Analysis
-
max time kernel
95s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2024 03:04
Behavioral task
behavioral1
Sample
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
-
Size
75KB
-
MD5
a5944e7d7015005ff33bea60d9a1ad2c
-
SHA1
52c77133168d22291d8914dbd3aeea3597f7eb47
-
SHA256
c88ff0d644fc030ceb84a8b468bd74191a78ee06fb0344eacb7f353e69e587a7
-
SHA512
84ab5546bbe1847df979cc7093b0ec36c3b7105e1ef99cfdb6a4ad7c1c31b72480ba9bf6f603094ac192f6e54f1f7d347f869c4d02484bddfa9318f4995c3e65
-
SSDEEP
768:OrVDCpK4icOBfOImfxfRc9/LO+Ssh88d7Z6S/UUMmz:Or4pfbOB2nfxRkKjshj6d
Malware Config
Signatures
-
Detected Xorist Ransomware 8 IoCs
resource yara_rule behavioral2/memory/4040-5679-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-5682-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-9874-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-10889-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-11206-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-11229-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-11234-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist behavioral2/memory/4040-11235-0x0000000000400000-0x000000000042E000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wstorflt.inf_amd64_8375a9378e7227d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\nl-NL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidtelephonydriver.inf_amd64_43fa6b1db642df7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeiger.inf_amd64_05ca2a1836c16cab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsmart.inf_amd64_3ca4b12cda56232e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_tapedrive.inf_amd64_a3a36e8f2c921ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/4040-0-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-5679-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-5682-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-9874-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-10889-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-11206-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-11229-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-11234-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral2/memory/4040-11235-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\telemetryrules\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\MedTile.scale-100.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MicrosoftLogo.scale-200.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-80.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-125_contrast-white.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-20_altform-unplated.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-lightunplated.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-200.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-100.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-125.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-black_scale-100.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\NoConnection.scale-100.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg7_thumb.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-30.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected] a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\forms_poster.jpg a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\affDescription.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-125.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-125.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark.gif a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sunglasses.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-125.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-200.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-125.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-100.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.DeveloperLicense.Commands\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..usmanager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5a9b945c1e621c0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-100_contrast-white.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-application..-appextension-winrt_31bf3856ad364e35_10.0.19041.746_none_f1c93f530fa21eed\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ation-mfmediaengine_31bf3856ad364e35_10.0.19041.1_none_c09ad1a240667a35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Appx.PackageManager.Commands.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_c_fsinfrastructure.inf_31bf3856ad364e35_10.0.19041.1_none_7542c5a4cc2560a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3b21483effdddb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_pt-br_35e66098dcc078f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Boot\PCAT\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.19041.1_none_f725ad3465e95fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_46cee54f780dd2e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_10.0.19041.1_es-es_ce45e29b505967b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_60dbe57cd682c53a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..i-appcore.resources_31bf3856ad364e35_10.0.19041.1_de-de_3f5145a1cb4fbcb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tabletshell-adm_31bf3856ad364e35_10.0.19041.1_none_1f2c47adff67b9be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-usbui.resources_31bf3856ad364e35_10.0.19041.1_en-us_627153d543c5cbc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-w..tion-wiatwaincompat_31bf3856ad364e35_10.0.19041.264_none_38c68dc04ed236b0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-clipboard_31bf3856ad364e35_10.0.19041.746_none_9e7325ee31555ff3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_networking-mpssvc-powershell-core_31bf3856ad364e35_10.0.19041.1_none_612c3a64b8567227\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_et-ee_e6e3f803d394cfff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\9.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.19041.746_none_d27ff5d28ffba55c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tapi3_31bf3856ad364e35_10.0.19041.746_none_3f41fc96ee5fb280\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-system-di..s-diagnosticinvoker_31bf3856ad364e35_10.0.19041.264_none_d7bf0361c74aa88a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9c8e11039e6715e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a5f5f155cd89b58d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_stornvme.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_240d6862d49bf1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_et-ee_bc1e5c35a15ad8e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..injoinaug.