Analysis
-
max time kernel
121s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
03-11-2024 16:38
Behavioral task
behavioral1
Sample
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
-
Size
283KB
-
MD5
8c73ee4586554064c95b1aa1c2d753ea
-
SHA1
0d7fb93b497918ddb40966c60506f64884761338
-
SHA256
be8b11c92d36656054634bd0b42f97323804d4dc19d48779635f60267e3779b1
-
SHA512
fe182b7feff2c22cac5470ef24d8908f1a62666000333f494b7b6062e32611e2ceccb63db317a278401ab9a90b45b4a7d64dc74c110eb398a322e18da4138e72
-
SSDEEP
6144:E50K5shpcMMQEhdubxEXwiI1GA0qPmbtE:xqshpcQbxM60Q
Malware Config
Signatures
-
Renames multiple (2200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_7a75739c411a71d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcd.inf_amd64_43b149b35876b241\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_tapedrive.inf_amd64_a3a36e8f2c921ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_9f214efed426c12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_096c9e42fe4749d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_416a5877e9180787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_wceusbs.inf_amd64_1ba398d9da634d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\stexstor.inf_amd64_fefc1160d15aa667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmracal.inf_amd64_dd534e815632509c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mssmbios.inf_amd64_9fc7fe03de136fc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsCodecsRaw.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\iknaacfhhkggjloo.bmp" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\WebviewOffline.html 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-100.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-72_altform-lightunplated.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\README.html 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-32.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-16_contrast-black.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsMedTile.scale-100.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-32.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-150.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-150.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-32.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\hrtfs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextDark.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\Shield.targetsize-44_contrast-black.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\SmallTile.scale-200.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations_retina.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\28.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyShare.scale-200.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-32.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-200.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16_altform-unplated.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-64.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-200.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\AppIcon.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-150.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-lightunplated.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_retina.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SplashWideTile.scale-200_contrast-black.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-20_altform-unplated_contrast-black.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_contrast-black.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-lightunplated.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Policy.1.0.Microsoft.PowerShell.Commands.Utility\v4.0_1.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-desktopdispbroker_31bf3856ad364e35_10.0.19041.84_none_f466a1720e031a89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..ncham-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_1416e2e7d1daad90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_10.0.19041.1_none_b2ed9fb4f59d9e01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_it-it_91954f4ba4039702\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b52a95cbd34a17c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.19041.1023_none_2cd9cc4237e09b91\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\activeFrameGlyph.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_9ab8b6ad77a0f77d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-installers-onecore_31bf3856ad364e35_10.0.19041.1220_none_607ecba15a9ac14b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.virtualiz...client.6.2.wizards_31bf3856ad364e35_10.0.19041.1_none_81808bbf748e856b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_sbp2.inf_31bf3856ad364e35_10.0.19041.1288_none_4c640068a862a7fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_10.0.19041.746_none_6fecf6012ef3141e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-edge-edgecontent_31bf3856ad364e35_10.0.19041.264_none_1e104b5734e6411c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\alert_sml.gif 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_009d4d89aac87804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..-analog-brokeredapi_31bf3856ad364e35_10.0.19041.746_none_8984b99a9459e3bc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sensors-core.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_882e281c7c6ccbd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wmvdecod.resources_31bf3856ad364e35_10.0.19041.1_it-it_a98e03061c9653c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.componentmod..istration.resources_b77a5c561934e089_4.0.15805.0_it-it_420fe8fc7e65d4a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-webdavredir-helper_31bf3856ad364e35_10.0.19041.546_none_1ceca467919e9cbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq.resources\v4.0_4.0.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.264_none_8c2e2c91b5f05dfa\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_5d90f063285112f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\critical.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-edp-wpbcreds-library_31bf3856ad364e35_10.0.19041.1_none_9842846a8fd6ee3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-cdp-api_31bf3856ad364e35_10.0.19041.117_none_c4877fb7073128d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ransformers-onecore_31bf3856ad364e35_10.0.19041.1220_none_991910c7b0b48e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.numerics.resources_b77a5c561934e089_4.0.15805.0_es-es_bfed44a576255b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_10.0.19041.1_none_2025151cadd018c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_lv-lv_642b8f0070c4d4ce\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\RibbonToast.scale-125.png 