256b255263d2702ebbb980b388480611648aef8ffd94cc4be3f97473f4fd23129a2
SHA512c82b5cf2803c2eeafb82b5cf60ca869aa099cdde13dfe20fe2386db4086b77a677a41a4fe5f47c0fa660062c45cf7a499f76c4f20ed4fee885f88d751f84ee93
-
Filesize
10KB
MD53b04e1a773ad880dbe28aa46ad3860b8
SHA16dac5078a2e27cd666c362bca8739feb1e563420
SHA256e3292919a8100b6a47247134c0443f06569257d84e6f686321f67f9e993a80e6
SHA512d9a0ba22fcac433a97375d1099cdb4039ceab3893f7ee3fe01843909a6e69e87e7166bbddf1e579662612420b1be5035b9dcae1c41e01befc2e2b04e493dc34b
-
Filesize
3KB
MD51928c06f80e35139b4d84074bec54646
SHA15a6c9eaeb72c449810de17874713f1ae35dc4558
SHA256977d411cbf11b54c24bfd9a27dd58577c6ed0a0bfee03c9a74bfa396e2cb841a
SHA512382fed6c4e60bb7bd35decd3443b60970dc4ea3a04dd0dd2e9703e98f278dfde60bc2abe4d68911b0e5368a4708f3ee448f5d1f96536bdfcda4674c9fd3ff39f
-
Filesize
162B
MD55693988b1cf24cb1d0f765cf39fed3f4
SHA10cbb968eaef54d61560e0c1aab6f7f3f64863eb4
SHA2569c15bd8c71fe8fc5e3e874c67889db5e7828388bd977d668e218178be2935760
SHA51249e10e04c0aa0afec36a47116f9c78f641a2fbfd558fb3860c8108942a8a3445a73a826da7cf02eef3378ec53feffbc306f241017f401953e1e646b5d34f92ef
-
Filesize
1KB
MD543f938e9278b6042f88a73a240444a7a
SHA1326deb18bd286077e26c425939ae0c8e8d5c4234
SHA25602458d36ea78832284a03cd620e94c59b7403a2964aa8f65bc160bf6cd74b25b
SHA5122a4946e0e3eb8f4397aaa693567829124f7b2d5c17491aa14587b249c01b984459594348f20fd5292ea9ca5cd615de69675f82b4651712caa1c1eb9dda7097af
-
Filesize
3KB
MD59277693a5a19941a3fa7b48047c875cd
SHA1b0a8164ffe9f684cb1a829162deb193b9dd981a7
SHA256a51bfe674839178b5db6f3b00f8bc29675cdfa1f0715b321627fcad02f0b7998
SHA512fd4d5232ded6dd4374ef43e8514de45bcaf9439af39c4a1cf9e65746d837571e80512c8896838d7f4379d982e550dcf4f1174b78d790f323653fc51288af2039
-
Filesize
1KB
MD5699924d19550d97ab6878818d66397b7
SHA16616dc714cbd3a401d841c552bfe62312e72c659
SHA2567162975dfff95e8a9ba01b40d22d1324144129d7bee9d6d0cefc775fec9aceae
SHA512f1eadf0ce73a5d639c2b64d266f616d18bc4d08e1a9cfcdd409b90fdb85cda22f47ff667ebd24a0c54b053115b4bb3de04d10962a8fab837892e9b3e8df6c6a9
-
Filesize
28KB
MD599f607602c90e8208d25221b95b3c879
SHA112081b345e3d905d26d5ec4b7ce63a84049b1acd
SHA2561b556f15186ed32399d387c79ff69033e49360b3761ae4d4c1de1b15c732e263
SHA512d2ffbfa1a22ec832e52bb1b6a4554b59e70a1a697ddba1925fbedff89943780e02db1f7b2210c8e4b2e4c0d02fae4df161cefd25184678ed6fa11642c52875b3
-
Filesize
2KB
MD5f3910d822391c99aac1756c17da1741b
SHA12f3daad897747bc00f0c64a51080420f7f0a6f79
SHA256e59de469e18059755b2414ec79daba9e419cc19dd10611dbfe286ad16a40ab02
SHA5129b0ea6f2274c1063d2573bcc54a4d6a4f9d8300f9a5de52c841e2b4eeafa992d2043f46a159c361e5bd5f9209fc6d16bfa49b92405007528820a51d6d41d4819
-
Filesize
1KB
MD5976569bd223d5a2e68d366ded479398b
SHA11f8424297e00ab2e42bbe37fbaddaf365084abbc
SHA2569a0e9ed892321cb85e69a77fff519bb038ad392cfd1c2487d2bd40d2f2811b4b
SHA512f44dd826882b57c04a86c2e6320049798c3d2c9b854f604711364b212e5ef8a0629a737ebfcb76e28010af39bf9b79c86e9a0435600abfd6a9eab40e6e2fd93a
-
Filesize
2KB
MD5ddd740da21de47ae72a19c9e83f3848a
SHA149fbd820ec268358c19ee0516d9a651a731eec98
SHA256c705b70726a48031f8b293bd92afedc1f1bbb582804df090cf766103323021ba
SHA5120cdeee8e7917c1cb0c0fcac948dd4063f814d189cd9c7cb30ed69c4d43f86b7fdfb7cd6962505ddf2c6ddc3811375a7079155fca469b534ad8d006c6141f34ee
-
Filesize
1KB
MD5ef86c4b8f28cd85ec558062ae284fb56
SHA1b24d4f65d7e0e283a4b7d5961fde7b601bba3923
SHA256612fc79733a5661aa87571ed6b660c1b1bbfd8f1ed35b5ca3524a50188a8729a
SHA512d142d72c43b19d4352455df691af1555b158d4efda770819703a953c4e642d76ab55e86d524fb307e64690f62bc758031ee9cb289482c6f4871e307f0b2d2c06
-
Filesize
1KB
MD53bdf6e19d8bcb0cf8b5e3f170a19e179
SHA1dd9d744e885679984a029b2a6d8bc8f94d5f5f04
SHA256486c9f14985aa88490b70c45f404734d31f57eeb203633af32e46cdaba033ffb