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_624178b16517bf47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..sync-task.resources_31bf3856ad364e35_10.0.19041.1_de-de_da595b64bbcbe111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userdeviceregistration_31bf3856ad364e35_10.0.19041.264_none_f73adcc603736cb6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.19041.264_none_2f9647f4d89dc6f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-healthcenter_31bf3856ad364e35_10.0.19041.1_none_614e2fb703320228\SecurityAndMaintenance_Error.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_it-it_f8576122041e54e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_10.0.19041.153_none_0dd9765b24825c44\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wvmic_ext.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_63e3406ffe292e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..playcolormanagement_31bf3856ad364e35_10.0.19041.264_none_a3480f382211d45a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-media-streaming-dll_31bf3856ad364e35_10.0.19041.264_none_36a6a4c39a43e30f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ne-dsmgmt.resources_31bf3856ad364e35_10.0.19041.1_es-es_a51a6b3909af1668\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_346086ff538bebea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-uianimation_31bf3856ad364e35_10.0.19041.746_none_69765476ce6b52c3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-com-dtc-client_31bf3856ad364e35_10.0.19041.1_none_0d38a58c8d0c111d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_218c3bcebc8e562d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ntdll_31bf3856ad364e35_10.0.19041.207_none_36fc5f8a5adba8ab\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-cabview.resources_31bf3856ad364e35_10.0.19041.1_es-es_96cb5740729d1bf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.19041.23_none_e0ffbfbf1dbf1502\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-srumon_31bf3856ad364e35_10.0.19041.746_none_c8726acf7b5fab61\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.546_none_8fead816ef2105a4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-32_altform-lightunplated.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobeoemregistration-main.html a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..nager-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_762227ad15c6779f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_10.0.19041.1_es-es_b1e907239ad88df9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-hid-dll_31bf3856ad364e35_10.0.19041.546_none_b0fc2b4fa57aa37c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.0.19041.746_none_3f68c845997377c3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mobsync_31bf3856ad364e35_10.0.19041.423_none_d37b8b15a822ee54\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_cb128bc2cef0d746\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\ScreenClipping\ScreenClipping\Assets\Square44x44Logo.targetsize-24_altform-unplated.png a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.1202_none_7cdad2e52790705d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..onplatformcomponent_31bf3856ad364e35_10.0.19041.746_none_95ec1c98038e4717\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_lv-lv_89e1234a29040be2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.happy-hack\ = "IIZTZRIYOWDQFAF" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\ = "CRYPTED!" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe,0" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IIZTZRIYOWDQFAF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gKG5X316bUb2Uh6.exe" a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a5944e7d7015005ff33bea60d9a1ad2c_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5f7b74a1b01808613dd73e3fa35cd3327
SHA134ed5959608725dc00be06f1bb4d0519d1631229
SHA25637d14455876e4ffda4b11cf980957cc1ba69c52054f562265c44bc16c5f11c68
SHA51277fc21517e5392fee477f3cf0f2a9c953d3c3966412cdc464d4e88a08f29a1c9e48c68c974ba828f51f8d706edbc0c49598a0ebab5850b34843c69be1cf66f64
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD580f4883fb6a9f4b0305606977e3378e5
SHA1557424057f23b191ac02b0f419d5604aa106325d
SHA25627f642253c335fb91d41732204a4cf8362f50afc9d1dad30fc62ce7bd871bf28
SHA512b8b47519eb4be122f379079114c6cf3634559c677b672011876b9d338bd42b9b36987b85966dfea470ca3fb8fcd6a553f833e8cf2a57c62e65ba14f9c4163e66
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5e2c6596a8ab052fce96d7c43c1614afc
SHA144db4067f8fe647d929826556351b5f6ac912d2b
SHA25672e6764a90cfaf1204698f222bcb08a2d5fde2566e19222216a70df9ef5a2ecd
SHA51285b1b0d9885982838505bd10eb4eecc971f3cb294d97e9382d646116cf61b775c6cf986c234bd11109ff9c09c3752d0c6bc09de3367fa77fbcc6347f1986c354
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5375aa61c30ebb4fb435fdcb7daab8221
SHA1d76f7ae9ce490aabbfe44bfa035c38e79034e669
SHA256c0937a25fb111c774bd1589e89c740dc73b9cb6b201df9c611abbc44d5067d9e
SHA51212df878b94e2efaa51ca9b8aab87ffd1ab61fd4c89f49236151dae2358a8f6c15a20451689dbfe55d887cbc402663f97285c918e6bd4af450f397b5319cfe0c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5d0007e61116b0d21c35a4ce92dbc46cb
SHA153c1f8389180423aa213078c600efe345c731053
SHA2567db2600fa450783378462cceedd2d6472042696f43fed74930d966253861fcbe
SHA5128c721459596c5bec6830d59dd11bbe0174c8ee70b32810385f3e062e34dd0798cf4cc245c0587dd751a41b4d4eb3024c04fdee54a27bcb40c5927a640a8d8ae3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5580ffefeaf8cabaf98efeb005edc14e4
SHA1d2cd9e17121c4f93380a7da56500193393b1cbd1
SHA2567fb680640364f7c9ebf9aa313c65baf3f40a9b9f02fb48e918fa42daeee04994
SHA5120927aa9ac83d84eedfd2d4d4ee029da65b8bfc002473c80da98497008cfe20c41ab2c5f72ea4d742543e90aec053d49a3c842a0056e1ff826533e959b176869f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD57c3b536f0175acc04380f318d083d207
SHA1594c40cc99367f861c8891ac863eb3153353d68b
SHA2560c64d8c65b77d338ca28b0fa8c39f4093f39e4efc03e8b71b82a813c2c19b15a
SHA512a9de4fb1e9c2b73d8980189941b53dc58a1d9d5b665f100a5ca0c95e8570dd0790b7747d61b2e77b9d158e4e8619a1c6ae9912e46e9188bdee0eeb8e71522bab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5138dfed259a14e6a48b256140530bae6
SHA19e30d8714a4d1caf3a59bcec1f73651f55d1b68a
SHA2569f22c3bf2921d9d82de46a23f6b282a023688fcb7821cd21c2ed87748fa3d806
SHA5120a53c2a0ccb7654cfc6a1016976adf84dab20bba904ccc83bc599b9c7fba42b88bc01e0c5eeeffe7a37b2627287c5ca4b400ea63fbf2e2c7eb03d512608a03d2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD554ed5aa0edd168a3a83949cf928fef77
SHA166f4be51ae0bbf653509cdb16241fad3463e442b
SHA256b3ccdb91e52434f51428f1d2900725f23a3a1c7af7c3ed1c6f579e648ec7ffa0
SHA512e6d3bc5bed672b2ad93126cd2c81c035de7a43558da8b37f24f9f5929953faeb258987d843ef2daf71b299f021336dd37d395c399172d06b15f1239b29201ab1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD545ba09c41dc67ea641e6e10cdd543cc6
SHA177c356eaeabb682894250c173e514dab6acabfc7
SHA256b23fea8dc4b2798ef01a5207280b56ceb93eb18249c51a15ae48818c64ce677b
SHA51230ab145ca8ed12e108c596511b7174a1d638177946a353eca554eac620b8aebc4719d5586751ae28b2563437b9087bc1922f768391ff24a3f8306b5621587b3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD59c38a2d56f26fe8ddc04c8fe22939040