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_34fe2048c3e6edf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-msc.resources_31bf3856ad364e35_10.0.19041.1_it-it_8819a9914a09e06d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ent-platforminterop_31bf3856ad364e35_10.0.19041.746_none_fa9c05ef68273981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-securitycenter-broker_31bf3856ad364e35_10.0.19041.1_none_1b857923d13e1793\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1023_none_d3d892f3280079d7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_10.0.19041.1_de-de_35ea74521801cdd9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mtfserver_31bf3856ad364e35_10.0.19041.1023_none_22fd90109cbc51cc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..formers-shell-extra_31bf3856ad364e35_10.0.19041.262_none_c7ee6cf3dc0cb05b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..nvservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_cce352a7a385d731\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_eventviewersettings.resources_31bf3856ad364e35_10.0.19041.1_en-us_5777aa4d67a2a7e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1202_none_64787bc082e26efd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_10.0.19041.789_none_ffe75708b42fd74f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5d563c5058a2e407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.19041.1237_none_5f00842b9149cc7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.resources_b77a5c561934e089_4.0.15805.0_de-de_c1250cd3a7697328\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_10.0.19041.1288_none_140fe810a6ea5048\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d2e1638e6ca3447f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_0c47983f4a48e577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ll-broker.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_07813520e153f3ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ipmiprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d4861f106898cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1_es-es_2dd92517560ca6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_10.0.19041.1_none_a987c4762e046692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..cess-poom.resources_31bf3856ad364e35_10.0.19041.1_it-it_c6ad66ca42443af4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\invalidcert.htm 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-cred-library_31bf3856ad364e35_10.0.19041.1_none_754052fd31c4ba96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\http_403.htm 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\500-19.htm 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_10.0.19041.1_none_910333b84fcf455a\img0_1200x1920.jpg 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sud.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b9ce0b804c10b3c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic.resources_31bf3856ad364e35_10.0.19041.1_en-us_91b8aab78c172da0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_10.0.19041.789_none_55d7563694358729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\MiguiControls.Resources\v4.0_1.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe,0" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73coU0cSJSUWrCG.exe" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "MKNSZGTTFCJOYYL" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\DefaultIcon 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell\open\command 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\shell 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MKNSZGTTFCJOYYL\ = "CRYPTED!" 8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8c73ee4586554064c95b1aa1c2d753ea_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD57c93ef0503cf67ab39c6a819f25f9be7
SHA1faa8ec2027f8b48efc74e1d0bfa556b3450c95fe
SHA2560db3f3050152f213bf0a7d2d6dc0733dff842afbaef46372ccb9e00651436b62
SHA51278f23f6fd2b7f35e9d34c5a59f5a5af0e354cc74fd7e28fcb43feb76145851cd0f53d4a4f34a138e41da1c115fae3605f06702124a4cb581a5148cdeab6fc4df
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD593784969ca1daa6bb3ab5ea1e6778b50
SHA148efb98014daa792c2510057069be74007d2a381
SHA25693c6f371bb9251268d105a90c0e643bf4322aa7ed8da79445dbe37176e0cf0eb
SHA512e71597ede5a4e52880f84f43a34220cfc8ed3c1a65a52c6345127fb1d8045dbc9761e64b260671ee11a15de3fb8dfd2a2c7c2a41633e832561096ba6d25ba3e5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5ac60cf4a3ea29d6a29a9728ed3a74f2b
SHA1674c71dbe9f7f14bfc0297a382e74c9ef6d1b639
SHA256289ed309a1a7f3fdbe1d6a32cfdb225786d5fa615c95c39524e62d8b6db97e21
SHA5124688312a1c702f100d48bd0d7c66c4212f1590e00d95765c24890b1c7a36e1e7c4ed9c6a31056fb0d391b7a05a6ecca2ddd7b153399f707e4694f6f91a387dc8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5d8605c0ad752c9401f718791f1f6f7c1
SHA1e80bd2fdb946c3df81ade9aec090c8fba987f638
SHA256838c5d7872551743e017118083d88e8ca15601595fe3c364ef6c1f59a65873e1
SHA512ca906ca20f552af9912f27ee07c8a9b72082845035e4e3ddc50d31faef45ce5ecf5098c7ed1574a345ef218d20e36942bf3311b25129dccaa5337d18c3595ad1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5faad68e2bee41ed3bc60c1c6954e6076
SHA16ec5a9c1ac534c52f7e949c23dbe78414201d502
SHA25631c8562e36959ea1aab91f47c4c4a4b3c3af3aa5b6798eaccc4a00b561149ec5
SHA5123263163fb6815c95c6ee122af46d08bd510ae7c8a83e45dd1fad16236d50949ff17bf333dbf6e8784a4ca0c44548283b5904d70bc47fbfb4943e4126579ba624
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD58ff5b6c458b264ae3f7d7ffcd9a06212
SHA1d8628328f43d9dd728b430786f413247975bfe11
SHA25607823216df82e0389f6923ecc051f51d1e7be912d05d78f3e30101498499d74d
SHA5120a390dfda7d45392f9a1a92ba47d5130c1f295be170ad1efa7faa1bb1c91872cab39ac549207a4134a4ae8200c1406be661312f7d710e49d2cb2bcbdb3f4b679
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD580aefd4d6ac89c8bfb0468e3065044ea
SHA1657d422d7832f082d0d7ce9ca65da44abf11a02c
SHA2565821944d915970bf7dd7f674f78d27eaaa391452cfbed5d932a06bd177cf9a4a
SHA51282f8bccb6a209f483c7463a231d676f595bc1a324134160e919f2dc245d0d2a72e4880fa4de67808312867f5b4130f5a5e01469aa91405f25374ae5af80b19e9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5c65575b8e72ef3e7294ef13483b66d31
SHA1cdd52bb08703da37244cefc0030d84b72462b67f
SHA256321d82e9c643477b3ee765914ea25e011c5a816e89bc37ac73b55966106c4b22
SHA5127b65b414111e3913747d96cd10513cd9b10148e92e2effb207a415193b51de263595993f2e0881a13d13cfdd6a00c4dd7ea4cd356a43a7d7735335623c15eef2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5f1b68075371e129b85ca4678d7b58d9a
SHA15111d70724f7b519db4b590b8eb0b88f88605b25
SHA256ce9bed8c2077234be83842a47f463f02f888355a994d6f9a920f1c7dc6b8084e
SHA5128903b4eecde4aa83e04caa0f95923952ea90b5dcbbd776cb4a7d328e4918bcf1b5f57ca46f1f70b96960deee4424c6b5963740c897f4878aba4d780786185d2a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5337457a3bf9c0fac0c6b4eb06d5d96f0
SHA16108035395869c0161a302680866f71aebbd8811
SHA2560e17e8fab7add8bc251cea1cea64333b5063268a91ef5fcdd9873a67f12c5b4c
SHA512eb8644c74cec148a49855c05d1be4cc80c0e44d784d4d8336e858bb4ead71f70dd4d6282ec9b14b602ee9d70358e70eb6427ffd7fad810aab740aacbc37d53aa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD53aa56eb6ee3c3d3b75c18456c7cc530d
SHA1c8449f2c6f1b01d31551dd6f8fb4021e9c411d8e
SHA256abd88b61096af822a60789f4968800d041f0a89be9522d62df8bc6a9782abca0
SHA51226bc94a0da8959e49eed74a963e2052452c9d0d966bc099301774dc1941c493c28fb38f3a52775c0cf3d0b5a9280eae545567849a624499e78bb0366308c3b16
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5d62f1db51dcfd2fcac1b9e044b859ff6
SHA156c4b77a5bafd4b5a7a7d88d9e8ad506d93c09c1
SHA256b3be68a2367295501501462c35e67d70a889e6662dc195998e46e0ab27a97acf