SHA51226decd0c1b132e3f09bb8f91400e0c0b31026d091fd625771824dab4dfec7e2dd599584dc3e787e038457ee0f49eb1ad80c935ba2a585e7e335365a17692330d
-
Filesize
1KB
MD5cafd22d36e7c8628cfd5aa04efe34ef9
SHA19571d2937559d99dae728492a061f03046167cc8
SHA2567727b43ec86644a90527392ddcd2495689ad360465c541ef274077e11ba45ff9
SHA512f7b18e94a29acd29470caa4319ae8394db7ab438cd6d8c14b14d5292bd98f9b127b536231906c694fb44c1662d32330fcd2e1bb69b8c006d9ab01222b8cb38d1
-
Filesize
3KB
MD50623299ddc0fbb5268f17939bd6b41a3
SHA11f2ac53e7fe12fd4e0b394ad5688d1d282b631ea
SHA2563268bb0873ee54a0a7fe08763988ec692de0db33ce46bd928b27314d0a9ffe2f
SHA51299c02612c0597b4bc876fdf9a797ac82f6a4fe9a582c456339a353b158af8f3705cf941b02c06a334af48c01412d58e27558989b73207f62363db7c9b1369a34
-
Filesize
2KB
MD56e71447ff2e5806cc62a41a06ce33aca
SHA172ed83e88cc7c3cece24bf3521e268000a360e53
SHA256bde5c2eb4c17ab7f31e179e63024d2506c62381e62dfd90e2f9b2649450172d8
SHA512532f81d83b888532ce4f1def8721336dcefff662d2cf9c485ff6addcfc3272f2f1e4ad7fb65e95e3d19d9dc34fec31f42383d980a4629bb2277da53e15e4730f
-
Filesize
6KB
MD57437c05a1725b43b5598602e16fc2e38
SHA1b3b694748d53862f3294461bb199359d7a8a7894
SHA2565765e90cd24ffb0f3956a5988ce234f142f33eb4e33d254d9cd7b90ec214d8ad
SHA512036adc8a54b4fa8a3035dbab1ca27591c6040009f459d3e2ad045530c69a12c5a4e6bcbef60159f224cd5066fb184209254d579db706a29cc8b78e8a3e020e07
-
Filesize
5KB
MD565f3b20e77ba3bca2946f35956eb6789
SHA11dc6dd6cf905b36a817689aaa823682955adca4a
SHA25659bbb5760bfbee046675b044885566ba02f451e4b06c958ac72fd747013c4bfa
SHA512558e374855c2d82275aacf9f5fd8686469c0b7dc2ad35a4de049fc0e92ebdc862582f5e1440b5890654dfcb48c3dea3d8f881e76809fcbf7ef460b9cc63f171c
-
Filesize
3KB
MD57cb8f0d2499effbd9f63614abf0dfe28
SHA16a76611fa3ba1dcf463921c0d1556eeaaa1b756f
SHA25652f5bfef30d1ae28994ab00048e5bb76851294ed60c516c29115b564b5c265c0
SHA512bff901e7c965e271b6f86c258075cd88189e4778ccffe1658b78c93e1bfe8e108bd8a1e4834aae8343592c100ac36c52669159df040d66a65a7fdd6858222b20
-
Filesize
2KB
MD5102f16475daafb214482ec3a7fb15791
SHA17a6a9381034f0c56173265c1f7f6ed565e919bed
SHA256afe0ac75191ac087f9f392490a89dfeca12eac21dda79710f83c7c129592e8f3
SHA512f69ee57966a05929d06d19dc07bff41d7d9b57e0246e33b6251655d4cd287cecfc2e56b49df21f5a5c73f2785e6b7daac54e81fc18579f1e83711f243e8f5a51
-
Filesize
2KB
MD501b347872c90512939d851b22002684f
SHA1d290cbae0b0d381998622407693bfec052389d25
SHA2568cd6b76e89725a370684b21f3fc59bd241160a1ffb219ce995a3443cdfc95605
SHA512e25cd555e5eb114d755deb38496947abe2c7872899a681a776ef9c9dfc2618abb6d051f7759d8ad511b1e7c70bb58a9e9c24850ce7bfe59091b3b73a11d2efd3
-
Filesize
1KB
MD5007909cabbf57304656f021fcc2a606f
SHA1fbf1a7bb59a56d357c8ffea22910a93f035f33cd
SHA256714ede395aeb0138533bd791c5f3bf556cf1dbafc1afb1e8ff598ad813489f80
SHA51239fc9e0647bf2966d9cc4c61598b84e006a9c2b56ac257b1fc4c32aae189517c348ffe0cb3b0aeda8d6d9300b80d6f9a4026f6d75fa87e5139a015703eb8ebe1
-
Filesize
1KB
MD574b618dc94a6a7c065d229c30264916c
SHA1496fa4cc4ba6ad6e31a6274265f2bbbce5b12241
SHA256f8160ed632f0d049103bbc758207ee81076fc9383e04a7e2f17e3a51b9780823
SHA512316906b5e4ffacf03a6d42171aeeee5e1961ab055d1bfd308d6801faa95deeaf596b70e7d55efae85e86caa1d5b59ea3659a71e6f8e117a639ecdfb343558211
-
Filesize
11KB
MD5ae8ac7ce2e8197f09250751a8632fd71
SHA17db53ed4b5bd41f91f9f566008fa5b0540c124c7
SHA2569c75cfc3dedae626dade66475701036df90098c465feb8ebc6dc3bff733d9dbc
SHA512e5c13d954f06dc40e07ca5a80c0991a7977091a4af8abcf66bb64e74a8af6c4bfbaa14b432f4ba9c813a52d71f58a559258e72a85af4fa3743fbf82b84dc6783
-
Filesize
1KB
MD5c475a6fe35b33d5a4939649f32962d0a
SHA10212e49c933980e7accab9cdc563853e2cb7b9fd
SHA2566f5e9cb7889342f348987cf4e6965f4089983197e7c7aeb6907853cc2eb650f8
SHA5126943cc69110a72a62abfe308f23387706367b8b4c4ef768aecb09193b9e1d2a3157e20f579a97e00fc96277cc58cb507ff9d3aa9188f138e57861faca2a7fa99
-
Filesize
2KB