SHA1f621d6051b32c23a2710e4875994de4eaa04c648
SHA256aa59c3f8ae935cb940d5f3ccdf0898f92f59f8a8e02b55270d6fd10ec9ee48f6
SHA512ce3dbd538fb9022ee9f8bac65c7f1648ad5a65aaeb3a60977b5a7077ad3fc739830adab1b6839cf72a67b8067718b8f7c7bd9ae8a98121eaa28816d4be3be30c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD550e207ecc1efeb9e0ecf3a9948819d73
SHA12564cf7d379eead75205d09c97245e2168cd96ef
SHA256270ca119b373f09fad88dbb5f42c61e76a024bfcdd205ae4284ef68a1918fc22
SHA512e489894358d0fef0911466605d5addd6df6d82b02f54070ad9ec3f88efed1940d6ae67ca06613178c8d1d55efe4294c9945f2e2027808d4e5c7ed1a2e2a506da
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD54fdc568a647b39293a44f68b93f19297
SHA1302d757fd6a8e968c97fe76953bcd516f7c5a33f
SHA256e4ca0799a468b7eccd0869511a5c05485a9c983699a00c09f818d83dc3fc3187
SHA512e68859bae66856fc4a6a0ca939b89d1b18fcf0b54f54ffa027421121757189bc6d56f4fef5d9030c6f9cc185340a49dbff46e179a4280ba435d50baa5695517a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5d64e2595edafc8f4df678c9164b1d828
SHA17ea10a71b71eb193ed58911cc109711f1922b5a4
SHA256338e9827aa96fc189b6fdf6fee2cc8b59abf3516e5dc9b584ba7bf1616b2e4c1
SHA5120bc6b8e9a7878642cca3ae85e1c8921df84d8567f0d28fe19f9642823c9dd53b16c43f3d27057eaa07d8dddc911895bcbf6a5afbad0e00caa257e9f50c2861b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5bf0b2053d5dc0e7ee6d5fdafa0fee4c9
SHA1736a91625f62138456b3856636f9797620e9c6f1
SHA25637db312b0734bc681a9512eda4688408ee2af61ac2a105708f5d4f0f9787ed75
SHA5124348d6e7534e7b12969a582d6cef8186a7c2feaefc162dddc2a54483fecd08c40266a2a8435d32f33fda243551f61aa36046e68d9b05794256565d10e1812cf6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5e85c4ff85518df8b209dedbe269dc206
SHA16477c712259c26cf7af722870ed0c470e79a77a9
SHA256bfaa24d454d5d39ba313f0fdfe5583824685f8b420cc21b4a426f9a965e60a44
SHA512972a99b0b593ec048d1bafdb64efa01f4139c8a06edab923b48ce1d4088fc215b5082ab494fe1470f408998c11b225c3599cf47e0da70f69dfc9d98aa2e2c7f1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5cb56c64957556121a3dd7b14244e2e29
SHA17f813b3181ddde4d2918834152ca99adea55674e
SHA256a49e62f4413bc6211fdcc97658b5d5a9e0311b6083cb4d0ff66bc7cd19fd7ffd
SHA512826d41c3d545a85298da0059d064549d2766553b5a134b08569387273d7cb96159046a2fa3d26d5a001f171861c67451a8bbe9237f73b9d48c786a26713ddeda
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5c7378ca2e66617b1b87ba6eae292e0e1
SHA1328b733514ba10e04524c82c5d79095ffe4f7135
SHA256934c6dba7b017d57e3557987a58bb955dc9b47c7460bc079378a6a34e14cd88b
SHA5124beb3a8015c53529f7b1bdc42911c17d9eb16857ef111dd289eae0e1934be00920fa5f551ed5b8d2c7f06899ff0047bdb92658fac65a821ac0af27e6b45676b8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD567d8f58730889a8570f3c007efa43ea0
SHA1b124aab0f5e3a5092d9814c662d2695732ee6b77
SHA256684d3bbf2b939f42b3289144b2ef3daf6c17b64f387426f35ea20ba8d92ddc30
SHA512839b1d8d9b02dda047f2165f03c6144e67941ca05f0cd101d9dec9a99c12cc405613428bc2e80032b2b279e9acbbc5d94acaf3175d5b0c6494fdc1a6073dcdeb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD556b669b5cfcb0d5137a46e9e68b25724
SHA179c100cbbe780e567389f49266354c141247c6bd
SHA25661f24d05b20c787e6c59f38f4748044b61dd13ec6dde678f41102a9a3c9c9a29
SHA51229cf7110b082f179d875b549eff6ade1a9ffe61c5042692124067281b509e2275d12c6f3bf8e3961bc12b4169d68757f2050e6c87d54719b6201c28d874d797c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5da1b81684c38bcc3791a6f6d256dff5a
SHA13f8951d649df73080be02a2811bfebd6a709fb0f
SHA2564356ed2374f270a09a55da73615cf003c17e1aea5fa86aae37c7f640ea710d8e
SHA512b846acc0ea3f3ebaa9d0a49d376c2d4bb8da7d92ccd6b71c9fd51e8d86584d8500e7935837d08cf82a0eb3d32738445e84ad7b9d9c5bd1ea878e3b082b8c61d0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD56b5779450f0102e64a48e3a5ad56de74
SHA1e4dc6f754abc344453b93cc8fa1911826298c7f3
SHA2563f3b0463e4dd2cdf1619cfb991a2462e0731db3c9c192d4c96c917b3625e09d7
SHA512b76ed3d40a646257cc402caf395640f54204521b96ffbc0e3f0fc38ac3a38373fb5af71434580ff64fd59a9d4bda1eede260c9770fe65701b7cddd24994703c5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD559edf98529400ba453ce987f1d851fe6
SHA17afe30e594a357f2c46efe5fa1b7d7f362a6ad1b
SHA2563d753ed3b63caec27d59b0c53f4b39c54e4281eeff3d1bb50d2e1ed1f7730c46
SHA512cadf63d9cdaad08560ea1f3df1331200b0bc6a43872c693cc6b4ffd3cac95a94a6a7c174e4249fb5f253d0f980ba6c5773d0d394a444f58ac694773cdd23252f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5d6aa6ec0f15f2d4ea946f9e6897fd41b
SHA1d8f668799226e9b9e84f602a376debd84d890f90
SHA2567156203c1c8b35e69e2c6cc461dea5dd887f6f89a22065ed716295d50fda39d1
SHA51219afb225104d4d9e194ea440227bce3b1a949e409b1b9998e084c13ea729961a145e8b36913c65cb8978c31cec9add5014b6a908b3626996316e9fc6ced65b2b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD526a32649f899bc2400a0af3f2914662f
SHA1bfb562bb84bdf974d80b179414b1fc10afb3ace0
SHA256939a0f37755e67a7e84d20956decf1ffb2a46869d82e63a0b8697ef0b81b6689
SHA512a36dadc0f033c11e9c6f47da7aee22d8cbf82c2e7abf9ef0c682fe457e4df75b99049d445200d538403574085f84f4411b4c96424ddc9bf6d7e41a3f9f0e6ba5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5d6ccd75c44abd203073cda674eec924d
SHA1d2dda94f5c6a415f9a92c7a43b2ec219f8d484ec
SHA256cc2b014ea28abe736ad8760ffe664d41b1cac9bd6475aaa85dbba9e5e2659bdf
SHA512a4840b7278f31d6ce6d3fb6895184b4f40b1ec092fedcd73a2adbe204e0f2fe7dfd63d792c4acd6f2aa45e4b9be69d42d79af38e87184ddfcb1e167625c6fcfa
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5eb99641038baea41afac01ab68d9d439
SHA155775ed0ba1e57656aabaa7e87c3008e724bb97f
SHA256ecb5511ad522486320ee347f973c3f0710716b002ae3521ff5b409a76e563c39
SHA512fdf7fb8129ae600e92365793f96de56409734d0fc75c448f4e9e2ad359f17857aec9f9b28972e0b5de0411d9c93c39a88137036e729907d9f8e439ade87dc8d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5c1634c99651c5e6a5d640b8f2041995e
SHA152bf865ed2dbaacebc74134d665dbb594e183efa
SHA256961e87b83e468cf1712edb9104bcdc7f96af3a6ef0ebc28d93beb6730b906cec
SHA5127c2d66478143db3334c000a7ec3cabe7c6393b7a4e10b37082f42c23f525e4094962d262cafc4aadb5195c43e2a462c9f05a2f78074a0387ac748a31e4a4d05d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD59017982d1f1715dc1dfbf3f00cd0209e
SHA1dae1adcb8af1d9cf52f015089ab12af02430ca86
SHA256773b5b157a436927b0df6424830563b8a1c9917c2ac14ae47c60ef68266cf7e7
SHA512ec8f8ea0868d39abc993c8444a00e13d28b54b9ed2a2c64d2c079ac139f36bdf6316f2e06457f9617459048871965f80f7cf431244aa5eaaa09428363ef59d74
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5cbc84c0e42cf1e9e8e5c818a05588634
SHA1274a2efa8c932276fd60f5c795f542707a9934ac
SHA256dcdf144dcc5ae2c1e0ddec95c4d717ce5019307a347c1955eaf780be08d002f9
SHA51288085e9ff821e2ec7ffb3c3e0036c908fe5e8f92cc201bcafff1fc8acff8d71c9934aaeb8c567ba8238cd2bc0cb5404e804c83a9ab5c0807ae86566a64399d1a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD524a66760648e9446e977358245bde963
SHA1dc66fad7db2a3027c14ac46db31fcfe8a2dbabca
SHA2569b25df1a688249b65795f49e04d7b7fe5d2d019c93e430944d8ca491a6c6779e
SHA512fbe5886c2ddee09e562e0f90d8889aaee79841036a51091e4ec2abe2d7a8c8024f8cf93c73385928ca00f8035a0ba0b389fca5b56e23ecfbf79d221322eaf41c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5cf0b3fb2d3167301ea9caa3b88430ed5