SHA512583462a4d1cf20e606297cc3a9696cb3dbf5069c7e411773447c628ea5e351c5ae92853bab4a5958269d7d060c0dc4df52d381884b69ac54c72178789a434fb3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5e7233b226c0e1c6188b4c0ff6cf034a8
SHA11696d400647ad560ab9ef9c190561cf863eb4783
SHA2565401869011418e4ae5a5c4442898dfcc5dc542b51c2c9afdd42329b0450fb0f2
SHA51211220c9af2205028297d7c493a1dd0b2ff1b7b27d21312e30c5eb80fdc953607f01a8d907b11469e5ed9b4b920adb66a856d0675f5b8bb7827e2c37ff0b18da3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD538fd1adabb8fa4015b238ee6be1b2773
SHA14faecc4358b3eaed3fabdea56a6b53cd13f9a796
SHA256f2ca7c00e03830a3ad6884a7dc7338aa6a22288bdfed2ac7d41bab3c7369190d
SHA512b375c71cd3963ac33d6720f0608c1b2446c636d39a6e0e5a04d0ff954356f59b971f42508314e50edfbd6516ba373a1f13cf41bf762095484b094c7284d8ea55
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5c9f4170426f4bb4389d7c4d73cbf7e89
SHA171c261c83d1c72c6ffd374f734c9c3fa5ea2ff7c
SHA2563c9a7e97e2d5542b437819986b23cf639e87e923a6c90f969cd6387e34be7af2
SHA5121aebd6b127cb6ca91d62665cb0f0a8cef9cbe912987687ffd67d21ebfce75c4c1c00dcaa86d20c1cdf5f7f64fc7067ae424a60449ed7432c560b1526981b0b66
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5f6e6c71d73d1bc398594a87f889403ef
SHA13bae50fe5dd1cb98cfcac5c6ef0ead6a921c447f
SHA2561bb1659305c803b73c9a37210c7686755c6102fbdc35eac6165c388439ce8f44
SHA512bd73b65dfa6327f46b506b2a8cce39a7ce1c182f0527dcfa788667b584f6670212a348960c9578490595af11d3e5049aa4271c71c96fa46fb0369e99ba5dc963
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD545367afd8adae22a0b6e112e0609dacb
SHA1f09135cf2cc8ce5b84fb3f1efaabb10d49d728d1
SHA256f57a45565a52f9f0808cd8a95877a11b99a2aced5c959d0b29becfb46070ac6d
SHA51208e7d73f02cea4c3740084de25acf2794080a8a944bdd466909aa7bbc6a0f5b0f9817bc34d1c9e4f70c9a64d879e9710f6fbf0357b8f06a45080c0b584f5c5ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5885da9af537f5656f777e370a978d36d
SHA1cdcbac130cb6bcbb8f7f30067ff1c3150ea510fe
SHA256dde9b11ef5e8ade036a0a57405bf5a8961b7cf5eb05c19c17c94b02e58f084f1
SHA512ce49ebb1976d989216b56ac72df5aeec98695684008369f3de375542d3886e93842a4127ba3aea2eb38dc6a38e3fe97be0807035d12ca8e12735ca5acbc68df2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD584278854c7f7cf9bccd2790e7368c366
SHA1f34762cca88667094bb248cce0eab6d8b01b1f20
SHA256fe27edfb0344553ecd31aa3088c7b8c61ae3ff26df7b446798d58df7a4f7c1d4
SHA5120ce897121109656d9b6877a9e82e22f53833298d24aff86f588fd5ef7186b4ebabc7486565162af6b5c92f649701ae8a3428ea267133a91e67dfdd6dd7a04e07
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD504fbdc8c711d7fe484520d16644cb90d
SHA1ea4395026f42391905b97633ccab053274074f39
SHA256729ad3e4d218161c3d58539bd50cc13ad0f74ce43afcf196687536890d14fa1e
SHA512e070d7c2461051b79dc6ff0ab3e5ec649e4924f26840e2d9eda2ed887c68c77f9315eff9ee8d882e048258eadf2edeb867286b210f98e74c4e03c7749658c43e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD54898ae14f56a0ccc0c69e0cfc00e1026
SHA1b47c3b4ef908c0d66682a66006a88dc07ae9a864
SHA2564ce9faf27f9e4bc89a666f26eac11c669594ae337d7ab5e0bcdf6632f405590c
SHA512fbdcf6456fd861abd986a15054c74f1ce4d76d80d757adea47b03a2c23cc4ff8017fe56c8714b54e5ea8f62a2b6ea2cd0c38186797c74ee8726070b69dbfdcbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD57bf45bdb46338e87b7e452e2418b7c1f
SHA1f700a0398d9033f006cb642cb0de14029d818f3b
SHA25606c551fa26a1046181810e421f4904a126c17898b50b305062d76592dc1cdd4c
SHA51241244cce22afba457d9e7b9d6051e9ecde463891ffec96da31f8932451bcbdb872e3fb0a25199ce820d4516747f7b7869a814e62eeec1e0adbaeb7f49edb8f20
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD58061d632ff01dd1b7add8dd68f845216
SHA19ca828b7eb6efbd9e06840a463be12fe9db56d1d
SHA256f2f650334e58eb13c8528c3cd2c799def695d569fbd4dacbda49f96aad884f36
SHA512195b199db00693d1633227d215164392da6b08814b387414dfbd783d5223d730b1e6df8c6da238538facaec9e66f0c690c0ca1bef29301f5ea151ca225fff478
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5c350a60c21160947c77eec1bb4dbda1f
SHA1b4931f8322922739ec461cf5c9b686df3c143d50
SHA2568b1c2730147aebd145007ae0b59f145931a4017f7dbbe35998158645cdf9e846
SHA5126efaf41912f1f5cdf789060ecff1e9f343381ecfa7f9ff754dda0de61cc44512199f910108ed3f5320a8b60f97bab5e538deca6b1e7aed9a7d1eafd534c1e27b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5a3f8b3e9687650c7968fb870e9ebbcfc
SHA15df2c383e27b0ddd354ca8db24af7e2d8ba90053
SHA256e6672cd838e7c3bdd9bba7bcf7bf41caccfe4d62419ae939601e4ce33db3d927
SHA512103654e6371167293ca8678dfad534cc64494ab6cab50ac068c412e097184b3e375fb751729252a7068ac31283655a8603502fdc4a13ab2f0a023c088d102147
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD50b24b296782d9afa08af430574e42e5a
SHA130c95c6388b78858a93b29153832ffa858cef12e
SHA256f932af33e495ba9d73c5cc0f3842b906ba2848f660eec1b050f71ff39542b2c0
SHA512387363160f8c685dfa6b73c27b275f963105c620013098038eddda94f5136790712a9741bda3d3f23b698621f59818a401d8ed3161fc4264a756d35e19ad3904
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5aacdb7492249a1d1365bf8d10cb59595
SHA1325edab766103423ccafde308bbfe07cd8e41772
SHA256168ddef2ed18ddc471df23d099e038221ea20b4c04f2ff8e7501d11c7dac5e2c
SHA51242f31b6068d85fa56be9c0276ee8e552840b92eaad26badb5f99fdcf79927e5eeadb15dd873678436706734165ce23ff258d9d745ef45e3aa339b5584834136e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5bcae8e9c52b8d5c847eec6a9e2921e85
SHA1649bff10e2b661eb92041d7f66196e6a66c0e8f3
SHA256d79ad9e0c0858d9c361ef349285df150b4126f3819f02044afab72255b8a36bb
SHA512bd6255e2359e925f9256257aa14aaf212021e1a5c6e4693159386d20c19b0d0f147e85fbf8716bf379b1da54e4f1fa4fd054269d9250f05c894d52543879a99d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD542ad7432ef5907ee87a1553a11d9def0
SHA1623fe505a523baba1b35cfb2b20b85274aaa7770
SHA2568f284572187040e720cff23637b7552a3e0b36c8e2e9c58118325367c0988eff
SHA512aff2dc84e8b8f4e55d121e6cce76cd823c06b7934ec73be1e1bd7dbe0b61167294240c909acdf1bc7f91414babb774d4bd0a5acb6033e3c5820b9247789f23a2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.EnCiPhErEd
Filesize1003B
MD57ccb3e066b415d163597142be8eb0064
SHA1266a9fcd7931f87b34503ab4e3a30fcbfb753e5e
SHA256d944d691622f160949d2d91b79e34fb227893eae976461dce34855928b9974b8
SHA512f5292f5b20cf78e9c69672892cbe30b36d36a0e01be250e63f078eda210bd441a7d4eb3240c36651ce2a5295b7e7c24da7056676a40c6a9ce4e711b7a6d271e5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5c981d7d4eafc24d31cbe89e27f4e88e7
SHA189f3bc4f7d01f1e0cc89c8bf26f0c3272b9785f2
SHA256e2b511405e64b1c1d619439b84df7da7599949431220b5721aed3a734ee8293b
SHA512a134f23d87cde13f1f67f26ef3769cbde6ae16ff9588678a059709640b1ebfeae3bd51ee36532bc2c22e2a9987216ba3aaf7af512d241ec880bcc98ff0d43968
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD520864d263c99f64dbe973efb5455a62e
SHA1c51c2f5bb561217f8414de53d571049d341a872e
SHA256afea69319cefd51e92d0450a9f83e8e5f04a4a5e3d1de79d6b6381b21e735c0f
SHA512e8719f7c91c4bb651fc7cc893fa0bad19959cf5838e26e7bce9380ecd8479c16e0dca7820c50083ab6464638611b094cb0352d397d825cc4d22ff1d3553ff27f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD511671ccedef836b8f338f81387123755
SHA133f880645e5002e19bb51df7e3ff4a4d024e97fd
SHA25688039401a31b4408d50a34d088b36bb120afb780ab2c48ec6db5a1b2604a92f7
SHA512906a3a64d26359db9a5851695f3463fc4a0f4367c2d8cda19ae2b23d65538d33beb7aaed639987fe4850b5bdcc0a28be9724f210002e175796c99e1861ec4fa2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5a91493402084df5f4134dd058b8f53ae