MD50d06b7a0dd7e2084a7eeb0a690c43f79
SHA1ce5f43108f01f1f1ad63e0ba6193054204466fb7
SHA25628d61eb108b732c187dfa24822858e1f27d5d6e59f072d3a6c6c29d9679ff172
SHA512a8805d07118e18302e7da80a30e9642ae3ce5f038bf339630715fc78537cc25aab1de13392921e0051b54444ba24a3c175a1edf0fff680686fe6ec6cf931d123
-
Filesize
11KB
MD55c8ac5e225eac489d3b8195e741aa2e9
SHA10e1eb1592d0823130268c1b811004f50d85cb05d
SHA2567217e6a403ee96dfcaf334037678b94927071459680ef42047e9049359684baa
SHA5125b048cd0f1e5f4792beea10dc761ff8ff8cd7f32fafcbaad8957665d5328a0dec4561a80a7a593ce4b1af0b02dedcd41a2d6824988650da3d503cb625f0bad06
-
Filesize
11KB
MD55cc8d30336eb6bb3e90746d695e1d85f
SHA1ceb136403f35e595602b43ca1de1def9342b1228
SHA25693b2beb49dcdb3e0b5415312eef11f38cd2d5aed18cd11ad94f37f39ec123008
SHA51219e6db6e3babb561e4628709d513c55c43c004e2c6c35f0131803389d34ad35cc19fc91a8eb3bbbb12d0cf95c4b4f9ba0e4754a1fd15df8afb8a1db9686a4651
-
Filesize
11KB
MD57d10bdd9cbe3371f626dd6871414a7e4
SHA111817ebf9ffd1465801ae07a6f376223c8949b0e
SHA25664bf93caa0bc6350c7628f9cc847a9aace93256d849b918cf673dfe240d37a76
SHA512a8dc9b78c0ff12eea96e7ac6b5e777c22d14dd115ed7e478f48d6343dde57e39465c2c19a62c647f2691e8b37e20626612a0b604338061e1c13b4d4bb9b37092
-
Filesize
1011B
MD599b8c696c638cf1828df6102797af2da
SHA14ea11adfdbe36a4ebe5a2fae6059decb2f26eab7
SHA25680a56ff10fcd46964dff4d22a6c8359fcf171b2a029fcaa37a7ba65762f900b7
SHA512ec1ab38d9472a1c3e2c8a70578a01b2349ac9df118f71944f1633166972832841f42f90466bf75fcf62ef47988ec5b1c5ee784de6258ffc9d4aac3623b8fe4a6
-
Filesize
42B
MD5b3f1093b5fef377320cf49e397434b1b
SHA15a6e377c4f90c1550b1e7a1d7e901b8627a538f4
SHA25685e80c9bd0223fce7201f873f04b14f50e2e5cdf1de01b4f75008c938225bd04
SHA5125132b00326f95cbb9c5f9ec363eb2c9f1a4c801cb4892dc9b64367010d5c3a9611ea6b49c8e0350b5bcbf856c8a83f54e6ac881d5fb0bb9e0b050aa824675eac
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt
Filesize77KB
MD5b28e27602d9ac52295c132a968b4e968
SHA1a6b189c68f56a2a92c55f7c8eeb942ece66f22d5
SHA2563ca3b592e044af7fe92157c21fccaa7af446a7faf269dae3b6bae679efff58f1
SHA5129545f2abafe3517cb97fe6dd67dfa4c529b300c15b7343c462bed66f7e0a2417a47dc7a2677d2a575086d752e0af869865610ef4adbf84bfb8ffa735313e13c2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt
Filesize47KB
MD55e75d762e0c96f9767aff9d9cb2dd47a
SHA119cb02da15d8e7522eb07002e8abeac8276a2199
SHA256762afd3574e13ee224d995c589d3733d328c81a830c14403d9e042fddd6624ad
SHA5121324de1fd109d1a2a6d4402e09e84ecae1a29a45586442baecd2a6edd8e6f3d4d1613c1133c75ce79e5d8b3039cd682a4a353dc344cbfef72dddcceab62ec40d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt
Filesize63KB
MD5883d453a5b76f00dbe9b401aecc36806
SHA1a24fb807e1c3a51212248b7f09932e64bd02476e
SHA25610620cca7db6b5b35455773e08b92374e43851f5970a75b9c6ef3eabf12b4d0e
SHA5127a08b993ba0bae661e5d27818f42bdbe8929479d26cb666ffbc3c4e77bf6b5d7ba2b27260520f420d8719c325637a89af318426a8c9c1f038b5c7dbce558772a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt
Filesize74KB
MD501ea8306d94053413783c4c3a13c2710
SHA1e086645aaad17104f1782506f2c0ea03d20fad55
SHA2563c2af492f6dd08ba4391b7f5e8337239b6ca5346e6724c23fddddbafe9f5b9b3
SHA51234839c10a520d6d0d7e22260d9e4df7ed82e0c05d942cd409a916adb82927e7c37a5a9b832b93987490858a086676f87ef2eed35e6daccf8191fc74614bbcdbc
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD50d7041f90f056af08b1a5b7bc747abff
SHA19ac06bbd349b20245e76319949c37cddb1732805
SHA2562b24f7a23f966b420a77952874202251bd1b4e54d3222187b8dbc1bef78ae7a7
SHA512aac369b397ebf9b5a09217b4b368876a4eab9855277cb639e59d3d43242c974664fb7dbe2951b28bfe4a8ef1e1a531430e94768cac6507cb47b6478e3bb82937
-
Filesize
21KB
MD5a07a895e45bf0fdfc144f5b8c6c2b00d
SHA1184deb60fbc9bb6f044d2bbf2e8c9ee9ac5a7bc7
SHA256631f9668b71a1b982362cf2168873869f2276d2b5b2b86973d5f78e16b0c5b0d