SHA1f1d50c5b9588ede62468595235019a483b8f72ef
SHA256766827adb6f709d20272e609354916f2ad7b332844b59f036210d82d59aaf7e7
SHA5121927cdae71a0231840bdcdacecef67389c449950deb43e689415bc9b03440d468376768f3f415f89284c2758ceb183ce111ba28d0a24319fe2050e8907dd479b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5ab5aaef07ca151f86532ebeb9c6f27aa
SHA14b15917af1e1e664d7453d64a3d5a888f513f6e2
SHA2565ad8bcb12f88729988778c20325b68cd7c9d0ad15806e550ccb28fa5e4224ce8
SHA512b1996827f727e38988e952abd079dee98aa0007b3bfbf3972cba3babba2ebf8aac06ccc912dbfbd9ec7f0d8fa8da2ce0bf6c07a9e0ad3bae6d17f0286f0991ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5c19ec5e80be613632d1e88a4dce87282
SHA14df6e0dbd4f8e1e637e92e08d6eee61898766531
SHA2568d7c601c9f5b0ed9faa7d8f2f7a1225ffd0ec19da0b99bbfef0555f303ab8f8c
SHA512abcf4a1a12fa735556e430009c748dda9f3c419371ebd24d97d45f72659609a3259ec43c112320dd7f84eb6c70f6f5718c174e6855f74ec0f5ea6e2ffbb03ed0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD57466706d73d174deabe3a1c28e9a85c3
SHA1b5eb8bcc81a41d10fa8f92dd48a8f384db3ce51e
SHA2565525ce89b283e379562dc6b559dacf80f90f17a087b51de4b661f4b23846b26b
SHA5125a1deefb4e28e98ffcc1b9d8120f43570948f2bfe5d8315e5650241c951db4d950a463b79905409674d6089e51f2638883bc75641f2ea93cf99e6e0278753fa3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD58aa070a4879a7a08e0c2e3c5d4d83605
SHA19cacc94fafc27d46bda7f8b618b177fdfd7e4425
SHA256253288460d2c4f6e3e5c5bf758caa9dee16b66eb96a8366424e5e07560c7d5f8
SHA512da295267e13a811d4d13fb5f663b75346f82a90c9ae5dff34dad1b8ccb280d753bcbc41458a564b1af36c0e98500bf484d2c3c9104dd00bfff8c61f555c6c1d5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD50ffc02cf9548f798857d4fdad486f105
SHA194e1213882ad91c6e97ece6bf676539b07d1fcd7
SHA25610db3443f4521694bc5d62b89d313c3b7c37a132fb7daf018f43c3e5632282af
SHA512303158854d9efd6bab0e446d2cb8650ec278a97a32665f845828730ecf0aee6149196c9362da27ed76b4e069b5f069836895cca10913cfbaa8426485ba13b7e3
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5c0f60fd9bd97524495eda94fdd98dc0b
SHA122b434b858a7f436c7957bf319ff4aaed1a42922
SHA256207c577faada02e75a759265006b2ed10d214a781a919146eeea97855ac2d5e4
SHA51226634a8cb706c395c5fb18081eedf46adfbda1f80eb278ac4c50d8afb4db96376fad87922940f18f4616b2a461dc33ee63e80097493f17ac69e22c94eb03ae73
-
Filesize
516B
MD5d2987286e7c10a94c88eac7ed4bf8cd2
SHA1cf80d111a96cb914bd4338b93e57034eb70af8f9
SHA256cc5f8be5ec53ee11a61f1d380985ccce61e0bdc0c9b97cfe20b4ce1b45ffd2bf
SHA512638ff7d95dc3332e862a2ecfeee36c74d33793ac2e7eb28f748aaf81673f8dade1ed73248c2b2a355293135ed3d71ddb95107aa4095551e039fea3a69c6be61b
-
Filesize
153B
MD50cc01bf7c0763dccc55ed33cfc5d89f3
SHA12a34db5912f21bc5a3f66f9b267e75427bb29a17
SHA256fd4ff0e8c462dbfd7d5dd714dad7619b7908e8cac8dd7305d451a2da6b67b71f
SHA512a0cd8aab7857126e18bc361f30f799e9ffb478cf1e8b72a6df99894023c30a3a149a81b0bf62b2e85d2775e9e6d2889c538ee1bcdb4b5e095dd55a0903d68121
-
Filesize
190B
MD5a5122e15f8b9348c47ebc09e30230b9c
SHA1936e9a0bc37ed3087541a17a8133f3dfde16e156
SHA256ed9427f52e4f78397cb81d0e32926fd820fdafebdcc4a549b73d5216ff2485ce
SHA5125c83c46a2d78de3954f565625abec0eca3748030d21a84ecd4c5cd1f469d91fd1bc15f333a24cbad6bb963c691a53af18e75a99fad219682f483ae581c1faf75
-
Filesize
190B
MD5087713bc154e6e945b242815ae4cb1b7
SHA1fdea528cb4741ea1465c8d2fd292d0112eb00ef5
SHA2569f569336c07ff782fc567efba7a97150cd9ca8dae9dc9a3c435e69b1001b1ed2
SHA512c7c9a6e5e97511813f57aa40cf6b7c9f0e39f47681a25bc9fff99cefa76e36e89089baa1e405ccb8a514f75a0737874578fe51bf7818bd62822fb3625225a6b8
-
Filesize
1KB
MD5514b7284e15d524473dd6e649cc27301
SHA194d24368e4f3499940d7fce0aaabe252f389a057
SHA256c0c33281b47b7d6ca44c51378f3c89d751d03d9affed055cae8fc9f40b85d91c
SHA5123389bc4dec73f988ecdc3e2868dfd5d68ca6c8e0aa463db5a91fd136eab4625039db911620f67fef8c1029776cd86284c0585c03789e43d4b6817e056bc1a8bb
-
Filesize
31KB
MD5f90d213245f08a3538b8d763bbd3b388
SHA16eec8e8af206cdc841e33dfe03d542c8bf9cf814
SHA256618693e991a2fdc42cfd475c0f470765327bb274100772416184456c421d2c72
SHA5121a9a8d0d4d49e4ee568d3722105a0b2d4d0e2f351dace5f46affa5023ea213554d1600bd7d70ee881e05ed9fe584a0dd611b5f835d7663c0f9447de6c2fa15f5
-
Filesize
34KB
MD532c5f91a553f823fd0298b38bed1db00
SHA1a46a7f5df9ef84c5b7a415734cda8cf4003a6e85
SHA25616ad961bda4518e959c6242ed724a05aa46b83dbbeb3ea9dd84ce612aba165a1
SHA512855b1556d4793a2fc7c2327311c2ebea6b13650b99f97941f17c3f0350300f098b295f558041508d5fd630c86b57981033469c3aeb942ebc11227a16fc0384eb
-
Filesize
23KB
MD5618f71fe9eaa2330d6113274bd59e07b
SHA13a32cfed61ca9a359324707c2f6631c23bd0de35
SHA256d92d7d995ed8f18bf4ac96b02319398cf27e8c68959cea151beeeb417fa631ab
SHA5122dd68ad2779ff21ea477bf9c3b1c49c56df497af83864ec0a5590170870868041fa141e714b9c88a18c4c4f28df9cd54ed4d67a9202474bb98d16c827b0fdd00
-
Filesize
2KB
MD5680804e4d200de4c3426aa76fb69c8fb
SHA185353cb97ca6c1ed216ffe4f1fa01913e06fe232
SHA2563db930bec72c328e1986b26538fc8b0084b9be2f9012ae4f5d6d8753801858bf
SHA512cb0fa086ece1d42c863e9d70fcd352aefbbd9dbb92c96840a13b67e4fe1db7a04590c7c823c2928d685653b73efc82083c4e56c963a4bea009f83e1853f4df8f
-
Filesize
1KB
MD5f8197d161778ae564634cf521467c380
SHA1000e56e3d28a2fa321f39c7e30f9e683c360fdbc
SHA2564e2d87ebd5e2d2e7c924231b61f4518f693ce85937a139fe0874281078454df2
SHA512c11b4e406eec3dd52754e1f6406e2861532541b60b5ce0bd2176c1cd216f8c08a6c6e56ad67529880d24629442fa957bdaecd13bd3387d410f1d93037f78a46a
-
Filesize
3KB
MD5573080a5b0cb8f722602a886b6145f79
SHA1914545d1f421e85d1e8424b13bb4c5015a21e46d
SHA2569d59359b67c5cb4056513368886bc711501b23899ab29eea19c98a6badc2bb55
SHA5128467600e9dc42ce9dfa57032f9d7eca038ca86f7dff6fc0b45eadcfff14dbbe11f1735f6e471314ece84615c3bd3a3599c888eff877e97910eea83510731bbf3
-
Filesize
2KB
MD50afed3233a3c75994f75feb235051e8e
SHA1c02a354ad0fff94a53a19ffbfd9cc1715b7545d0
SHA256ef33126087628c139a3eddcc5acf06ef218d7442624b6091e2f71902f16aed9e
SHA51229c3b0a9471bbdc990c961b6525f75aa6ae66aa2c3d28215a21329b2f2e5b89f40035b9216b510905a3e5413a0125267ed7cadda24f778015362361a24b74869
-
Filesize
5KB
MD5376ee00371e816c00feefc7c2f17d4fe
SHA10681754514c91e318a5dd18fde53cbd33e6dcdae
SHA256dc36e45723fe376a8386cad56d3db97a3d2b24226abfc1706d1185b4283e3afe
SHA512a8b75dc02c651e53b218fead06bdde23a66d5ad119b5ae3a4113470b490f5279232b1f38b697ded1cf480a9c551d980c8cc961708a4b8d3b675e8d3598c1835c
-
Filesize
17KB
MD57e8dfe8de691800499ce4193f81a14d1
SHA118ca734f24e9b6fb9a554d9cc42143bb092961ee
SHA256d9a560801ee751222e52dd07f516fc9dc7d6fcab69ca1a189db183a9441bf595
SHA5124a22bf9c7ef98b6c28bdbf79b78b9ed1e6514ac4f961330bcdcfeca0b29540f9febfaf92098972e3ca0d60172e3a3b1bd2417677c582895a3fa016bd7d3ac0c1
-
Filesize
320KB
MD574ad7962866bb5538c7df1121fa2ac56
SHA11df05296f5a5fcc13cdeed25e7988bf2a1d3b360
SHA256fd43274d09d3a7ad05d44d16124b3e078c312c9ef9e9cf30a2f6e30715524956
SHA512319436757dd479fc2519e802ae2fa02cfa554a7b41cb7b9dec80f7f3bbe25e0b85a7fb2ddab50e959ada6df910965c4e1d24cce39988f8ec8e1862a60b06e1bd
-
Filesize
1KB
MD5a1277c321f2b43ab8168fa586ba1ffc2
SHA137d91d532fafa5581da90d60fc184b671a735bc2