SHA1edb0c07703564bb219de97cdaacc52888a828507
SHA2565f98cde9ed8abc9ff3f8a6888bf81dbcd9478d64d5e6feb40e437fc8cb16406b
SHA512891160293ae653152c101f0f99982a2a173ee2fe83d057fca36cc12abccc2244d16eab3fd56ec9394c9c0fa3a98d9e5fec7ac1ff6ef280fcc84b9251634a27c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD59afc9823fabd12e5c37aec70016022de
SHA1efa78666b91b25dc15aee41a0815f98874dd6a14
SHA2568272285a98ccf47c54b02de92536906649be62682b75673b65b6947b9485a03d
SHA512ba90846619e473b49517ac6037d780f61e7290a36151a5ae671c7cd82125875d61a595a89be4fb5ea21f746695238097cb5cb96a47e1226be6279e9c6c93d339
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5b3bd17cc9a029983b912b15653dc70e5
SHA15bbfab802cd000ad7f5678a0d14d8ab8e0d74cdd
SHA2565d03539c333d7349d994fefdae523b599c5d5c322d1c5ed1c11516e5f17da8cd
SHA5125c5ed8df0645c41246ae4a3f30b75664095b2ecd0f1333a11af8af8ae04856fd11f09656b76592e69e173849607f52babe4c1706b3e6431c2922e39173447c71
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD551debe92000c64a8df508b4032410435
SHA102af51e4efce2dabe3dba4076d86458bbacfc660
SHA256e05bbf691189986689e936487ca07ca9ba103c99c2d1f3a69982b196b88b1dec
SHA5123a1340c2e2c7c1932bb81b92befeb0113c73b0db694fee644b180f3587a8be093595d1f353da6368283d340e241deed6442c3ca024f4fd17ba84a48bc1bd4914
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5137a6bc32f5091cd4abe2f670a440615
SHA1762b29e03c81213157575fc791db8f34dc625b08
SHA256e26789ee5978a858a83e444084fb9dfe988077631bbb10baf57856a2b8b9bcbb
SHA512a230275098e74da4cfe52c58fb19243feabd1fdd735616b3d160f3a66e8189a2333b8f774e0fabde0f1f19a22158d2f8535ac4f1fb164a996fb05246b8ed011b
-
Filesize
293B
MD560277db100481af312f3670fd71f4d58
SHA109c6f55a3fe02e77aea75097a7a064dacbbf2bf4
SHA256572c1cea36f80444c6d9d692910f47ff272c34e87d4a0c9b8d23594c40771940
SHA512f27de3f4521431f718b08e56be43d7d2b98783dade7b674b90090e339f6d5f15a103478abe5b84e2add2995952534508c411dcfd32cb93b599aec3a0147febaf
-
Filesize
153B
MD5b68febab9e4bd956943b37073c81cee5
SHA10bc53c3915474f8b5a663d83c2d45d41ee795b11
SHA25614c920003653fddf1d9380b4c88e06bf4fe110583fcf7d1acc152a453e21572b
SHA5122282c9da7151a1d439432ab82683533113514da3152480b769ed0773098991730cca0626f61b53c2069df89d58d4679b8e18da416d26c2f76c1043360dca9b2d
-
Filesize
190B
MD50f0c4bc23944ef8af2f1f99ccd779023
SHA1df7080f5fb3b1f685eed6410a09973d914792260
SHA256630aa46595e37e706413a90c02079f27f47fc699722a87fa03ae7548ce3759dd
SHA51256aa09268495e6046fbff42c69900170d238273f87d41e9e4017c550dee2fd473a31fc55fac37ccb77c958389d7ef3afc0b6dfc29f03f1ea10a2aa7d0a3fa25e
-
Filesize
190B
MD54b865b9f1c2c6640fc6cac69db91b75b
SHA10adaeb7321b3ae797baa335ccbe922a40c9cc73a
SHA2569d42767d6343faa9289bcfdacdcedd3c507defdcb06d43387dff142ec86c5a2a
SHA512f40d75f17e62383e79bd4d09b01b1cdb8b2526abac9445b9d43410c877e002ddc5e0bd36db9f1c52c14e93bd0c7e92fe7bcd4c545f10702eedf10342513c5f97
-
Filesize
1KB
MD544eefb5540d243edef197c9cb4110620
SHA169b4244fa8d12620a7c23c1c9aa389474475e0a1
SHA256f2e37633c978f6c27b44302dc6191358696c01ba9496f0c5e6514dd06391dd67
SHA51290ecd753fed3d346ebeea130556112d92453f5a4d8062efe3f58fb545f724dc5ad4e848742993c8060402e3388413edd84387149ea196af39ff74e5047918483
-
Filesize
31KB
MD569db1e3febb0f8752d559a0ff909c3cd
SHA1372b62c5cd4daa7f0ad5c80e143be7518006d775
SHA256fab0b016500c2d511ba27d20a0cf07b5c857600c383670fa6e15e1dd41e0e07b
SHA5123f15b440064764b8363cb9175e8f822ae6186898d5b9d6568ba9576270ba2fd044b87e718add744716782e3117880ae58d90811040d5e0271b2ab1c4313d7ab1
-
Filesize
34KB
MD576da09e677a8268d540cb4f017bb90a1
SHA101e8e5a9ca25095f99c37e7f37772b57c54ae96d
SHA256d6f234bfabb0d8525622adc1482f95b7b576aa8749139ce4cd52072e95502907
SHA5126b5214e5f7ec018cff736d1bbfa8eaa8ce0821ea08511bc7c9eb37633cdd42d006ba7fbec0741bca7d83dc31e348ebd5a74d3bb834eb202dcf40107eac9bec31
-
Filesize
23KB
MD5299dbe15d9fc7efb5b0880b192ca9e2f
SHA13fe37c20e4151ef2342c838f67f12fce4e75623b
SHA2567733efcd1f72bfa3e5ca077b9ad26ae2b4b11170bc34685179a1fa1f0762d499
SHA512db946efc5cf36ed326910b5b65a39fcc20d4b6a7c7188c47e1a33e1dc14c3d480468ee0442633499310d65d3fd2eae945c9c931d4f07a7c38dd90653e58d1369
-
Filesize
2KB
MD56082a982eac823bb2266a3cdc2140217
SHA11e0d17fe2655171b586dca66e9042b0f203db736
SHA25646aeb5f531dc4452d1feb53ed27d51b158a147812f6c53eee34258b5d67ca672
SHA512bb7ce0b2edb23a464eafb2e67500d1de2ecf62fa5aa1ac80fc11adb82953cdb370c568b2d9b233020ec0b822708dbfaa1aa37fb1ebaffc3c84356e4231c7411a
-
Filesize
1KB
MD595cfa650b6b9aa30c5ce43555c6b7f27
SHA1eb33fc3334c229b295f0c2248cc6f4cfb66f1505
SHA256425ba6e0d19cfae7d8e9b1bbfec6b244f44a28cc52c411db92a43a9000d42f0e
SHA512f2a5dfe42fe2470406298e38036d047dcd2041144a3b9a372506c81c5ed5c399b8cc556313fe5388191aec8e12f8dd2784e9162902c088b3e9d72fbbfaec1525
-
Filesize
3KB
MD5c38c997e9329ea53075a54c027192890
SHA1d54b84216f203b4a9b91f06acde6dae104832600
SHA2560dd0d7b8c1f0998648f0c8f8e8b7a9c4d7b173fab543f77bfe7e11c8ba5859b6
SHA5124b783386c8bfc3634bfa6c07c3e302bf31d05c8734dca6476ffa969b8bc7b56995961d1f70a614d7f706fd8c27dbb306327b4285ac4d28b5cdf86c122062f75f
-
Filesize
2KB
MD5324934ccf9c15076e2c795b605efa4ce
SHA135535a84457f150aef1ecadfbfcb87894d12d567
SHA256a820967e2897d5ab32c3e444e533424b2d07bbeea97034cfa3ff8a9b34361e60
SHA51214a7003d11edbfb26570cca1ec0b24b40269251063ab3918b76e49e09a02ec0e6300e5879ce3d5f12aee5747c970ce527bf98565443d07c296429d72f87895f4
-
Filesize
5KB
MD5a3f98a2bb72527578111d93d36a7cfd0
SHA1d6abf56db355640f4bb22761aa8fe289d8d5c7c6
SHA256e18e1c42485cc6fe53d9f3dd7afb540f506cf0bd443c7dc7c489a3b26718a36c
SHA51252747e4f3d89ca07cce9004e46c10998e8d605a0158a04cf1fe7ca62f2cd5ec20a1c7186b35dffa803ec920d6feb588dcc8fca8280355af5bb4196105e95d415
-
Filesize
17KB
MD5d9799e3f65c2ac8758428bcc6b91e672
SHA12bf3a0c5280768bbcaee29b5ed5a6c7090b5038f
SHA2560bd1e554862200e0f80a42b8338efb75a5b3b46719f636e63348af8e4b004ceb
SHA5125827e85a7060f1aa20df741f631501fdfb6d731a1de746966806cb0200d901f8c0992c8e9d7197e5416216b8cbfebfcde142c99e919ac996222aeb8003017e7a
-
Filesize
320KB
MD5b91b23ed885faf6b9d12905eb9e2dcab
SHA1d75b9c2a9a2ec7f10671f2b346d8e65dd57c5fbe
SHA2568dfafa872c39f11879311c731ee17628a28bd3cc5ed001e402e7162150bcb988
SHA51257a819e5ba8246ebe900c08d262230e96fce1ebf754813de481be26fee38c0798d78f38325b35f740d96a8fa81448f0f2f788ee7648231078e2b9a3b00285a53
-
Filesize
1KB
MD58945e3e2b28136e112b944a9e299d593
SHA1d1f81fe63ad1d2047cf5cadf6ecf322b6bd23f5a
SHA256c589c41a6319fc1eb515797e141dd60a7f8375c2b51e01d43c541ff67146a39e
SHA5125ebcebdbbd7f84ef267cdda4707249a6021b91f75efef24933cebe77ed941f178feb470d13197c51818dae5be6b90e24b713adcddf3f5f712749d8604d5852e4
-
Filesize
10KB
MD5ec831cb848bd4bd233206696f3db38ce
SHA15abb830a245444f5dbd4352605856e2aa6dabeda
SHA256bf163c3426191b161cc2ef8ba33372bfd9e6a8d6b720c41b5418c5808ab42bd5
SHA512abc5a28e786d8fbc663f68295a0fc36f375c9b404bc3d85c71f0548f7190e9abdc859cc9ee93309469c93ceb1c05874e10097c9dfb4b294b0ff94a5130011c5f
-
Filesize
3KB
MD5430496acd51e5a4d909dd1f687528078
SHA145ce5233a1cc996141cd0309f1d125e40aa5d81c
SHA2561e03392573af80d0e1abbdbf91f835b89781bfd81fb404ed8d799b75563d51da
SHA5126dd4648ec7ae59796ae5b636d59f3e008ed5dabf3b26ced08b18e55a79827b81571de14dd5665acc91ac2c5b89a9e3a711aed74ddb5b91354e6649e4f5f0cf1d
-
Filesize
162B
MD59169232719a08994208df3add69d07fb
SHA1918e582a14e0fe6c4455b73439d8df9564acff87