SHA51204ecdfe76f5d14dbcfddb7fa905bbae34fecea036c2c85784d406ea8eb95236de8223bce5a130f1cd6029a835e2faef3dbf2cbeff430dc40d20edea4c45147ae
-
Filesize
1KB
MD57e8f1448984706c10cdeac9786c388f9
SHA118b2a638290331b16fe77e8708c08b874643d182
SHA256af82201ec334aa89a225bb2a90dc0b3cd3a9cdf6cd5af51648ad1815a66ba407
SHA512952f6a0270c930e753223d016e50743bf34c3987baa2dc460a044b8159f47efcb3817e0a41fc43d76afaeb0ec07da06adb3e42bac7c45e1a964aee7a337755db
-
Filesize
952B
MD5dce3b3bdbda0bd154c7a5ffa8b19ff9b
SHA15b572cf579bca6ed863c579abd38da2a6a15b9f7
SHA256231364c6e171bdd3409ad9f507e0bc0e82d685d8779d400816d8c988baa287d3
SHA5127101158b2ad3153f10726f70b232fba0220ce0b80f8c98009d9f6af724197c55c071409f2b6e57bb51d4a0a3e1f4cf8542650b12b102aeda7f80464c3fce56ce
-
Filesize
121B
MD5a781b55cdd05eb48486612b9bd9f6f7b
SHA1337815ac6fe1087c541b1bf8484b7fd7fb6f5772
SHA256b0735c50be905f6814188df60c992c9e01d31ca2b8d5b470aca0bab3c572c40f
SHA5125c5f076702f87a06b3b539946e1532cdc5af2d46d20bc9785fede43ad40c158ec5dec777972349cfb3b224ac1d682bc397569b7a4b5f58825f507e21d629146c
-
Filesize
1KB
MD5e23010c686c684ecb2d63fbdc2c4ffb9
SHA13fd05cec4a37baea827d2ea501d4ddeec89f61db
SHA2565b4b41b4528ccb4144177ca4badf33372419b8579e3efeff9a3aa7ee448e3d1e
SHA5128543e46bb5be52f9d397440b5bcf9aedcb6e8e9b930efe6c9ea78fa2e9e02e68ad1496e5561fbe537c894a08e115823c108de014a5ab2681b11b8bddda997189
-
Filesize
8KB
MD5fc877f8afdf1fa650b3a39a0665328d2
SHA15f5b9342c649e59c3d98df3f7be1457f1d24a9c4
SHA25616970ecdac85642c9a03c6d184e9769dc4fdb2fbc453a6c31d89d6b527f34576
SHA5122577bee18e3ac588c03f8bfdfcc6fc42eb213f40221203053b4117923db7ec42e8ee41304085ea20c6001111e966994e9545643b69d5992dabda1ea8d7aa33f2
-
Filesize
61B
MD5fcc3127c47793c568dc293af82c85e49
SHA1bb5634ec00d546fd8f6bfc9e9e3389940b1f4109
SHA2564b00dc6a4e432d3b0b716813996cc408f789e701cf6d4290865d8ffc28388346
SHA512de04f286af2f82cf8e719f6d1a8e3f39fbb5198a9208586e217c38b07296e9278b0826ac2726f7d8168983f0034337888ee130d80e836df7f5461cdc550f95a2
-
Filesize
914B
MD571acf686c80ce31be411b8e67aa6bea9
SHA1b04f42f3eaab70e59cabc1fbf05b6a7d9060611a
SHA256439d6132be42451165c2ad7bff719153303b5608eedb483045ff27336f9ad69d
SHA512e3759fdb3725df169aac96ed0e0e1c90d68aee0f238bd3f7088c797802803029fafce75dd7901e0e1d0ae7cd62cecf009f6913263cfbc258aa1aced7e646e688
-
Filesize
90B
MD53e2f2064298f7c511ad93c3025b15e9d
SHA1b799be96aeb18ea59f6e6a19194b74098a3d6f25
SHA2566cb147412e4390fa7a7e24deac25d232569a28445be0a6a54cbe72773263acab
SHA51282fc0adaec88287765baa4b43814c43f01b1aa24a8673634c2847e47849e44481e132a0200e887eb5ca3242b1233ec86338984c51b6204bf26fa89ccc9b4452c
-
Filesize
90B
MD51f1b9394efcb1cd877d5bd4ed63e9d2f
SHA1c02109d3e832ffcca8ef59b8381ba5f531da0c3a
SHA25660ab6f32eee13787b32d359e9781104a90297c3bce9a3b921f716c5cca9fc8d2
SHA51284badc6225a540f2f191f32931794bd3d492995fd2e694467a28d16d43baa7667a99a1da2b5bbb3de3fd28ef64153513adcc32601383db6606603274427093e6
-
Filesize
328B
MD5cf2966218168404de2ef45c2853eb907
SHA126e2dbc757c19e77e5a2c90fb7506c262ba4b473
SHA25620cbee3c4b0ed49fcb52dda081c309c24d6d7dc51169e8e34a1f968f56a9ce1b
SHA512a9265763e1375cbd3861a8279b8a6c9b7dcb0ad4645c640ff5bff4b79e319c7a3fe6ebc26bed6e9622f9af2f97b1976f0286959eebe45134e904b8ea76937373
-
Filesize
1KB
MD597f6b883b2aaba57470d2d6e13ec3814
SHA10c4baa27dbac329c08f4ce23b72170047e13f2a4
SHA256c58b5df5d73b6a25daa536cb8c1dd47847c429d4b2ec7bb623f9455a91d644ca
SHA5126f077d71fc158d775b2ad91d3a04dacefc16091dbe5f8c96f913984578102ab47d6f3adeab88d36278e2b0fba16e746a856cdb2965ccce51742ba9cd23a17982
-
Filesize
162B
MD5ff8301f63edf33faa04445bf406560b9
SHA179519dedead6dafdd4f2a2cfbd586963ee95aad7
SHA2569bc3cce66af9bbe3b0f1b57f639f6d8eef2fc66f47167075b23c7c5212616c55
SHA512b4d92175c99d9050ee3d02e98c676ed8d355d6871a3f06719b3f2bab9f6a598b8e5053b0111e3c26cd2ebdb15a19730d3999a4f3a4604366094649416fd5a19c