SHA2564e321c266f9d8e69b14414c345ad64b7e4a94b7f76dcc2e1578baaedb12af72f
SHA51234f8254aa1e42d79278f356930748c278106561d77fe46f97831acec458f9c2b5baab274092c5dce798bb299703e38502d6ff6d7ace2424c692f4912d1637f08
-
Filesize
10KB
MD5f4f5188d60eae7da5ad19e47cf0c32b4
SHA181f6bfdbd6c28cb2ff8f3d203997900bc96f929f
SHA256b03fff3cf1ff59521c2a05275bd72dd839b2b1ecfe35e6f4e4aaa15c0f6c5c24
SHA512abb585641dc15b019a6ce4c32f40aa482f25d9f3fc422dda439d113715cc5c115f7ca9c5f93dd8f7e4a980fa781248f4ed744865cb64bf6eb8bbf322b35ab979
-
Filesize
3KB
MD5b1ff669f62387b6c2ad93e265498697a
SHA15f7f38b2a8ed13d1395cd2958c91ff8797c22c2f
SHA2565c584693ebe88942abb695cc76093f0c587c314361c811ff3fa445132a6135d5
SHA51215c576d6a859e977c9e3a1a6d0b6434447994569232f164b56b33adc3a8c9097bfd3314ab4cb2fc40085c37a090e377cfdde23c7a827424b63bcb488cb8455f4
-
Filesize
162B
MD59290c8c124e28c1b9993ed20ea00d49c
SHA1233d4696d0b2877b9d09a3f1f534442102b74384
SHA256410c237e35f3c77a26ecfc71d60282170ed84c0196ef2b747ad4934de1ba6981
SHA5121704422d59d1b9c33ee3c7d9bee6cdacb4ef11a1c6922ec449ee1f4250091ad38626afd0f6e242111f130ea65913c1b5383f17572d1c9e82e9200854244697eb
-
Filesize
1KB
MD502351a3c99b1aad2e9a6b45422eccf35
SHA155b512f4c5f1908c693881e73b3ae5480bac55e2
SHA2569aa21e71f610fe679724f9aab9ca558f67f80853375c54109d3491bb95dd5b8e
SHA512eea67c9358d2c3e045e6f14bc669e56ffba276d7e15b820948662bc187d50bbeee5c1dab26a8ef076d3d7fed0f2dd17812c609a4c0eafcf0b6f2d09e132cfcd1
-
Filesize
3KB
MD5e00c6e4dafaf95b93d2bc7d4b3d7f318
SHA114c666c25c517641444a92cf2628f28870ea02af
SHA256c76b5049e3ae29a6179de61841a0896a20f12518ef9b0047893a57886fa7aa37
SHA512d155e1bf9770c98468836b0555553357c8d35d3fa9595e666cf655ba545d3ac857835b4a264752e3eafeb56cea876bc006391882e1b62fbed8e1cb2f2975393a
-
Filesize
1KB
MD5f8006314d9740404d6416bbad6cd797f
SHA1d617d4dc41eecd46d55606525f7a2f923d305d87
SHA2565166dbe39fc00f2081ff8e20ff7d00c8ab741824d5ae59e7060b88f4c704d68c
SHA5120cbe62373172f350bf8aa0e025fa7e51dcd5da4dd3be46725db3327e914ea9eda954752b14c95fa1c0107e4d64eaa7d447e48ac67705601e9750d1119bb79fb5
-
Filesize
28KB
MD5e0f0715795f80d8770f7f475590e9ae9
SHA1cd9d2a3798ab99246a93c110696b05347986d8f0
SHA2568d03be3d832ec0956e4782174260a552c64eeda8d2a0e159b7d11471531ac1a9
SHA5121979ddc6981cef9ffb6e0c04e077165a42fe1a7639d5e2c10f1e504dc9845fef031f87d75b449ff166e2e7a08f85a765eba2807b9efb60ed5920993b4e6c6120
-
Filesize
2KB
MD5c8c44de29ffedf51eb3b9bd7f60e685a
SHA165eed414e9cd67fd7bec8c13a43fa5bb736d8f55
SHA2563f9f8c282306d807afd64cbe894149cfa571696d3fc138434b37f50541b566b2
SHA5126926e0f91561dbe87dcb05d13e6317e2f214a1cd710c8215ee66bc47910662d0b6fc205fff54703dd8377d849a890786dda6c347e2aa5631d4dc7c98ef8b0a47
-
Filesize
1KB
MD58139ad54928d6849509b557895a02e86
SHA1fbbc033482ed7ecfcc1ea28fa45ad5fdfac2f634
SHA256318f904236d36388f99886c81d37acf3bfdfe6a2c908bb9aed629d00a693bed4
SHA5122abbb70e83f51d20518da8f4876eae27ff19b69004d76ffb871ef63fb0c900b0fead014cd82baec1cadd96b54856ba42acdd97a519344471485cc9e6a2f4f02d
-
Filesize
2KB
MD567ce77007d8ed01332e7b52b52b47f0e
SHA128353f61341e19e7438df0310d49d4203595d4ad
SHA2563b5f22c6ec5e5d062a76bc3815650fac53ad6131c054f3eb7edc63fd93be4247
SHA512361901bd1e7ef125e227ea81e827e621e1959584137ad2dce5e3a51b75661b38c5cac7e8f9418d9fe5229533502099c19838c1a24bfcf6ed062808991b14fc2f
-
Filesize
1KB
MD503efa01548ac819046f2878db70ed5ad
SHA1d18dc07c818f24a8f47c142471cced6df9774013
SHA256b1366b1130c424ae465616423759505e4c466908f510113f07ac500e82af7c59
SHA5121164e262066fa862c633a4019f0cb8595158ef823e38b96f93c3f223b34216b0798326257dbe21892b228cde73668093b6076ccc6d0ffd2afb0f60627bc52bf8
-
Filesize
1KB
MD542d0697e8d178ddb9684e54762cc4906
SHA1dccf300b1c15046baacb8d638c4cc9ddc1b8073e
SHA256d27a5b943f39d9cf9aeddc5c57a2bf3b9945e62045e7e6038d27a98d4445a7c7
SHA51245fe660653de01a290c2b6a9db6ea1652fefd3b0144d8206657fd33363d6c46fd424e1d8f98e50161912af08248e0a9a0a702244c2ca3473c05b0991412f87a1
-
Filesize
1KB
MD56a7d3bfa5ed26cef4c5714b7f3b0b27e
SHA1b6fe2bd75b1c59c2a85467df8fe7f33131438a9e
SHA2564958c4b59c28fd2e339b63c4efabe6e8748e6d6c3fbf4af838c6bb2bef966d56
SHA512621c509b14c8975cf42c32883aa1b4ca24f909515cba1e695993ab4cacf63aa03f224f08e0e6148913efa05c42852186d927538321f7438cfee207aa42d29d79
-
Filesize
3KB
MD54f5c3417082f78f05758de68b295436d
SHA1a5d4e334ea394f0f1d1f150a08b677a5d121c9b2
SHA25622feb834725f808a2711d48949d89662294b5569faa2ab0bd35ef98240ab68fb
SHA512dce50943449e4ad1722a87f46bbeb23773550c72166d3997841a2fd3de31852afba25de05ab97bf7add1c9912a7e08c722df0dfa30b20df9b44f52c5a25c33ff
-
Filesize
2KB
MD57490c56b317638487656ccf2e978b4f8
SHA1d4fdd014df629d93484a166f7dd56f6f90c29368
SHA2565f66a68f8b0e644c5e58345c9825621a9ae959f65ffa4a9f9c951775e708fbec
SHA5128eac0e75b8b84e31517f32c805fe65a993c21a5b00c3cb70dbb3708a0988f4de6bc8e92d19c1fcf5e71037b070db42b4c01e26975ad364b214e14b939d35826b
-
Filesize
6KB
MD543a45c5e48391811c03dd6c7f613910d
SHA15cca8d3a0ecd1863d7110c162fc7ab1723976dd2
SHA256ddb5ad6f8823c0669ef05ae9e6fddd3be8126be3764ea3f4b7551157fef76bd9
SHA51288fb3769f0e126c587627e00233aeebd5858f177a0c063eb323d16586bb9e991d8699ca10d13649cd779749443daa74df69666a31fe1ea56e05439652c80a670
-
Filesize
5KB
MD52671d25f66247611d161f697565d6956
SHA1a171fb8c6c06be07637373675452183e2f88376b
SHA256bca16453b1656628430ad35a051702870c3f2f7afaaac02c9300a6f5fa124c84
SHA512e620b1bbad4ef9550a2470b43a436060ff24fca6270e844d615bc019017c27b770dfafdd6836634417bf65c8c53a6749361def4432a456b94eaee656289f7ccc
-
Filesize
3KB
MD551d10d303989d338d7d45f1fbcbc9b97
SHA11b3381762131ee389a4c68352f4e413bc6007dd0
SHA256c22341b75d50811c732a4e0df5b6189c168431d3af9d77f7b7d9198919134c9c
SHA512a2d168672fadce155e0863c696e6051f5d14d40f7742c16731cceb08862e2a4f61fa0720c823f60d8116e7b3f0ded4a00ed2b3599a5f680ccfb61bac90d96908
-
Filesize
2KB
MD570f6a96db114a0cb980c71e06ea46be5
SHA11e06ab526cb4b87651c59801dee846198c8c7a88
SHA2560858543ec5859ad78cf8968f321f79a417b0c74c2d920098a88928c9369699fb
SHA51264368aa909de8bd0d81319f82cb4ff0b164e06b4046c00b75f75201f83536700de51e1daf3ea5c17b4233fb651fd032252a9c69dafd8834f5c88b027c52342f2
-
Filesize
2KB
MD5f2a86768bae592fb9722db0445baaa84
SHA113d922f301e4b83f0fc80f0c52bdd2db0c1727d7
SHA25613598483af2971c788eb56c3acfce0ad765b9049263be821e4218b1cb2e7d6e2
SHA512259e3bf6c53fd5bb5b4673a3c441b95fc74e53a9e04fe69796a4eb13c76c11fafa01b99971ece1f599707f1b0e3ee78d4516745f449ebe699fc700e927fa5ad7
-
Filesize
1KB
MD566720f224a7fdbd0b9cd84fff8717cec
SHA1944fc541f7d94d565fce6f232129d50e4f5e5418
SHA256c904df80fc51407654a5e5bdde83f07a475f6159f5b8d0106851cf966f634f2b
SHA5123489f45e375a1792fc3451be2dfe051ffee3f452107d621674fb2b5752ed507f8c39c4e5d391e3ace0479f479f47af14711c13a8301a8063479fccbb5847d553
-
Filesize
1KB
MD5c7c649669392ff6b3d2392d2a9f0e484
SHA188c68a13292fc57b18c1a700890818601132458b
SHA256d4fb2fdd274e47567cd2a20c3f96513d37fdfb629047699909cb5ac4858222b2
SHA5127266bfc117143cd24d29bfdb9925e2d1021b72ca48f667bebee4f24e2669b1e953041acb56a3867a33c934ebf2882499adab83b5000dbd2d66aceaab3420931e
-
Filesize
11KB
MD523d2f2232781e89b4c6ca48411e3ed18
SHA190ae4bdd72c04638a6e0665ad9523d3f90880fe4
SHA256714b747c6fa8eb5bca8f7ddcd55983a7a8b2e62c87561c78b2ba0461f02c374d