SHA2561927c05f4ba486cd647f7bd8aae91efc01a5c0e696a903ae10b35301f8f2ab6d
SHA5120a593c0c4e23eac0cdb5910d56f0a4a330097c713b9cbaa8e26f772b3acce041167647e0d353d582d9a6e788639940e59a758fabdc028038438bee470db1e948
-
Filesize
1KB
MD56998992fce272ce664c60f6aab52735f
SHA16869309d4be47f51af2018078e9830c095a8365e
SHA256d8b01ef47406e4265a2ca02f6e977db4df773dfb9c117d76e9baf2765a8a7c58
SHA512b06910bc060993dd5e186b4f7a875797860127f4820a03122efbb40bd2792e445774a2db4b1c13ea95ba62bc70d6e46cac237c33bda5a18244dfca325ade27d0
-
Filesize
3KB
MD502f6613e73bb1fc08c3b32c3432e6f97
SHA1b1ee87c1ed38af493411b1b1d79e800d6372bba8
SHA256647519fa527ae6432660b8a490584e40c269111b29e4a1fc39f9754a02182aa2
SHA512477e534d1fdb35f0c6a0e86385714764f9914dbae062b4b22e57b2dfd0cd4bb7f4d9842e54d5616df1316444d370867711288e605b4d37f2cc4d1a4592b87f54
-
Filesize
1KB
MD5ea6ccac3599e0009aa3970d0c2e7bab1
SHA1e5bb50c9dcb8c5eb60ed20633c1eb8c10ecaf263
SHA25670db94322bd9bb35498381855f456ca968e87fe6b5f819b84992fe10e073b8b9
SHA512a09a289eea012b1a2bf75b86889b07a552f5ef5d480e3197b3afef3c41749947101fd25d1c6d680335ad5f26094ef29c71a1451bfc52044115a85aabbac4a679
-
Filesize
28KB
MD5bb8500a0491f63ea10704e5a8c02fabe
SHA16b53c1d9fed959e29e22cf1bbabb97bc96494f47
SHA2566c59f7098f2707f0cf68b791fee02c152a23086a5e42365357592857b6c5c738
SHA512e8aad67682932c8df55166876f9bc60bb6a5f6b6efa82b3a9e4adb4d1a7f9f75e18a507eecaef30383ca1a9e51b97e1837c32263c6f4767cf42e9b4704a5c6f9
-
Filesize
2KB
MD57b3d71a286c444f09c4244fdef3a3cb6
SHA1e61fbf7f58ce5561817e66acfb6d85acd251bad3
SHA256ce4e16831b66d591a5852e47e0e1d140f9ad17b8756f1c0b8cce2e30569eb01e
SHA5125fa08ce7cbb8c1ebe38fa796a94c90d152cc1279ca57e264a510a879f1f349f18de971c0b0836e7e8189917c5e6539653432a28bac176e0b62dafd77725de282
-
Filesize
1KB
MD548da8059c87a57e79a589b915fd3cbf0
SHA15a123204bc3e6109164b3d7b87a0e6380e1daeb9
SHA2563dab2594cad9a76313957e4e8a8ff968069a6ccdfb91628738396e0f7bddbdcc
SHA5120cc0c2a04c86a56a615a15de2aca085cbe73089b810640b3e84a0e1d313d171bed4b75f8b77e8dd6ffc1f02be1422930db3966d0e5c7a5146df54c6f801a6c1b
-
Filesize
2KB
MD5e26c5f3da463df6a84a007bf9a62a210
SHA1aed384ffc41ce1c17bc5d373b657622d0452576c
SHA2561f2c8ed51c3ea0c09992b3b45b3a8aa35cba4de1f48d475c79251b2bda23b3b3
SHA512869e98747a8def84f57a76aa2a856d8efea79d8d97a3572c74d4e4320831cbf75ce1e0d01405521fa2a329e41f209d68bfbf04dbf529a077b26b54d1ad7cb446
-
Filesize
1KB
MD55887b1de82c5b65e1d7acedcd2feed36
SHA1501067a494bdd09b3b7d0efae6ad9129ab3bd120
SHA25694ad90d29bf1779636b087e389bd18c53c3e2ab8b687deaa7e1c3a7a8caac87c
SHA51224d2dde2c472d3f36a98903ddc10ea66ca92da5bdad2cd88a4b28462c521276196032cbc24c1bbcb06235882dd9d79ec1a827195195b7e9c0f3c396a84645d03
-
Filesize
1KB
MD5a67c4c1fea58acbefa8fcaa2b4ca5062
SHA194670f29a996fe7ff82fee9495c35d77948a50ca
SHA2560f7863c4e82e052f0730e811e0a41d73abf2df58b3ca5d29e16a864c12bb298a
SHA5127d1b7874b9a7710f7a7eb76221d50c24d10a20dabb18c96afd1269e5bd7619d56da4a8744f81d6ea33d3b87fbf38a9235e69507005e01089e8688f9084f137cb
-
Filesize
1KB
MD529eb0b52febcf8ce1c9bb3e4e6fe064e
SHA1df620fac2c45b795daad310c2f143eee40f8082c
SHA2569aee849b1625888065de69f05a6b05a16828a7e7d539f9b5260150993ce6403d
SHA5122c000bf6dac0a39106a884bd9bf6feaf2552ad298ae0ff305c1cfc246289754772b4b43abb7cc61b030f0d6504f866838ad637e42fb768b86243c1d9bdbcae8b
-
Filesize
3KB
MD5452f1d7eacb6e089fa0d63e254e5f227
SHA1469f9604cbd13f19f8a983a9239f637b1913bb9a
SHA2563654f18545c40ebea4c3f4cd25903ce678fae7ec01d2cc010a5fa1e4ffc7be06
SHA5124238b3c1015b53b9dadf24cc22c268e6a249e1eaec41cc186cd8255166d71cfda6ab5b2c7b53bde4cb2daa6c1b18d9956b50e25bffa1cb04e4b521205e4604c5
-
Filesize
2KB
MD5b2a68c15626dbe3558bec98fbdfc3eb4
SHA15c5ee6ee3eff30c8bbf5dfffc1892033bc8625d3
SHA256c19e90d2dfa33fd9a298984c36ff4bd91f4b72d5da54a5e78427a60c01a55f15
SHA512871b29330067aa6470149e215225bb70b94d1d5a9b9be5e28cd66e1bc730197fd0aa581d253fbe6275f9ef71206f2ff786d478bcfb9d1e934a19416485d6641d
-
Filesize
6KB
MD53970c4734e65455d9fb7e2eea78b8c21
SHA1cdabedf7e6c8387ccd31eba710244ce799e361d5
SHA25642e281f318c50c8a28f86875ccbcd8fada09de3c12dcdfb875cd069143790400
SHA512edc4223f5d83befd63bbd21c7103076802cef81784d29752304ba2385b18e264d8e497365143c13e9f2809561b4c240e0b36687e341dc1870076acb41504d059
-
Filesize
5KB
MD5c5bfd89b449c61ae90a643c3e9c7182d
SHA18f1f1c40ce0636a4d4772eeffb05836ac35bb98b
SHA2567e804ed2ba737306b17953007e2900b4efff9c8b6a7ccd9c36454e11cfeeb284
SHA512d733c0fb43f9cff81a8762a72a1529e0bebdcfedc934ff722f9444c7e9ab526a2a0fa42bf606a8f6166834f1d0416bb347045b4eea0f03db1b2f6a2023bd3ec3
-
Filesize
3KB
MD5bfd71e2e699700fe31f0a621939cba02
SHA1a7ba3836db6a6be56eace6f9d52dd6b21647bcfe
SHA256d0a5a8387e837cbe5c36865290af39c5e1ee843cd382b1a3b60d686e5a370530
SHA5129d4969a0f0eeafd30d7442851e750a36763ffb64328a9773191d70875acd218d04c3c24c0eb813f8d89f0d08e9afa516fbacf5f21ab9de8400b6a58ab2bab042
-
Filesize
2KB
MD51f7964c422fe76a4185f43f1441e7980
SHA10192c64b4a8530c9e504ea417927988f9c61ce5e
SHA25697c86826f5f8bb582ad994218463a57ebe4733068e34c7af529dab5873bd83e9
SHA5124d3edcdd076dd3b8c303ff9899eeb1862c580d71218e1bfc894b93373c9fb78349fcf6c061014adb01b5198f8e1096b6ea2beb5da428eb69dde9c884ced827e0
-
Filesize
2KB
MD530f8fab36acac3f382d5925305058243
SHA119c61f7d095cb96920b2f5ac4b4043e9ff80a7ee
SHA2565b607cadbf702d12187953700a089c926882ef4a0db5eacb46c2413a771c5d40
SHA5122d2c9545a85639d0edc1ea75ec79186561d1a4dd90bfa6f79995c80607cf4458f3f15ce919220619cd54ab2fe0952259fa4ad29baf4e2084b75c17643bf7cad9
-
Filesize
1KB
MD57a6f3838f4cb529464bd0cbd215e3d6b
SHA18cd7d54375ea5ab99de1ddf3980825838b48f201
SHA2566caa289607e2b68a92bfdd703baccd376c42eefb4a996dd416e0746a9a62330e
SHA512710df63d14225be505c18e63292f3e9de0d9e7dcb6d474b9d6cd9fd814494eb5167a08a8464753ffb4d4326aac75c38daf462bbba29555ac2e186e0d308627f1
-
Filesize
1KB
MD5bbff4ec5f58084bc9c89712cc44501b4
SHA196db4b36012a3275fdaa572dec46235b0a162423
SHA256f0c493fbd420de26708d896ac1cdade93f18886feec09dc724008c1350f42bf7
SHA5127739e94d3d16247edc80097fae02e2265dfe56319b5b57ebe37c39ee8c16302f3fbf38846e60f498b12a43d79405708b1390465b05b83c358faafe73154bca60
-
Filesize
11KB
MD566d7bd1e05d9c38ac0bd946e65ec7601
SHA17404921423a63adaf2ca35272f74a596c9c4ea62
SHA2568c0219272c8c1225ebb131c2725161255c287b1ee5db8f4c49994ce25dbe78b2
SHA512bff3d8a2df1c631a8ed8d11efce863917f0e9b5f12f116d485ee44c821e7599258c2d49e1a2fe1ef41f864abb511becdca191e5add5acfc55b3b05b03c8fff4f
-
Filesize
1KB
MD529c52976953a2bf569e781358ea496ce
SHA18c563460b8e0ec5931f53bbd1200b0cece8b39b5
SHA256c0217450ad7a467d69c622a67f374fcd8c967278033f88a9e3e4ac0f61053ef3
SHA512eb0481c1085c68334083d8f1fb26b35f8fd5cf3bf0d9f356493e8fdfa84e9eacf06bc6ba56d7ae6be174ff528b5e98b4818b8be17b9795140d6eea8866e1fc87
-
Filesize
2KB
MD526e595d5e7c7af9c881391ccbc641fc1
SHA1d3de2b216f2b0bade4f35194a1d5db0f7e2224fc
SHA2562d62c3555c6b0b3eac7823d00c67601bcd1a6404246a036f8c5516537029c885
SHA512642ddb564baa79a899e7a6260e73770adf0c009ad2fd9e24e70c7cfbaf0cde5caf10b5ddec88f8f9cf3451020f70d8d734a42cdbdc776d117809f2bf3f2b101c
-
Filesize
11KB
MD5a20378916dca89deebc9edefd61f59c7
SHA13956371e3b2174c51739931dc966e5fe3d9b640d
SHA25604211106a1e37944ac680576abf32722780f7c234203604afe8f457ae696582d
SHA512d30201ec92359591a7e1bdbfda7ded341ce023e7b10b04e3f50b8fa80b3866ee3069123b71555d7e3e937be375db4fc527a6a7336a5e512120f4053d10537732
-
Filesize
11KB
MD586a0bcda1e7f56bd32cad90558e8e731
SHA1a313cb211f64b275ae9b30f952bc4c6c55e81d9e