-
Filesize
586B
MD5a92fa0bb8d732dfa83c835f090f1de0a
SHA195428f8f6be83627f5625575ceaa4c32ffd67580
SHA2568f67a31dc43b5000eb7a03c73140ae5f2286452dea6fbd230b0f643d085be462
SHA5124788edcd98171195c2aced40bf9877f78492fc4d6b51385d957cc6a1b20f451c38c9b30885d90eac1ea1cc01f427e99efb164389d20ee3d8133bf37066061bcb
-
Filesize
124B
MD5838b57c2281bf72d723093e6a0753a6e
SHA18d052e12c52bf39212087f2474a9b67ca353cdf7
SHA25600180ef549b968a98a714be9cfd5b51344e6787d4cdd189a8f08970ece30ca74
SHA5123b3e911b69012232641abc9794ff3386ee829d49e930bd3ea323409ad23d4f1b2811eaac2a51418378731c350d99a79b7d2787905d56ceac7f4cca41389bfba9
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD56e508458e3bde95b6f2b039b8d986e6d
SHA182b9a7a83be07eaddefb9f56ab9b7221fb88d4b8
SHA256b5c3cca15aadc1f8a629c29fd5e7e297e77e9a8c1fb3ce13c2ed86ccfbae43f5
SHA512a93e6d4c4d3669c0857c9bde6ea15ccdb6296f7e52769e1e7441a0b14246bedbcab2916b697469531599d4aaed8fe91da8c513692f30128924d2fdea310927b6
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5cd6bd3a593ac1e07b647580a59ce7560
SHA11703ecc2e8b238f0a22de63203fbfd8d710209bb
SHA25625e982be8421503330f30a05dd83cf6d6c6b372645e0e2b04ae6e0b79fa39527
SHA51244235bdf2305b65bfc528d9227d8de3433081e662290d53bf4efd0db636c004c83e974e0acb608dcf3ad7712a415aed988ea23ac2fde8f8facafa2f91c4814ac
-
Filesize
8KB
MD5f634fa87ea56a3c1cfbcd5e786cd195f
SHA157a5c9dfc2eb6e31673cbd3981b351a35dc483f9
SHA2562cc83cfd8178966d576b0e26279a9c0345179b69d8c0272b1cdb93cb2e55b532
SHA512b3cc75b30d0b747c9aa27e28d00fa86c959ecd0148279c973508fb6df7e2ce1d01cf5c4f657032a185037a5f161fd4727e1d99db3e7c7a46115d5d9b29795b2f
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5580f5173fb25b7808233dc2ed3bb933a
SHA1e794d573918edf4434358f3298a59d6aec85cf6e
SHA2566911a70edf8da55228da3448534809d1c4a7813bbbcd1c659d36c84b36585bee
SHA512a081e1dc70e65907af7fd233f24ffb216ebb7c7fee967deaa29c5b38337870c36fc3355df3524bf8e0beb87b7626ac8995096451712579da07346391dcd9f13c
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5813f30791b16de3caf3ad97def132197
SHA167fddf4b493683fc30302fd95167840720720861
SHA256694041d0e85d0770e5e5e71f6838518f522d2589907d7e5710912831b4cec029
SHA51244a5389809dbe09e70ca96abc23797a4b2b0abb5776dbcbaa8cf1d6683d7269a03975938120f026eea8bbca36481ebed28124b139217d373c8715eccdc6f2505
-
Filesize
880B
MD57dbaaa4c95c00196e6280a295d079c85
SHA1e1c20e7a8d8c1f4003ff3888ba78abc92ce70ccd
SHA256b09ad4782b87ca5c9b0aae6f72afc9b6576d85811eabccbf09f6d881c91a1ce5
SHA51260fae5ed0ee27859f28a639e211d3e986e0834ce069131fffdffc38dfdc76d4a0eedf5d0781433bfb69290ffe06b22bca8b60ccf5fd9f8e7784c65336ca00641
-
Filesize
49B
MD5fb33d5529ca832faf310ccf2f818c9a1
SHA19fababed10573823f836bb1ceca70adce7f4edd2
SHA256f46faad59dd49e2957b5247b8b70c56f256db99bfc45388a30b2e67a9d3b6930
SHA512250f59bcbaeee2002a4fe16d964f2c368ee2b14e4a90dd20ace577c211738c0e27cc8f7cca45206ff52872df350400d022a10ab6895f2f223b89f22a1e7aa6eb
-
Filesize
1KB
MD50114aab619d2be16c13dee5d7b8ebb7d
SHA1c0b88f20ba19598ef46235de934f76675e918361
SHA25654ca201ab5999b00954bbe8c06fd427b1bc46f6be11dd2e9acfc59527ac5f4d0
SHA512d559d387d6816d92dc4e0e85bd86977dc5f3c36c7e9a79c65b3c97caf240262c46079f02c75586911a26cc5de160093f644ce60481995754258237639fe01a74
-
Filesize
1KB
MD57b22e24ac0de6581b5af2455ccb5018e
SHA1b0a8285b7e4610ec5be2a6d6c650a2e6216f26b5
SHA256035836416f664c28f41d12a2c795bfdd092101f58f7b4047a699e3b6f583a832
SHA5124ca3028e68424212ea662bdb5e681f6d3728cd5e5b8d1980793c17081bd1326aad33c4cc6604c38edb4ef53a60fc81b980b1d4217002ca9551c1f0a31c93a6e9
-
Filesize
1KB
MD5ba1f8b271702f6e6d4e6dd4b7ddb663f
SHA153d50744967e99a3a1de06462044acf7b719084c
SHA2561ee33efef097ac1393cdcce3f970b3db6aabef5543976c25a1c9d5e1d74dc90a