SHA51210d227b28fa519036ab8a70fc478f399de7d09ad2d188d0495a338013372d55944dd648add904a789f1fb384ad8a758293cb2743d816007b22d57d71c5f4676e
-
Filesize
1KB
MD566ed7c1f57397a65a1ff3973d4bfab53
SHA18f4888c83c6916203a5eafafb463124f9623d7f5
SHA256b3b60e0f119671053d789fbcf903054d9f3f1a246021d0e7af3f2076e0cdc9a5
SHA512b78ee3bc3ddd8ac22d33fdc3bbdc7fc9f4eb75fa4d2758994aeb0224430f6782da3bc92a74737926349e55d5014763af1ec53863f131c9ccef6c5d7733ec7d2f
-
Filesize
2KB
MD54cd288e8f1054c4a2f5b4ed993e99ace
SHA1151a2b0faa738d12bf38f6e5fca175b02ef485fa
SHA2567349ed96706d133f5755ca9661b13c9003e3989f8351983e706326695d18c4e7
SHA5128fb3ef0f36222f580992586cf66474c09775cde64bd6c89cef76a8f153fb5d1f37bb1216c00bfd0bf177645c3dc085f17c29bb8a95d46f294df25adba00c8128
-
Filesize
11KB
MD5efae87f4a77b352a995bea7654b3eb8e
SHA15e17eea6fe71322aae826af5a79682e69d8eee17
SHA256df4f12f3b26cb26f24d9ae5c03d4dca1130aaabb17aa7772193cde23b175a73c
SHA5125b0d43b68c96bba72b8600dcab25743d153561acbc8197b06ac9ec56d695812e12b231d2d4bb932a47cea63a56d17436447a50b690706afbd2f0adc481224ccf
-
Filesize
11KB
MD534d2b53889ad8de9761392fc3849a01c
SHA153d679ec52faa78c5a52d62e66ee1ee2ba6f4907
SHA256ac1c480339777231ed3fd00cb818ef4fe39d5fb5061b401922323a7b51e62be9
SHA512c8c7e4856b639bd8ebd5322f8104f93d6414fe828fe37dc2de1a2b3151d0ee6b4c048b5f82220d5d5a6f52e0facdd8991b7a8bb41a86f27157226e9e5dca0dda
-
Filesize
11KB
MD5ce48bd48e673740879efa519bf50cc24
SHA1ce7474b4cb995af34294892aa476814ba1000840
SHA256d86a2d8a2573a0b5ff84135ec9632b62101f3d47d36c854c707781d75db8091d
SHA512b97511dbfa8b7967830ef99776f4f2c7e7b4019c816dce41809a24459c0326aefccf68e9a7967e9c3d3a74722a9593c270ee3eb18348bb9f9cd0a7e1e1217d85
-
Filesize
1011B
MD5b7912dd216bf4732590f24933a7b6233
SHA1d65b20c3b3bc7461ae582b557beb79c0564e3432
SHA256294272545eb574ac931213a55b7153857842e70ff74e875bf1572689866e49b9
SHA51290a128e3fb6daaf2e531e9a282a15361e8a71de5e7af9a016d09ff8a6dd0a72ed7abb44ddabb3e261faef873211f13e363da597cffcb943c024f5092f792b9b0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt
Filesize77KB
MD5d8aa20026906edbf57eb658c53d8f87d
SHA18df342b06a0ba113a54c7902a0c96952cca3d796
SHA256365d18ef109086f4d293d0eb461e6481cc56544e7db698dc35e5f0f52c01889d
SHA5126c5de6cc5afdcbd5d554fee4451c4294af58bb6e757759e2a64d36d8ad4526562524177a8c4ecdb3672f831768be5b851843564273257aebf6e1129ffd8b7f16
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt
Filesize47KB
MD5a53c6ae8821c67645d15ea4c3a065900
SHA1bce16881692cea9c436dfbc5cc4fb83a241b5da9
SHA256b1744f466e5105e847e662a71071ff527316b076b9fe70a22ad9e5dbdae25581
SHA5123b7dd35fec573fa7a15aac4401e29cfaf4b28f4162f75d8856cab00a75c19122bfaeb89aa5cb5b68d2f07fc2f4ac621709329211f7db2b4e43ae6c9970cdfb57
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt
Filesize63KB
MD560877160467b1260269bd77067c237f0
SHA169df5f74e41f3510bc7d1180bbbee52bfbd8bf0a
SHA256448bf93d8cf09db50a91db1b1ea2e11603bf9c39c72fafdbebb581b81bc99e50
SHA5127bae371cb0b73eb7b6a5a94773d3568a5f0911f7e66ca6bc0f074e3fdd76199feef567175619a36b2a4fcef3978bc5f7f7bdc124cb69656db8b934ad7260a231
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt
Filesize74KB
MD5183640999eb03646e9f030e971aaad8e
SHA19c0bc4dffd1e4877af82d58827fdedd1e0b94d7b
SHA256b899237e134ce02e27bca025cc77c47b973d3976d84d27be715385a8b1ccac22
SHA512ea0f76f8c67c54fa482906e261f64927fda2ac200e5dab010622eff1663b1687eeef555ee5b5aa3044e033e2fbfcd67cef34c550ab138e7b7e42767c77b0bfd4
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5295313f16f8b9125b537d629a897f02a
SHA1889a860213cf04b4cf025b62a8d01e10f2bd56f4
SHA256151e956b7fe96ddf65903e588f8eec80778e12dd0220cf8ac6d50d609c88e200
SHA512d03541a6c8cec1f7c9425c5c05354bdcf14d5d853a7cdb6ce61a70c85413530d96827dd3cccf112d3cb763fa3ef0c4e29d4b897dc450bc75b0109cf52e6a199b
-
Filesize
21KB
MD5ec17c5805533d60ae26302a7ca4472dc
SHA1672d49cf7f8a8d17bab2c7bb3843b61cf3ab3914
SHA2567846039372c668fc8e5d17e0d87a59be001a49e1101a195e85f0f09793dc6f0e
SHA5127efa6e1bfdfa5b8ef80d4d25fc35eb63ec094194f5c467b21f7099f1962ec4f0d445be94c2ea87fa65b5daeced04f46b841f5088230ea52f1accf7ffd32ac7e7
-
Filesize
1KB
MD50fa9a4d0bc085144f9a88eb224d068ca
SHA16d43d7af25f915da2742d28e1bf2f66f77bbed81
SHA256dd4b8ef0e91032cea5910c95933ba15e6e6a27a62228b8e541bdaeb8fc48d929
SHA5120d7965949fe4778ceadd8ff2904a91f7e9fedfb939c65a68182f4d3e4a0a12a267f5011ef08b2c9e7b121d05d5edf0a51b286fc3163ef5538761cfc74dc8e3b6
-
Filesize
952B
MD57067c71ee6a5501050b4a8beba55ea85
SHA1f983c29bb7da592e8c1e45bd2a32ffccf8057046
SHA25681911719ea5af10a51f8e4635c97b855b376932471694ad9c72945e99d0b4319
SHA512d4f839c37995c6858234fbe8527dc774b096253acccf559af3fea213639437282def4e1ef919d578685f4c9b27d08f37b80b300050aa9672f066b0ba31ca5beb
-
Filesize
121B
MD5bc34737c11c980521c442d1bd40285cc
SHA12635cd64b7089badb9056f635ad4c4d0450b2b83
SHA256b66c35da313d816e01749d3ed100d834d91382b13aa7bc7344cd37e8f1bb1bdc
SHA512485395e73e612cef7561e45d8d5ec5795a18fee904907ac83abab8d961cf4a278675066e109870bc7582143811c8aefd703ee1eb65aab8930aec6a8fec9a38ff
-
Filesize
1KB
MD5eba0930a8f01bc8051b2cc1d95f2faf1
SHA1c0193b484275204b345ef8dff6d08596bba5b3dd
SHA2562231a4c31daf09d8e7da67e31ed065bf219809377ae405ed30c5ca2c3899d0d7
SHA51255be2b72a3dd9d21ff9297260c2b164e68b42ea6b9c5d20e3a66cd613d1919d41e60ebe843b13e023431e4c3d3be7ef0feeff57f68535ade5275b1541b653ee7
-
Filesize
8KB
MD53fa2e3d70411a9429e7c53a7a2c7888c
SHA1d737582acee9e9728cd12f06c873de5b22535abb
SHA2562ad55aa69cd32e6d23b7245eb03d099dd1cd9cbb7a0a519a9b2ad8f324c930fc
SHA51292885d4d77f50d05977aaaf357585baf8ef46677fc8b4f5f99677dbe7c2c28a356a7b3d3dea9fef03a45f69256bb7469d91de950f229dbd1f152e82e28403c2e
-
Filesize
61B
MD572046d9ce2b319185af8e439624582f6
SHA146fbb2926f66469ae85f39082fb46dc868dbedfb
SHA256fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd
SHA51217724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d
-
Filesize
914B
MD5a8c1468f5a6bc9ab128007647c088f49
SHA187a90d7b02e03c6aecce4602365c2e18128e126d
SHA2564f7510ebad30854bfa25ee8e1ea87549a38308c3684dea8f6b694482c9092a18
SHA5127d3e097babc64767e4945d48e67da400ed4f974f4cb475868f5b115e135ce8d231574fc125bff7a3ccf96022d9f30bdbb41a679ac7f7dd9990e4f345b33d76b0
-
Filesize
90B
MD50ab469236e16a2686b632da3f6d1d98a
SHA16456221c8435cbf609eb4ec13a7937f03d5c9f85
SHA25605f667dfaac396ae6cf8819120d05b1934cf1cfa2b616129bd677623616beae8
SHA5124c21a4c87d93187717d49f1d5a6050dcfb1a750f3204fd1130fa1f52bd643aa5c646f66d8a435fefe4397363f0199783ebfde77d0d05db399b54c44bd82e0b18
-
Filesize
90B
MD5723f8bba2ac33fa7b76fb84f68ec10f7
SHA14b9fccb04eaacaeb006485bd1533c4f609612495
SHA256848bb3191fbaf767959f7b5085d58b5a192e509a7b6af1e224d6f57e61495387
SHA51222ee5219e510b316c24a805e4dea1e45f37faf876b628a5234b702a6b821735b3f9d59fd758345ea7f7a90b3f5cb2d12f6fa616487a0249286d9dbb73890789e
-
Filesize
328B
MD594c6255fab4b37c3b3e0e515f02ca848
SHA12f05c00c9d80cfcd214ec9443a3b3b02e715b3ba
SHA256e0e9f46798dd1faa70cc21bfd54a21c3afefa2df6aab1370046eef0bc8c6847a
SHA512f004094b9d16d8ba55967c159b60087a81f5594a4a2c254e421043dffaa2d0f4e844033a8807df7184a7874cfc02fddf55efaeeacf231eb0c1f781a98d117c4b