SHA25668430bdddd4535dbe0571fc2144fbb358630eeb416f5326c3906050c92b1c242
SHA5126cbe43287fe18e111e9f5747de2164a6ee8bc3db16e3b00e1066cf760a03e49ac560f702304e517e541fa8c4ea8a26abf2f33db4c31c92d0c0068ed26dbb9109
-
Filesize
11KB
MD577a8d3ce209576707ddf03c8484ef7bc
SHA105f63c3c26ee9126a2d3f214f25f056667b291de
SHA256e6a20f06066e91f400849b957dfec2c8df4c2c4c820fd1c5782411b498bb02e1
SHA512fe82bf1dd1bbd67775f2756f96e6595a659b6080cfab283f140fabb507d6924b42f535a49dd4691bd9d14e121d4dc236f2063ae4f235aee1c0160cf78b1009d9
-
Filesize
1011B
MD5256ac7656894da41c1b6411f5bc5c68d
SHA11d55ae094915c0e6c3edb32a052b0b45912eba57
SHA2569d0cdef3a17842c49c6203e847252c6b3688556069e8a4e913e6fb63ea70b8b2
SHA512d477e9f0c5952163d7c4e2afddc7adda789ba05a34d3bc096d5bbc214fffed023e0b811e9b89a9206c03324bcfd05c6b11a5ee5f6b3409d8a62de21557ca16cc
-
Filesize
42B
MD5c3c224504dabbb7dc70a0ea654bb6fed
SHA14d9a978a0b6fe118f5503441e4a7b1e8a8ef3bce
SHA256e2dba6610e8567fa293d360e092d3398cc0cb072dc5646f03b7d973ca9f81884
SHA512af404a2120a7660753ab8d2dd1409b45f3505bc331888714e082aa5978fb1ed4cdc766702ea4a5a84c1951e7997e288e01e2a668f5f66100acf5541ab494d3b1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt
Filesize77KB
MD5c971c0e19e7bf5f179dc500f0f038a6e
SHA1ab0db9ab0926c9b8ecd511d4c9a4672d91a05289
SHA2566850c0400995ba993c9fa86d3ba2b036ec780370646965d76e7b808308e77f0a
SHA5122de11e5c4456b3445ad008ccd60315e3e20ce9cd8684928a8d9bc41205ab3d9dafb2215e76ae3566b3688125f8061e149de8d4a8a8de1db585b838b48b7482c7
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt
Filesize47KB
MD57a0ceb4a15c293b9c04a4593b6133854
SHA16332f84db8024d12c536edb9e5bd5ca860c4ef2f
SHA2561957d7af583517974f5e548b4de411ed8d6faeaa9070fc735136a10d0448289b
SHA5125a1f546a8816ead8a63566856dbd4be5d9b3edbd1b58ee9d44d1a030f0414b312238390f092bc2d0eed668cf6cf0fe64574205ffb3c556f1fa9399dd8a061e7b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt
Filesize63KB
MD5e67da5ea0a0ceb03728f2efe97360a03
SHA11337ae2438edf7ba726a9b54b49622adf3a29303
SHA2568326bb948a5d26068324dde21617f23ef06380fce16337add489754ce2e83f54
SHA512a224af807185648bfe77c4659ed4750470a42e1a2b6c6cf96cc685af265a0b31b07cd794c290c4f761eca93588d660820adfa099e5c017ff2c418cef7d85ed69
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt
Filesize74KB
MD5d3bb702deb62eb5ef1d1ee61a5b75e71
SHA1cd113d50c1de8caee0b8322696d402f4ee896a9b
SHA25681419c6112543efd7be9970dedda29174ee77dd8ad605d866ff052463756a309
SHA51251877d91c56d66bbd807129facc9c1bd60fea487e24a9d24eb8100f38e2982240c4de11e43643f3072fe8df93a421ec05cf20c3b45743f4e6f1932bd52454cd1
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD529e8ae66485ef3827996e83f2a47ce0e
SHA12ad11ee1916d0564a76410fcf41ecd8599c2c01e
SHA25635c507b9107bb8df65732f5650ca81f8d1a862df328a6e522688333abe340a41
SHA512df878705bc544ac1b4967652d640f99ee93f34647ffe88612992b55663887f51e5154c5b3dc66cfba965cd6fdaa921d5f6f9509b6150b2056a8e0a3646918877
-
Filesize
21KB
MD588a6a46f377008fb4d4453a55d537471
SHA1a2cf7bc9eff17e327c201a8cdc4fb7032c1430a1
SHA256ab56d415c400a00861ee3527d4555e0e2c86ae2a0e44eab8a2ecf2c3e532e0f3
SHA51214a0c9c44cd820728e43ef5cdd185b51f4fdfb2d277046d88ed5964cafd935c905164ccc181cc8f7503689fa4b000d6dd2d28e8b82d0c3e7afed07b9760ed6f4
-
Filesize
1KB
MD5435c56764fafc1712233b1e66dad95fb
SHA18940014be8dc962f0d8065acf58b21206f2b186e
SHA256607bef64757e6e454bde42ade1be6e10352214f3fbe46ebaf5066e553636e3e0
SHA512de39ffce06951a8cdca40e0f20ab90ee08fda65806c76f676a429a122fac2fe18302b364cb2d494650def8aab7d09dd0946a9def0d379e7ca2dfa89dfe6f4970
-
Filesize
952B
MD597b15236e4a6ea6a294341682939bc6d
SHA1b163d8ab97fb6cbe0b2ba14a5b3cc4d87d0c834a
SHA2568773d466a2a89de8b32c9acfac351d93d854386cd06beb40d79942334e62fca2
SHA512ba84ad0a8a5367ca8358911903eb749ccd3b4ed914ce261227aa9c35d6575d2fc1325c7e02521e8b37f4f5a7d0d6aaa0dcdfd00eb103f1a24d22620e7180d3fd
-
Filesize
121B
MD55d88d6bb58a3b8409703c72fe1d2edc8
SHA120c4ed0f90a3e313ae70381e64e9bda161ebb8d7
SHA256c067c1dddc033a39e15a76785e31e9c36ed75906af1d197387fed8d654a5cb5a
SHA512a858fb940584a1dc0ef0814f1b25706580b6be4cf022a2ccfc527d62381b4312d73f56c87ebac1971f8e2ed116e64353413f9196e11cb763d01e71ff677ef7ab
-
Filesize
1KB
MD550f50d0c28a42e801574394ad89873bf
SHA10deb4628f1a5ac9825b508d4f07b8b2fc7a4dd93
SHA2564ad870106137197d48cc6122c4493f72b52f1ba8b54d1ec4351e5a17d334cd7e
SHA5123c5176e4e8d564ff47b2e0ebc189a7364d5c4fd7876736228b08706557554a77708610d01082c420df0d9e05a0abdb58353fec486667cb89d2124e88120ddd30
-
Filesize
8KB
MD5a39594141305b14fa4ae639f7e86a260
SHA199ad61dba4b45d6fef1da90c2f7aca580ec83bbe
SHA256159c37fb253b00fc1bfe49dd3f3c6ce0400097b3b48c25fcb2012695d0d3c41d
SHA5126ad6bb8db2a758f31ccec151331dea108afecd8842b956b6d365f7ab4fd440a7652117a2bf051661574b241d1473b2c451dd2a7bdb25950d4fa5c2d40819fb46
-
Filesize
61B
MD58d3da6e56eaaab1f55c616204afbbfd3
SHA1435e6f74a76ecd737696fb5ed68dadebe3afd3e4
SHA25603c2089322077b66ead2473dd1e1fdfdf87e27c149a582638486c2a34541b697
SHA512ffcc0d41d32871fb419ce5d7741a119a185fe648a9054e6fa898c0f1c74d08d999f4d95a8ec17d97bf7adaa039284221829868dbe94e38f46934737396fdebeb
-
Filesize
914B
MD5b49566cdb735a413da6993123d52311e
SHA197d682c7ce09a28cbac81299ec7e67ee963b5319
SHA256faadb6b496891074c90971e347a7102cf67daaa49c17f3282fbb266079bcba71
SHA5129cac5c104d3710dd3dc596fe28e420840a9370904d398755e2892b1abf093d241178fb2ecb9d20778c702da6605611bc4718c50914b80b5f1ae73ac755cb4b29
-
Filesize
90B
MD5f249fc347d8e6927b4108161c95b39a6
SHA1c9edf7c54d00340984d8d3f95c99e72f582ee408
SHA256366682569178fff5ad306962b808ef2049aaf1b71bbf7c8114ebb5f86d05f9c9
SHA512028b5c8bb7bddaacd1c1bd68aa70bda66f0b12e9e68d9bfdc75e3414ae229cfb5f70006e049dd134fc2986ff704f9e4305c559a2c96de72a7893f96bdd7710b2
-
Filesize
90B
MD5f263c147babcd5dbf5afa255ad7c6703
SHA19869eceb1d8edb7d80d7e505dd08c748a5c07e5b
SHA25624004ffdfa47bc5d6bcc2e885a40ebdbe987533c8e0906f15b7efaaf03a84fbd
SHA5127837eb1df6d01f81800bccb0cb885bb5d69928a03e5a7b64b54c19c8e94e329d4b05865ee604fd17f365b74c807f130797abda278b11d69fa33acf803ca55592
-
Filesize
328B
MD573b773d1b8dcf143c5f84809062f2d03
SHA15d3b210e6471613c976c95bef67bd5117d6ce530
SHA256268cfce896ee7d0f59c3df7bc34f6615bbb47f1645d166daca584061b984e66b
SHA512bef027797a91db9efabb86c1009afb3b6bab9e45ac2fd4665d49f054455cd7520d28edc958c63d55bbf5b8952d4ab75de07dba57502e9f226f8aba6340de92e5
-
Filesize
1KB
MD56ef251006aa7f378f784dff65ad3a562
SHA19ed55ea67ebe073a944279a2a2354667704fb320
SHA2562e2c4e79bcea750302e77e1a0bf4187aa8301754454f53924717762699b7a258
SHA512f3cd31c0ea89d7c8c624714c837e3dd57ae670102e49ed72f1b49f3b61be9528a1d26405409a30c938282374053fe26eee3cce4298a430c688c68044ceda3d61
-
Filesize
162B
MD5362182a8f69fb2484046d6b5076f1dc2
SHA1f83d11019fff21651924defb8c31c69750fad2f7
SHA25624efe8d1f621592b11193983d253a722cc0e8e5f8941f62efbdd47843c0b064e
SHA5123e9eeb72499ddfef078ffe63b2c4fb00d79d08775ae156e95078c3204ca1c90b8d341b5c3bbcfdb136873fff01d8f920d7e40a85bb43a88a236af3e954d44922
-
Filesize
586B
MD58c5a94eea9e23d2f3d53d9369f77a939
SHA117b0aca80fa8d238c5690ca903d737f439931132
SHA256caed197e1c6b4f5c518d32479f8aa9b24d7806dcaf4d7d4b26ae7eaf74293cb5
SHA5122b21190859f3164e39873417f13694950ff9f7da442895fc6116c5df7a01e3be42d6727e525397377e8387be459eab4491f8a15fbb7fd7a150962af14973c603
-
Filesize
124B
MD534131204fc1c0f8f1d0e6f5039400f68
SHA163878c51c8846b405f563323a946499dd6dd2005
SHA256a898591a8cecb7c52b8aafed77b0c8b98c6da56b1321cdbadacaf46d9e4d20f9