SHA512f73fac87313c812ab6563fd5af1bc111357df678f7613b1220898e794c765eea41cefe9fa7919d72edcd10a0dd2cd32deee6cf5ec7ef1dd69029d22167d962f3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5ad02b94bff42b8c356a67f0cf6c5a0b3
SHA11d064640729118ca616842037cd400e3bb2de872
SHA2566b8a6c94d2a3b6d3079785e27cd07b58c8055982d78016d68cb75e76f9cf89d0
SHA512f75f60c47961fe338034f44fe4d1b61418e97a6f6c99d1e5bb408870dd67c02d72b2ec7540e5adc6953185501f86eecd14485d78e9c15f8bd5a1d4e7300b9c3b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD53f9d3c5f665c8043defe214d0ddd18ac
SHA1259111ca7f06509067fbd7fd3ba9966d9b42ca80
SHA2567b59e02817a28e389877d1cce165213d13b342ffd9f2facaddcf244017e1c129
SHA5123eb2ace874cc75405b7ac06d99f2fc771f670785e5279c66874582da4f6609a50d70e891ec0903139e608403a8eda16ffb75a71704e02b528225cb0f5d49d383
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5b00f412c25131fe7a81ef0be6b813c25
SHA1edc9e4193eb5f939fa06f1936f0970232401f748
SHA256f4b7a09a6d007081f65972663e898e3768a4068ef69a148144cf508a02b2a45a
SHA512890472d23d3ba52ad38bbf4b1987f45261dec22dabf4ececd1a823854e213dc1d3bd90040b8c4cdfa74258d6e21a08680cd61e4c6bc1ffba0b242aa0662db884
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5bf460e2249767ee3d0d488cfa434bcf4
SHA1eedec19edf529796a472b8b120f830204c4d8fcf
SHA256108d3d67ec87f257f2d7ef034c1d9a828a7f75e72095045a3497692519e476b4
SHA5125a13c43523f41d133cef8bf470a5c292a171f8036c0cd35964558ea253c53d42634cbc5ca69660b4c000c6e1ba92ee90726c3f063360a9c16faec79822beec92
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD518f9d5befa52e131eb69dcf82d246198
SHA162f2a1b8b97d5c38b4e84824d54d9ad4c7a43f09
SHA256a54246f99eb6e4cf6e7e3110ce092924aa59325b9498752326a13d0b4c837af5
SHA512bd6325340eefc52392c7b13d621bd4a93c29c98a9c81d998720e511d61833d6d13ee270aab5ef1018bd37a394ab7eb6b7b2947468684cc917b40b6e3a3ccfa3d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5704d4b66fb96d3f0c1a9e6eda2fe31cc
SHA1c7c174f0b51bb7061ec14343b5c9c57fe6369804
SHA256ec752b7aaf578561a63a7bc55dc665f03266922a02a538ecace13d6cdf600d3a
SHA512fd484d1a5e84367557391bea5ce742a544c8fa003d869dcf6ee9e64944ba6b1352d7b9afbfff11e067e0c5078db5d4fb0b985dc3737e31d0568332419ac56c46
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD543c4797783c80bf8f22e376a073cc050
SHA136e03646d1c3184e4e8d385dbd5ddb2d2fa17b8b
SHA256a6865bb9423e5575f4bb3bc6818223eeeb5e7e4e36cfd6649c34598b37a4604d
SHA5120445d09324218f4d7780cc1a06c64d1f20c1391c413d856735ac6128614d6aa8dceb8a0579787ec0696ea6f18b8a611193ab455daee618432be9418e71e03eca
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD54d3d50008ef10829990beb4aa51aa5b9
SHA10e53ef0c808cc9917403d1b3aad1c0de3ea0d895
SHA256fe90b8dca0862799305520a98c5ca7b41ea686806edb5dd668956382c0929fc5
SHA512bcf4bf1fa346500a0e1a9a946da7fc268341d396a2a08b579b81314867bd2cfc87a97490132eeb73f903cea23b104801336df88239b62d7e480a60971d86a0df
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD54379f44f6ee0f5e3731e61d3580efcd4
SHA1e137f4739ea9ae7a6d113538b7bd15779b074146
SHA256529843e91a13ff50db91bed7f7b8853e611b7a77a701fe1dfc1112f857b8df98
SHA5127f5c892c14a49e34224c5dde3c9b75ac62885f52898aa69a44692b219dcbfec358a36cd33084ec3e06ce427adf2f63a55cbc60a597dee8e505d393058bd76781
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5f8ed34151aa5c0859d39e8e211e52e91
SHA150f17fe86f187b6a63b1b49067c6aa2742945eb5
SHA256fa3b153abdd17e5c1a164a1a8be9e560ef2616312e0c3536316fcf2d57dbd98a
SHA5129c25f9984cd5073c96473b183ea9376dcd23a08b0ce86379f11c8cc460802a146459a6c588ea384cc8019c8e7ecad8261b04af1003f8b84fd4b711a8e59d202c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD55f58d2080786ab54d02de029a1a2674e
SHA13f125831764bac2a1fea332d21d93e4e3fce7aac
SHA256e56db673b19c0e857e5e6db47503c23cc8f782ae4bfe13678655ed54f5709db9