-
Filesize
1KB
MD5a5a4816d7929ee2041b907861bf52dd6
SHA1e76a2b5b6efeaaff3d7bebe572698b48eb1f4468
SHA256f29318574b974e8ea535fc4dc0e52ed9ecbf2ea824f6eb4b1d5a378260c459b7
SHA512f495734e11cf2e03abc9a97906d3b5f6c108030b0b78d924a74323bd0e3d34d59d6ac62ef383f3d00a5b14a1d38b2ce59bebfc60064aa8fa4f2b6534cd1960d3
-
Filesize
162B
MD513dd0b58761be35411e1aede1e47b2e3
SHA12c14d7a9bd549a2b4e18731fd777fb98dd84a8f7
SHA256124fe7c1bbbfbc274fe6585216a2581a6731a7566f2edbda4482292d74a57108
SHA512e5bc59a6825c50554094921f15ef94d39e6d5f2f837942e8d38be739648b55874971948d0c93cd52f06d055cef74dc97f98dce7d8313c000459fac4c4c547e3f
-
Filesize
586B
MD52c33356c3db49a43b9b840d9f9f649a3
SHA1da9aadd4baeb0fcf4d230360045c4c5162804c65
SHA256282a26aa6c184d1cb4d3a09e7ceaac7845a400f4cf2507181d4e90f02f5aa057
SHA5129802b6835b81b64f357286dd2a4febc3921c1d563c5f027436d06e8b4c0bdc0bb3526f46c501fbd2b610d02c8b4611b7f47eccb229616e251275e618c67d3177
-
Filesize
124B
MD59ee0ade9d098e982ca318e636cfb7b19
SHA156ca43c2708908cee6262e8b22bdfab695cd5800
SHA256164dbf12dc2a66041f9cc87ab882f18d4de17c8e6bb6fc7cdd24dc8f941e04d9
SHA512390ca382ada2492b795281421ba096d6ddf773aa0f1bf754dabfd8757c1fa1b96e7426f55d9994a221565e13315008e3ad36c26077411e0960b011f4379ce5f5
-
Filesize
8KB
MD5a4f0d68922aff01bea1c3865451020dd
SHA1fd50a6d403fed0cbfe2878440af4e3d431e95b1e
SHA256561bd5b4c2c9879c4c05d99ea9f0c41fc42c120b08e879a1871d0da778376147
SHA51277f865ce4221b4a37439002c8a133c0a4c2e739d8b3cd5a374926bc4e03a85d7951e05ae2222f1e9d39a7c799dc8817f962060cb14ca11033b547dbca26b8178
-
Filesize
880B
MD5060c2540f71845811b1ec8bfa68bad0b
SHA1ffaaf75b9f945b7f682801c47bc395d1d3dff3c4
SHA256a6122f2f0c39d42fd77d0e3214d2327af11d81b4c7ac3d76716e20b6b7d59d0e
SHA512000da66eeb900cdedb417261e1b7fc5f300be7a4dc35141e3f470d03696c8416078de67538be71c88b2735cb41f4b72c5ab6a3dc1fd906267e4ff2957fbf4358
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5cd43f10f293437ed98b69feed71d30ef
SHA116c84001f49586daab1eb7042bf2c74755c77183
SHA2569c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91
SHA512fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD50bb6bc70fefb5d6ef27e28664b39b1dd
SHA1511f31e41e564f6220b8a332654010bc96c4d5eb
SHA256d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf
SHA51225362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df
-
Filesize
1KB
MD588bba452e19e5d46c741cd04c74c1ba8
SHA1c030bd0f0e6747131a3514e87c67f331393f1d2b
SHA256b80862ee9d914803cf9cc6cebbdb2a3ac04df5a46d53828fd00b6871691c7f07
SHA512eabeee8af41ec2e4598e3a140f305e252b7c12f62c68c5a04fbf1bb540d5fbcac2efe0b6dc6772d5adaa161bafc181b36c57a2d64677a0875aa748ed0b8c1efb
-
Filesize
1KB
MD596cbaff5380fc0d69a63a48a69d38be1
SHA1ea84654f35a913282f46a60feb2331b590b127d7
SHA256553e5fd351b6d8ab60d60eb7c1e50a6008ec3da2faefe7226a18edf06aaadb7f
SHA512fcce8bca4ec47d93efe0d2c7f0162d79ad864376ed7a30d43077b4dd6c627f0f3be39eeeeb50318592152c220b5dc1ee2911c9cbe0b73c95dbdceacc07cfe567
-
Filesize
1KB
MD577d951460237e559f8a50e6690cfaf19
SHA18cc19428846c1db35354d0781c19743c976b79f0
SHA256cba35e7ec46179bc799d19885b4a5fe609e748b29ea997ef60f79bb356e60d39
SHA51239149b01bbac1deecb717b2b29e73fbf0bd1dedc2ad3494d364383695868aed4e33dc0ce04a220e6cc55aaa68d84b3ee4e8f3eaef0619ee8a0735b39a3e78ef5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5eea5ad1c3ddf112925ec2779d75519ec
SHA19e6c320881c891f45326dac6d2b741964dd37f85
SHA256d88f607f2a9f8dfabb8967d82197cd8c471967b357a01508b591b03b6c5c89d4
SHA5129e9769c3b28f4c7d74b082ac8d43307f4b04fe7edcc91fbd4aadc12073c8caf7bc073b92c1acaddb2b43cdf94f44c45d643890f9951131dfaa7ce9b8d1c30016
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD559de8e91509d9fe63a3214b61db054b8
SHA1996f309e77149d26cfcf625f57f0eb7e28eeb343
SHA2567019d803841722b01cc9ff10976fa3b8c93dff6825bd082bef17360dc33bbe92
SHA51249644ac325306eb3fa293fd7a74fcdf444b93362fb13d29000994703c13b549fee861b9de46dfdc623e53fb3c34932a68d875e0714f928aebe0a0b9f4cb591ae
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD51b5db9072f4b0743fdaecf7b80defb91
SHA1643d518e4f985758b946eef087ce4a386067df70
SHA25687a3c6bb5fe01932b8bc88bad4aefe12c8d44588af7c8202db5bdf75e8b2b7d7
SHA512dc894cfef923818dc02486855dcc2efb0c2fe3e3b212a3c5b4d71023d415df20d09aa0015788f0c3981ce019e6ea2d03ddd169e6297bf5dfd9edaaec21b30d12
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5ed0cb0ec90f2fa4234abb731ec58a81e
SHA1c5a22596b43081e55f172b9d4837733c17f4bbc6
SHA256d72ea5995377a38bd67f96374eac81b6544e529673c66a65b7c8ae284a189d95
SHA5122db264406fff4278c71cc9f07fdb7dc05987edb9d24cc054ed49d59ee2c1653bf5b6f3cef6d8118c6ff1747ad633daa0d404189e1f3dcfb8a001aa38f0620fb5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5df16d9d033b25a06d9686d79a7521e9e
SHA1d2d3585c1e4e37560911005a9f5433b8856ec145
SHA2562e8977e0101da3cb9b5c27521007bdfff2656ca8378c7fc4f8d29ad1c53d888d
SHA512b33fc41e61015fb6fd1011b783e01a88c961447cd7923a74af3d6883fb495a09dedb35203f4d0858791b5d09111ab3375f2b645d4fd52aaaf7380def2ae1f734
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD52c3ab41785ac1ac5a83cd0575b6884fc
SHA10bc7c5098dd32dd74e7e755dbef31aaaa5d3e3e2
SHA256003523c4b3af3ea447554f3e9d8436c99d596f8ab72479e329f0739344460aef
SHA5126f3b23536abdae73542720c83de1429d6f1d7b0155ce81f1828705131a1b724a22a792e3555b47a21582a983232c43693f50a2994565b1fb585b5f500678912c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5ea6868683dce2ddaf642037af7914a4b
SHA16d76396cd098b53bc95e4a7c1c3c8a9d66991402
SHA2562f85ece69ac1a70e9597ba0260695828b965aee771aae8c37f5eee6c0f84e298
SHA512a631b31f3faf463168caa0aaac5110999beda57cc996d11dedbf62869506857be9ce70458bceaa7ae1f07d198baff3cf608a14e5b7daedb64e0f267898e2bbb9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD53aa3efac117c14b436b3c17cab9ce8a4
SHA146955db8c4e070fffe04ea0b830d871c686bf6bc
SHA256bcb2eba93aa61ff9d36f893ad13edb98ac9978f040f2fd3442bc02e36216d898
SHA512a9aab19a273e7cd5989e335ab0b4bc74d85b6d11d9921d177999d94d6531da526d8469b8ddb46f7ced8a00b4b247fbf0c5c9aee366bc86c9788d81d6e42c2445
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD5015ff9f70a3bac803b5b97159ceecbf7
SHA1d1013706505df4668fe8a08fa72bf6512edca02e
SHA256d2c5fe841adc30934ec99559a8e44c7cefd6282345279781d7d179dda83d9f75
SHA512bc71697b13f6c85323a2ebd3acea07046e7a3b24abdf42760ea0e6f6853afb3c93c0fdcadffcaecdfc6630dd869b8ad5cb81e2c9a83d4b13f556cdd9c08f2cd7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD56e9c58de2eb228847b5f4f81e859df6f
SHA1d7be6c560cb3cda211aa9c89b502169de7abdedb
SHA256443a3b3a4372ca3732c1c5b608d8c7c6c2077161c043ff972174db408c8ffb4d
SHA512e697630373c1ea23d55916e3df682f2e496edf40d838572e7aa532c97590fa95a1f7619d7281a24cdf6c045f5fdf6160c431874dfe43d20f052aa40a95b26869
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5f1acc58be31de9f3bb14f2db8ef14b24
SHA12d77a91496b28c8bfa50676019d54f690a08b08a
SHA256bfe618c7daf74e11d0f84913ac519c33cb7591b8ad92dbc3f1e224f49e0dbb9e
SHA512de10f557e13e1ef4747b5ac2d86bd9f90ee4251432a006a317a640ef69e6595fa1558a780005fb266173d01c41defb3b141323ff6c0dbdeee5afcebff6d2bd24
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD558a33f3cf92b4acf9f93eb9263921c01