SHA5125015b88f7b4d29ca841596c26bec6adf1f5d3b8e1b8344abecce321a3d4ff2d0a20f229e73e242452c0cc29732e0d55fe7fabdf5092ad742ec788b153ba1f6a2
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5da9c3a767753002ac01a164b76dae8f7
SHA17d0dae332367d888b3f30458149f9d905b672206
SHA2561c41b99c2abd255e883ccb6aeb84d29eaa1b618c33b196c9b84d12f511472649
SHA512e26179798a8465800061628ccb23e488c47b444b9f366557bd395ba3814b203e669690ef44d05f61618edafc845da64bcec68ffb45e2337fbc5cb21f1b72cd2d
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD56d4edddd387a97f9de761a12c77cbf16
SHA146843ec182a3f1039e966785042a0f8c4df6ec12
SHA256390f7a870d9a0b9f20ea9e6c9564a585e7ccd8ce7f1f52e24394060861231466
SHA512339945c0052e1154f3978b373cd62c4bf69aa065a97b1a4285707dd8e55eedeed341d1431785541cc366bc7fd13bf01d8f810bc6fd1706f79a17c2671ad1cc1d
-
Filesize
8KB
MD5a1ef554405e6bd92dbedd68b7a35cdef
SHA1c57f2043d6d1f50b0b89fa2e1a93244054f6872b
SHA256bee86547700dcf4259db61d8cf2a84437f1c0fab6870c20d1616e369f72c4843
SHA5125ff671636596e60b3fec73828b147491c3ad6d0ca761175ef4155c2c65af32a123774fa37359fb51d4e950ec3cd3ae320edcaa01edc6cf4d63661b69e32cfa9a
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5bbe9cc8aaa8a6e56852784f21ede98ea
SHA15578bf1f284e398353a42868704d5e8ae2575e46
SHA2566859e68144d51e134dd0e5b1eb54577578d20d2c6673703bafc4ab72f9b4c230
SHA5126dcc62fc58f21a4ab68bd6e9ffbcc1b6b813909f9ec1b70f362ee8f2cbab0b5c4a7c1bd7a9941e564ebef0760fa6b3b2ca3be7c3e04bd52bcf97d53e2679a6c0
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5d52485bf8b4552e70be8552e89318c5c
SHA13105b45abaa2934dd18e0b2371cda51e9a1da0a4
SHA256aefcb31c207ff7b4a4928b196467d1637f5ecbcd0d37be4414b2aee7779a6e5d
SHA5122770e04c4f77d71d52cf30104b28f6957da5f2d8905299e23c4658ab7f6bc31311617f21fced424010b4ad5e20f4bd90129bb1149ea2e958ae016705952eca03
-
Filesize
880B
MD51d0c1345fb7de018248fde6c42850b12
SHA117a3cc187e3e9d60a205de1a95f6f213062c1c7d
SHA256d98ab20b60fd5399be438bbb104254969f46c11251bb39945c3e42688f168c0b
SHA51260416748b78865a3c657ca9f4f411e57cdd7b16392bfc4c556cbe9f0f4d30389a0d2d82da6c5cff84dc9cb7fd7cafe6dd298ea551e7bca3ce3f0329454add352
-
Filesize
49B
MD5dcc1d186aa456a2335d33b84cd87251d
SHA1e6d163d73473acc29ec99e6470172ea560513577
SHA2561565b2e8a456d7ff3c8b884ed5afa279c07d44e9e0583431e8f221dd5b40b9b8
SHA512cff1713e7e99acb73dcd10d057ed6fefddbe216288fc889e05ca9007f52e98108295466ab75bc9876c0c42f0041b865b62a114a9ccd0b6cbca3dee024c598acd
-
Filesize
1KB
MD5edd533fcdcd79915c3400d7e85ad00eb
SHA148dfdefb11a9b034a02b62f84adea76be9b645ab
SHA2562c3ccda72e21751ab2b31c1aec0bfec2b2b86e0acb4fe96d050476d18b955446
SHA512f923c3135137dcaa070f780f8e79087bf74f864bcfd7d9ed2d5b3248d1df09fb37245f93e04003a08753dd2fd0c3bed17d58979ce58eacb657743441e6b15ee9
-
Filesize
1KB
MD51355fd46bbdcb70f1787eaf809c6d975
SHA1e854371eae979f409139ad74004d8975c4cf1ef4
SHA25610d9e39fcda7ac5968a3cf746610ae7495b65a76f7c5175ed0ab070c8a85c8e5
SHA512df362ed89b91126bcea800dddd86bfa0ca279b1d1e427c7fb69ef881da6ec975e88ddbaa882271489daf1ba0913db13f7be0729dfda1a360061ab133db9ccc6c
-
Filesize
1KB
MD5bed0cfb00eb17cd49cc8ec7e9204f533
SHA186f74994d15b8d78e79967f58a351a44ae7ccf00
SHA256af18197ae9dcfaae1dafe399761e0ae58fb55bcb9f13581893c802ef122034f8
SHA5126062d1c554d93c116032c4e93135e855d6f867ca9e4d8cf819c37735a81bbbb650f54e778aecb5605140cf124d65418b80f3ce82f9f55a77eab8cb3834f2ca64
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD58d70d92122cbae1e0d05c9b7af9fdbdd
SHA14e07fba4f7e9b0ad57026c96de2c6d9a88a1d739
SHA256c85c36e158d43275c857da49a93fcce2a752ebd96e442153d8f0004422c4e7a6
SHA5125ac7e2bcc680a8c485a43baa09009c1c535c59f3c2c0c4ebe27490158501d868d472db85a655f8126d4d2272c3199d928b4c0707097026d6d9e8a957d20bd116
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD5653bcb884efec2f09649a373614b5cdd
SHA144e37a44b051d63cf88ebae6f4678ad46894391d
SHA2562f686a0d846b475fd1a5e8d1a343b3b3d115077674417018c0c11b9d3ca00ec0
SHA5124b595245d028cee5d34d5944f9bc29eebd2e0c351afdf6293a32d11ce09f3b035ce35dc6dec8ed5a6cdb465ad9a1d030d0ccecb2baf9057ff81a86db32b7378f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD55c037a8335744bbd6ada1fc65ac4cba9
SHA1d0fb1959b78072c098e7393fd66183418653ca6b
SHA2569214ed4300ca8a1698436027e81928aa389bc6c2ee09e828995f622a4a653fef
SHA5123ebbc6b00d08ee93f2e0ddb14027870eb4c26fa6bc3c2787e6d74c872bc40a9a064c78d072006ee653a31ee5796d8d1a0fc92011f6239cee1d84426c86919699
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD54a73a1220998aeceea85fa13a3d3e927
SHA1c0e3800746165e4a2c7aeb68e62e9c32a8e9d46c
SHA2565e43751a0b2749387f745dce76e8ce752c8c259549f44f2b690047ebcb07a543
SHA5126055c740f139f03b03ffcfafb792aa1c1fa6485907904630a32f55291d29f9e6e96866ea983945000b4a44deabfd943e403bd52572e970629d55fc94a6fe4d15
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD59aa08a4e3b1b398376da0da864a6d0de
SHA18c3b867725a080e6e0513a2f23a3aa15f68ba89c
SHA256b38121f4bd093c9af9fdbffe6bfa145a002742778bba90fefb60b92eb4408eb4
SHA512b29946fb50289d18f27847ccf812b1007174a7d42011b7d74c030d8d860786444460b86373e8d396e4df62c28f67b813b3536519b54b31d5834dad64aaa18d1c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5e88fd15b0333f6046e72688b60e478ec
SHA183e68801870b5671d6b33d881b3879c347012d35
SHA256d7d3ce30cb80db172f23421b04fb7566a1658e043c2cc6856a6a1af9f2becbdd
SHA512ab4284809274a5d82e407f30192b64d4a200b0ba130a9fa71e915dcbe7affcab3d5aa9f65d539a4285acb27e0d026c9eb02e326f03a1684df30b00982fdc2914
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD544c094446ed5a86bcb8d971ee9f999dc
SHA10b18abf022e8e91fc11b339b8db127769e20f203
SHA25660eb363c59200e2c7ad2eab121d25b0d619c40a0bf32083d402b2567bb2dba3f
SHA512776a36b2b4627352d1bd25c7d446acc0680a4431195b9ef1de38ec4ff0c99181767a4a62b10efdcaebacfb72fbc27fe133c25994047d28852d77c4f9061af63c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD537650638ed8b5a56f6e89c785bc2ce4a
SHA1b9ac3cb633f9557ad9fb15bdbb50875dec378aa9
SHA256e3d17dccdaec321ad77cdd6649403b29835535fad0fde26956ee21fa117d29eb
SHA512b8fa328e461a77fcdc37a721a38279b173491b13009c01287352cc2a5c99d86898f3686631689d79556f2a1349f8f02be6eb83e21bd5a34e86ba157530391236
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD586e52835bb3707a734c3d969e484ec17
SHA148ccb39a959ee03b9187c2a3877d4703391539e1
SHA256adc116fba1bbcc0f2d43e0114ef834013e58c88022cd09d4d43fb7f7355f41db
SHA5123c1bd8d1e9c3b1c9e9196051a76d198d91932a7d00f0d44e5860c66780482f2f70fe7eaf9e8ea2083adf350ee9667badde26624966c0bb63bf0775c493d30a29
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5139b3f13ce7d10d93b5d40502b0c35fd
SHA150d14829c92578f326218ebf450c21f821c06823
SHA2568326f599b419798736b00e6d0d4fb3c18dec0d94971abde3aa7c4b8c7b5c4ad3
SHA512106569beed0e398941d157f7d581924cd3cc9e1b9c58e310f209263d1908a8c2751ec6949e808f986970c3934aaa85d2c30de1187c8cc3e29dd54f4bce13bd75
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD50424184b01a546360d53697d982336ab
SHA12ecc1fabe8dd3d17c6e783ea580f8e8f96045ff0
SHA256531caea741ab3f84419912ea3a4fdeb637e1cb2d52aecfe66546db86368c477f
SHA512ad7e09abc52b4361857dd562920dd37025bdf2b720e6bee8dbb378ae37fd8c5a6252ce4e0b2c81927fa09ed83ffc37c4f5ef39e000868f3b62275778535dff23
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD529d6f13d98eeef4b0803319be014b6ed
SHA1de88c65de6a9e6a3df0382efb25eeb1376537f79
SHA256e071280638630d3454160695bdfba93ef4a331159cd829d916688299091dd0ea