SHA5125dcefc7c98579840e7607c7be9579d5814a02d64973d93e120a50e83dddb6cec7f4f82bfcf30e42c6a5d18564bd85f73a983cf14bd26eab63d505bdbd37de59e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD586e0213e20b1ee448a3b81b959fb468e
SHA15ab4ae99ab0c4cf1e91326e63e859e846f082486
SHA256200bf034a3358397e7ce3e21dd0400c79dc193e0a478d06801e3cc66e3b17d44
SHA512dbe018c7efc8000d15f1ddd5301d354ee7a8d2fda0d7cb2fbc5c06494080aeb7e014e0dafc96fa4ade4c2b206f0459c8459d3e78f3e768533d401ee6b347de23
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5fd2feb7bf48f151e311a5e1cfd11698d
SHA1f3f0ab91689d095f2503b55edc9da75d157038ea
SHA256467124b4aa7c87c56413110bf53274e8722acd558a31cf8154c391454d0430f2
SHA512499513feafdcc8a49aa9774911d91c4949182856c4336755531b2b35c107cf51ee994fb40fe00efd5898cf95b0dec128b667307a7c5beed2288b840691765114
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD52ed4185b7ee28574b708f962eb6e8aaf
SHA135c2d6f630db6da88177894f76abe30a5e6bfe7e
SHA2560f85961d40c3b7651f44644ce10ce3670bd7f078c29a97da5eb69387366a1aaf
SHA512b67d9af22cf9df90ee3d79296babd76faaf85c2a0fc17465a6ff204636716c2f8626e1eb7bcaa41466b8fa82df73fbba9fab81ebafb57c31ecc3c0fa18792271
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5c5fb1851a85ff7da8c2619aab069db86
SHA197385bddc0fbb3f8783a64b5f6c82c3e0b4e32b3
SHA25664588b5ae2c1282f828eeb98f0acaece259f0a59b6fde45a3b10410b83908a65
SHA5124a357db2631319696e10d2963b5bcda6fbbc6dd0ff80e11d8a70cab64ac5d3eb65241b79eac800e54ebdf5fe78bd7ba28a96a75c16e40921594439f834f5e1df
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5fa5501ed54ec20ff53a04eafae1eeb8d
SHA160485210b1a939c1a65f18d6463fbcbac2ef0441
SHA256a8ce145a5722e2545c1b2d5c345f3c68e858399815c573bb3df82aea2452e9bf
SHA512ecd87ab740270323c2d6300c87d966999c2987bcb36011f7a59426617d4b31837a01f06e2e7b0db1235f7972e9acc03942d4e911ed7d5e73bf482edc40d5543d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD558ec3e8122f546d8f6ae2b07a1cee4cd
SHA1ef0af1824a12e15e4a89d15ab49434cb703da107
SHA256018824b2c014519d80b417ce793429248dc8968fe314a55f156ab507f1c89bc1
SHA512c088f7d747e12716e6e559856395b13e8aafc4f333451203b8deb844f6a821d53c71afca86884729db1a81e9b72d2dd2c1856a29cdd6f5594729870b76d68986
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD57578292c1687bba371f4f91b88a847dc
SHA152914e256d9a7f67465e6d25ed24eb28b89b2e46
SHA2560295009eae895788c2c03a9ce31584238f11b0338e22031932a2fa54a5d24a02
SHA512cfe90e410fb18f1c4ca56bde140557df620cb78f5c3a5e01c9c26d43e9091c50204427e078b868fe4c202bffa3823e47a28548781e91b472fd764c8bcf4cd552
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5c11741ae120fe72ba5c48380aed9a89f
SHA112f13637ec392892e2dbfe40e2728a31824d06be
SHA2563f8d93d58cdd1e886e2b75d84df98869a4b91ba6afc87fa02815e217d7fec328
SHA51205a47a9f5a46fc094c842dd65f7ff169ec2a6ea693b314f225edff705a0a697fbcf18745680f8a1338e6c00627425014022d827be35c6bfc8ffa4a1524075eb9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD50e9c754b2aa950d0fac3777453d379df
SHA1c03d879f5f37a361b8518e13d85a29cdb6cb8d01
SHA25698214033f0ef5c2ea0e9e83a263d9d1e97919b9c11268ec8fa2b5818f36a2d3e
SHA5128d1e5bd9b41f240403fd2e829e163d164173aeeddc4ab63cd29b1d215723d54dffbfc289e720f897708dd0a317938f83ea9e3002de1ab2953f710258df0cc5cb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5ad6bf38ff193e60f78eefc07f412c5f4
SHA1ff6062e02ff90c46f37678ce6d66ae5973e74898
SHA256606d711e300e3883693981266ad2dfb1be164754a96ec24b944f8decea8e3d5e
SHA5123aeb30fe01e0440ff8d4270e1361fa96fce23374f083ac994759ef7e7857c282b30504e672591a82a40dda900176a074ca33dd42230c58927042aaf0faad224e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5f03753d1da476e09930714df2d9e804c
SHA1f4b17e20a315d58b4a11c0575ba3ff926a7f33c2
SHA2561746e178c390a951b071ed81e454aafb960b7b6cac709f245c10d1603852f7bc
SHA512075f2c2d8d53c0af1c63a32ead73b0b7194957e1525b0e4f38e360eac966116e595a00b058378e5c32e8062901ebc5971564176adfdfbb0c88d3c66b02af4536
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5f2b4624cb4786ecd7c92d713bbbe2569
SHA1ebbe029f779ba87696b0e3b1c68e383bd55a97df
SHA2564011ae786a47d498c8f5c3657269cabc1d8891cd4bc04f941bdc720f2839eeed
SHA512c7c2eefebcb97622890465053badf08b6842eae40afddd5e8156239b64be75c42ac01ab9f311416a543c3a4e454b98e9cdf252dd2f5fcbb2ef300846fbdc900d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5b6598f3bd0a2201216bacb83eb431afd
SHA13f6d63aa7977db8076c6f6563c2126078928e3ab
SHA256f1362dca72c822926f942534d6c5c411a896186699be2ed91efc64c47a539736
SHA5120904fcb184f04f5d267fd7c140565c92d1be2da4bbd65f2e30592714c580407549b179dd1d7530ed5173e6f2483eac3f3161139fb4be1e1867e4ebea51d9c8cc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5d6dd4beac882f186f01301b09297ea67
SHA17de137fabb6a6b72176e2473f38c52869e5b0c99
SHA256d697d161daa29d63a78b1ab28c38df07fe694c4155d481cddd01c31241d42dfa
SHA51244b287d240742d8443dbbda0363b9472a56018f99f4a3532203c2c3223bead64b8349e20952828c63970f886b00b3edb3cd43d6c45caa86a13269287236e829c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5fae1429e0badd5ef32afccbcf91f2d1a
SHA1fdea7f003cbb248b7f07726a918cade60683d0f5
SHA256a3aa009be4b1432f38c1b870f47db89d693b13a3d70dfdf58bf3628dca05a5d7
SHA512cc496797ead3c3265234845b2ae3ee4a828f5860222841c6876bb64bbcd15030dc40cf697e72739e756b0ca1fd38a72201f0910aca55e961117b6342d53e2bf8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD50504355e7f98c786779aaa374fafbe05
SHA1fd82b0205ba53f88262a3e4a460844cfbd9fb702
SHA25648e912039d4eda34232979decc194bfbbe0bc3beb5fba429e389b98eb1820cac
SHA512b85be7f97ff77ae932fd380d22336b7964b64c11013e0aeb666fce67f35e7466f5cf40ecc3c0ebe6721e73b4a2ddb12d6ba56f0877ed99386f4e0f5c863a5d6a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD579e79dbfb2aaeb06527d7ee2b87a8fef
SHA1f7cf9b976a560f0f5d7eee4321618850918d5407
SHA256be8587b5bd4be1694682db4ee06195207fad98622f40fe505221cff406047331
SHA5122c3464c6bd7cf24bb7b0b7147f6ffc155b91295cbf404fa0af05c76d820eee4b2189591f4185f366c886be2c179aeeda26ced6f164656a4edb02c73e6d40bb63
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5009250cc16f6551a0c1f2596dab51b6c
SHA19fca3ca6b02927cdce31e745d3f18d0884693ac8
SHA256aca0e0133724384f9388b0a6e68c7ef2d9d99bdb5e2da8bd9bb1818c2b052b5c
SHA512a3a97eabc4b103aca41127731759e3904e263c64c00c35564525830554196e40942184f1e923c118b711299c150c18ada8b61c983a4b73c0061c48eaafa2e4e9
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD59116c8f782413feb2c3fefa01d29de1e
SHA1aebac7b9f107abf48984aba67f706ef53d650b04
SHA256d2b5bb67d5deb1b38b0b49efbb5de8cdf70c392d55f04d13180fc51125e84676
SHA512d85e8d388239c8bfc1e448733511eb9c60d60b2ffafb170b200062b42747f824cb2fe56fde36f92ea8253321078edefe957ad18b832de3832b73c836f11a88fc
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD55520d940170577b5c44d392639b9d001
SHA1dcd6e8b3f08d34ae79b923808015fb2721b490f4
SHA25669ba9434832207223880e2cd8f1784d8b20f34742fbe273bf283702ae257389d
SHA512144ab440af1fba78484e9e1166856b19f842d8eb256c998d889dd15f8cf8a9ed31bc9f92e9d63191ecbe8cc8055ed94c7407b95d9a023d9ce1cb9b91646ceefb
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5c8899517e46ddcbf39a5850e32ada735
SHA112ade86783308bfb605596f3aea0299eb622dc2e
SHA2568d14dd658d5aad1188c58a863911de8f813292615170d3fe13e585b85e867a99
SHA512612ae31cd4d134dd74fc3576f4678a3fc239c0547df1c504f3196def3e9de8a4637c8929697a028e09a251f8579c9a60d6333fb4c23358f961493492e95ee79f
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD51afc7c8e2200090dc4d1f687fe790baa
SHA121330845252ffbcf611bf0b9442b778ed995fa25
SHA25630b77debb383a4cc40f5870adbdbb85dd818a78057a682f9888ef8465188e6b0
SHA512556eae68609e0c63570f7bd0f30ce8735025456ef81b7e6161a70be085481c6a5d0ed4ba7b17a023c853b4ac88270932bbc9af87b23fe303c787982dd6ce663a