SHA512e91c34dc66c72678325fdabcd2dbf04e4fa5db4376f9578bc5be0a472c65cb039afd0c1e7d22c820bb884f53cdd242dbb0394e19fbda478eaf59f6639e35746d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD59ce5dd6b366989c4b82cd85c8656737d
SHA1ae924b2e4a9abc8117824fc83e10dee02262a028
SHA256258d5a67bf79f542d8534744f1d49dcaf721a11952dae8c5a539371c439860d1
SHA5125ec2bc38cd5033b89fd44e35701975d097e7d95efec64126728f79ffc0ed020c451c23eaa2f11d00e43ddb325e0615bc8819f65d83d717763c6dc1633c039385
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD51e3cff0906b511e0c8b7bc7065cea67d
SHA115915c53332c4a97da6e36ffa4c94b7f2fb9017a
SHA25649d942ed71e0af8373671b1e8070fe82aaa184836c66cb09da58d18cf287390e
SHA5122532e6103eec18576d877020e0b12eefcbc4a7519d1c92a81acb3978b25088b5465f1f9d542550e6525d78748ac27aa69cd36f09f367ecccf3e395e7c51cb758
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD56dd720547919277906d42ecf3c8310e8
SHA1ba3fbac480a9b78a7200081453a7814d46a070b2
SHA25687929e118454608a823071357104f94239f29f71593f5a55c521e9a48773c2b6
SHA512a05d547e5f4e4f6915f36bc4b88d827387b66680de630afd2960edfbd4e4589e29a34f0adbbf15f9ecf65d28917e47207b82c5e504643b116d5b3ed2b727df15
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD56abb4e46d25186e7f1a32512f166edf4
SHA15deca1c9d138729ef09a5bf2114fd183dd28ed3e
SHA2560e67215c06102646fda64dc04e0ce206fa3f36c5943a386f1654b72e71fa5cbb
SHA512e3b771ded52b1d6d9101d136f20deca9c625aa53ae2adba2956427ab40bc641b99f200d75f3b3571e3c001bda88e962711451bb9a9158c4d92ecf5bfa11b62fb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5c5393169afe1a34aefe1bcc14940649b
SHA15bf6287f5a3718d17a1ac057a2e9585bb8882e94
SHA256edffcaf218a9d59e4efcfea73555d0b9f13985176fa1c4897ec3ad819b11c4b2
SHA512026a83f52103c7b3e4485571c46087996773c079801bb13fd1760d5da4681eea98e5079617adfa8e7a52b4f5347058db23a5bb9e0857eb485eee9677000a0d67
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD57edce39621e18b4b4f103c85df0c6f87
SHA1ddaf0620d74749957df746e44edee51c74c0d1f2
SHA256e23c22365b342075b690be11f76317957898157fec966e9347110376c061dd02
SHA51210d60fb28b0a9b15738ff40c8234a77b16537cd296eb973e5406e8f94fbe83f431d9558ae40ea84db091ffc5567869b82dea353651452fb102b7b84466458373
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5602e9c5a40ca9af923c7baf024815947
SHA10a15bc8a43399ff15f7ee49b12da1f001dba859e
SHA2568fcd4642e906c41e3992abda8b1c45814a61f0eb71c76597b4001e2331e41b5b
SHA512ae321f0d56b3d4aefd424d4f41aa5f07d35cdd5ba6547e4821e1ae61620f68e9fc809fa0674207199e2fc66b9c5d4ce6aa4dd1bcf39b71324d87f3e344fed653
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5e03712902109fd498eee81cf76043819
SHA14a3fe30f7ebd8de2d7714118992e880e852d958f
SHA25698822df1a4ac305c1e4c222a19531ffc3416d25ff53648c656686ebf7fab06d2
SHA512ad8e82c21260c0061f325816e6946598f582eca34b0a1525a64b3ed749a1ef1bad922b30c88576d6be0ad6cdd8881b4679d4021e2134b637aa0a51f5f85184ba
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD597c658e9ef023d566fe01d85416262bc
SHA150af50df28344d83e70116e913e05766309f96b8
SHA25682b74a62ec55a8074c00e42fabc9f14c2beaed3993bba4d9c1d243e0b67148c4
SHA512e4521b75d3d76665214fd5848befa0e6ecc6d1ae0349faad324885ee463b225511872c1dbdc0e87e3fe057eb208f9bcd6464c18cf88d69cb087fd0cb8e6805b8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5f08397af3ebf489fdf192dbe6a46a68b
SHA1a909c74542bb5170385d3fd8628d1478c32e240b
SHA256ed55b0baa1b8b7ddfd00566e2f52fdb7096d702a63a19192cafff3375040322f
SHA512eea0b728b4fdd919baeaeb591b614a9bf2b4743babec26dbe6f2f84d98d1baa50c1043506087baa71283bf2743bd8161cc883608232807733154e4cf725d967e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD58ea0e67b2eceeb4649291fd424708b5e
SHA1839be3d94b11101075854776f300b2e775c83b29
SHA256962b91ccbe4194e9622a6f0b3c6b8b0e28f525ab4eba686279db7f67091f38a1
SHA5128fe8b375db75c8e2381e7756d722af439143c155ef2478bd997ccf91598f6fb66b26a5b40142b80bc5ce9db2f1224bd79010b36d74dc39b9a982381c5028784f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD55464b69636eb7f60374b83d3256aac1a
SHA192047e6e593e17144adfddd094ebbe453a952720
SHA256a7d6d0a4eb4fbf2b35c1c6032fad3f5fdcc492cf1f256db20b4a9ec6bc41f11c
SHA5126e13efc1a3ff9526b0d4d7415581ca645b53cf865a4a731f5c9bb6616004a71d9d01f0efaa030f8bfa10a80771f56b75855ba7f724fa8f1b42512ef0e31407f8
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5330914b8f5a4bec077ab6835a855dd3a
SHA17888bb1893b082d6d82c233f78308e5943234cbd
SHA2566ee5362623c46949656fad9e37d371ba39ac2e09fd75d05e973a664cc17bc4ac
SHA51217158c1c4d995105921f533fee5276f6087d238ef6fcc977f4b57e2637b6a8afe1397bfd75656e5e22c9e52bcf550802facdab4a82a3684f2fd9b84dddd4f6bf
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5ee458e8bd5d86b36f45384941b47fa3f
SHA127cee6e50cdd6efd8bc215a3093d6d473d537275
SHA2564c0a0084561eac39685850764e1f36d951f7b9c0aab995c6df6739b010089218
SHA512defa24eb5f9f1be829a52a75abd9efe3b44c3088000c4e4656242cc9188b921d3b43bb6297514ba2e18f43ae64be95bdb6d20311c07035cc04367b3ff2144a25
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5e1a0c8bb1eba6dab48e0f7dc8bc35ff9
SHA15cf59be6f6a8e18342f6aacac7826b27819e9b09
SHA2560e745b753b2326211f3e0842979ce63154712e218e35b434e9adc3341600a82a
SHA5122c3005a3d6fdec1dfb5f2f8eab03cec7d122156f9dbd6275613525b2e37b20074979cb519e6ab76096253bb018eb83e5657628f99030b8e88d9281f1d27bdb22
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD5431695c109535bdf358e51dd097d9ca5
SHA1ab83457a6d909edf2825c762e5b455750576977b
SHA2563b2628921d5097b5cb37d660acdddfd09f91fe6ebc6c7dd6bd5076eecf535c8d
SHA5128817766eec57c9ac1daf03bbc763d728889dd72de8ba4ecf8124901974e165daf654ab90396ba20bc37b838d893ef128c9fd9b8cf0f1ba503aa1c83066e0f785
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5aabb64a0c9c84bfd06f11ae6336d7676
SHA1f0a0ae99b42157011c9fe3adce68954950480ee6
SHA2562e3d62fd39efcafaed3c4ac4d17b2f97810fdde73ee8582db083097519584320
SHA512582fcae5516c8902ae50aecade214425f6a05e192fb4f79235250ff14fc081ba253041623c420dff77a7c1724b65dbf5c4f0fb5a056c0051d0e8f34c41528f42
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5549f585c9be865c8c06768f319c86020
SHA118aafc582945aff7d837bd4eedfa24c8122ccb13
SHA256a096bd909a8a4d157bb375fda80c2eeadc8dc4d57ab6c4ea985033ae12434c1e
SHA512ec9068c483152ffd7afda05c53224057dd033c189f2802b5e00eb31628ca6b328b28c729125428d04b50bbd39e05ce201c2cce6301df4b87473f653e3501320b
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5ca1c5b53053f5dd36b9910d94eab4650
SHA1c9e367040cb53f1c4118ad9cb70862b442f9648d
SHA25656fcc15328c7319dc4016613233478ccedc62142a6bba991443ebe58c7e02fa0
SHA5124cf1af4d889760b1ab7ea284dc9888e9d882c50f5e159ca6c05062d5367e650fbc84ce52d4ac948f160478f61bbf3d2cea8d93d4d9da828165edac0ba3b7c2af
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5f46b43b5ae38789f46e577053788a273
SHA1a2bda8f3e45acfb75f5377eca804a37452ebbebe
SHA256897eb9d0149687a5c2373d2843c971dd672612df41b2dd3729bc43de4239c613
SHA5123b922b4b5f17102bfe0f81074eb6c8cc98f549612ef38b19c23d50c9532e3a5796d81347a26c937e4e66aa930c0db59cc38404d0cc33a944aba5a8633da56e16
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5f02eca1eecce68357cafc8154aaadde3
SHA192a4578598829e03b4372f0b71c7662320c73a55
SHA2562c7a1a0b1f25040aa171db6ee3f5b85b9b64c01b1c8abc86fb1e5ed4fefab247
SHA5127e0feb44e06e501e11459ad7e30e6a0482c3e40d25f1ecd41a5f90e070be9b4ad96b3291aac68b7ea69e02862750e800f5f9e825c13df21be63b0a6c3978794f