SHA1dc6c36d9638d151539714de04254ac6a49b34324
SHA2562bccfd31e3f792c37321b3653c8a3fbfeb4c939821976ea6dd6cfc0ab15ca2b1
SHA512fb6a5e6daa16dfc137b6b30449fa4f09157ce60be50502c46a7935040059dcbe9fd29b37a1fd95a2c8811eaca939c8be26ebe0b4032ecd1ff1b1801014105768
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD5fc8696362da0c7f3e66592eeee3284ff
SHA1277dcc17b66d97c079691104edd8e5360c93c68e
SHA2560b553cdcb47993bac2ed0fde1652a418ffd483b4ab0946ae0245ec843b99baa2
SHA5126315dc5690aa8684ec8f4f9d1414df318a9db22900358894845f10a55066f412610f525f80b477a60c19c863961573174d93dc6b3e41ab013bf1dbfc62cb5868
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5437ba090fdddb8131049076a51cda558
SHA1ef5c07ec5b75c7c4641567b8cf03d198eb8162a4
SHA25679a0ff455086673b9f20bf9a5bdb78f477013ec20802e94e71f3cf1b57663773
SHA512cc78bd3a732eb158ba416ee5cd28b2509fa3281884abf1b657242347611d28f8a004c8d9ea9356ae7535790040338f085e63f3aaf53dae32f2a4c5c92d60dd9b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD5730cf2fe9e041b9106db66c681a8d778
SHA1137e34aa8c37ae7577bffade6b27057e45aba0d5
SHA25690017143560d0443e2c0db690dab169dce763a644531c3c02596d4c8569f017d
SHA51258a88be3ffd982bae7ae23aaa68104f871a9e8c05e3a1a0ff17b072256f5dcdbbeacd3fee0b10091c23dfc8f74eae0e476f6a38f3a77ba0d5de4e34d4c2cdcf3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD52cf6a23a63cbb944aaaf25001a3b41b9
SHA15a7525cb4825b37e5d3658eea3d575ffa962faf3
SHA2565b0145f4ad7c1303be46bd79f06917935b2453b368f8a5f5bfe5c91842384110
SHA512633ef27ed6324a528a62d2c9ec632f962813c63b6d64e074b91ea4690eb5b068ceb554611642f095e30284d6ec0a54396cde379e6df00518a82270f877e8be4d
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD5333967fa0c6a25e38422df33e677cab5
SHA131ef5683557b2b436ffd796bbcafe885a08fe789
SHA256338011f70a04c52492db772e0af91d1e3c7e8c729461062e29c131ae2c651277
SHA512507c8c39a3347fcf53295bb06a73197e59dc4c113ccde90ecc7eb32d5d3f1e693ea0dd468d216d8ea73423cbbbc41a41ff2b8b9eabf53f6ab1827446176cc089
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD53a7456cd097e6cc2144a7b35450f447d
SHA1b5a6ee9ec3ee8f3d51d99a86e9893c0ab767dd37
SHA25668b7fc2f022095fa1e16578ea388d26d44d41fd508205f595245198b60185657
SHA5129f3ef81263f5cd97cbbb0545bdaf9b6316f3d74775e9cb755bb1e578f762ae2d0d0beff0a8875e145cca168c15b6dc3b6d46f863c3413607cf6db06e7670d8ea
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD5efca7658b5e1443c22c301c08a2d3f20
SHA1a3a8dc612ca93f6f3677d0ddb29c9f95dc8bc463
SHA256e3a2dca95e3819d592c8734e0fb7ee82dabf123e11ff2914e165ef4596b87340
SHA51268b547c4c74dd1f35c0f93e0d6a4f1c5dc6872fc483a49465ef472f67460c4d120eda6344ccec3b6b4501310ae495998dc3ba3992781d0e663de89cf2375d4d6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD51cb21dbac6d5bc6423361286f4a4c99b
SHA1bdf85fc80b3c6e29a4ca21ae26d86719dba04757
SHA256218a09adcca437a13098322feafb586a1c2a17d80e68aad0eac0869b9099c7a9
SHA512a6cd48b24a3ae46db9852769219e77f72964cb130dd44ee06bbabb4e2c24d2b27057185195df7b3df4212f3a91dd0b2b2f3d409e96b52af1895cec395f329738
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD509d76490de0381336c50cbcd6d1e0197
SHA1207a9b8b67b7c6f7668264730b6b34240c0fd6b8
SHA25623d19fe5a9761c8534fa57f343fa24f8d72c41fdd66e26a1e6288e8898ff8bc1
SHA5128601aaef6498fa0ff83837b4a7437791066a4140f959f23839584dda3db28b10cb1e98831148627c90a014c1df045b8b9c9d1d5b0b51b470b959c35dc9d4bceb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5ccf8c36fa60984ded0feb9cba264bfd3
SHA151921f8b9eecfbc8b738afc35337fa8d36302332
SHA256ff3c2e140f1efa62ae2fa994e7b09372186aed5174d00b0523ce5393f397ade3
SHA512765aa3779c1a629aec106363c9314d3b2ecfef0d2a5469aed8041e55e577b600481feb8c80cb0007c98e07567ca70000ed89b44f3e9f8d63e1ffdfb3c4c6e6c7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD51a5c5ce1fe5500b2c828be9e92900c2a
SHA1b571facefb4e5310e8748c4416501f12160a157f
SHA256565c5075e409b15f4fe84908cdd09b4b87f8fcd8ae19b85341aa7743919f1384
SHA5127c4651adca785ed59f572543740d31f48fd8e7da93dcb091912ec78d84320a5a860dfbbd22e15339e61cc26a6410a7e139f09c94492ca7becbc5409f230d415b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5d3a12fa6dab7724575ea0987d9a66be3
SHA1bdcc94a1999a4fe518784e24854de8ec2e456dc9
SHA2561369c4d9ecc48fce0db8916c7bed1e381d098eacd687bfda6a573af79e517a81
SHA51208bef1fffaa52e980a2c91bb7f1af108002e74de1136913d69c1e028b045a4b98434e2b26a0542ce2571279cc0af67cdaba45642bff7df64ec1e6497b4e4e406
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD53d5c8bf4bd080362942484088a3afc71
SHA17b06706dac4d744fe8acda02297645982bf2df3f
SHA25613f42ef91f42f6ac0eda1f78a60353946910c10589aadb42c5767745c032060c
SHA51274b831a972805b1dbfe25427d1c288083d74c953804773abf03d5f9d44186018a7edbaf52e10dea3a728bb0e1854f1f3f3ca27afcd88e0d6b42cb3f502c401ba
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5b2d9998fe01f19c62ed4e84b111e35c0
SHA1328de7c8b1c1ae8cbfebbf3616c8a9d87b9a08b4
SHA256df2ed1edcff6385498a2c49a988016efbab121585e13dcafbe2352fd288342b1
SHA5124b95d7472227ecc9ed6ecffda19309794096fb98ef680122f9e0486ac58cf8b811df9a98ed7c06b219c2fbe49790ef3f1c00763c7c3ecccf22ab6197a36c8deb
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5be6ea772089a22ed13d839065e8411da
SHA198ac37fd28d938d508a39b8d8c10e569571c97fa
SHA256950e054c93ba92b934dbad2dcabdb920f537202f904d2eed3057ad5ed289768a
SHA51272df1cfc9694a5cad6642afd338cdca557a168ab6ee43ad3ef9377204020a1de19d4cd2c2b591b07d904b7d04e16b52ffdf75c6d0e21242922ac9848bcf7a9a6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD509b2cc9a00da4f4046a4f9dd63de6d3e
SHA145c64e94ac34e278a696bff657b5660d305fdde0
SHA2567d03ff32fbb75fd59955d817e54f3245602792f72f116470498a32ac8121ab0f
SHA5129df0be7d6d66d6931ef738ee660bfc2db28b6d2a4c3ec54b40e43596f4f30d94cfa4346c6c429d00a72613727cd4bdc317dd28b276e416d39a58fb3c0c350df8
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5a78191f29cdb2ea859d4b0eea3d6471a
SHA1e527b9763151c102772b8348338a92a52677271f
SHA2568c0602ea6d27d29aeb42cd9808465a98f8e4bdabe2f3ad5ab3311f21ce476162
SHA51225d074b1775d97a175c100b3ee3e0134be04e140109b8cd7924e7ad4ac049742b3140c66d2fd856d4672e1ef27f29d74ec244d596d0cd40bb96d38f6ce4bcb17
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5549722115b74be15db372f8b3e72f1e2
SHA14b51e8e0dc2d2dc71f694ba0576cd4a9b968821b
SHA2565884daf9af67cb4013ca3df781a8a13270b2bfa794a94ebf0cd56add222d89cf
SHA512c4d4cd77edea7c3b6fc021702533706c11cfe42e95a1b47d0c5170937d9fb5385aa30c79196115c47b0d477b11398d3badc2d301ac6a4c4a8af1d4f5d773f60e
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD580339fd7a0ebb18fd9d224c477c085ec
SHA1fdb9d11f9e4c3509c47e861b31a6b13e1c34d56a
SHA2562752fb2fb143990ca5f927368ea7285ac34333a7c37e897975c733635e71849a
SHA512a107b0ae552d61d92a1eac88a5d9a06f1978a1b2d598691f2cf5863974c93ce42a333a06cc9c42d3d1607f0cc4764ce30821e1960bb45c49dd331a22800d7d93
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5e3c8b22af5203623358c57524a78ce0f
SHA18f46b74ffe9bc3da13b78eaf354974abe886168c
SHA25604379a54d66a13a47e6c5e1e3b11d5470fc3bc93cd0f4162ef98c8435cd8537a
SHA51284aff6f5cd79910acb39904cd502a52baa101a09fca69e066706dc40a3001c37c1ae1a0adea0d67b5edc9425b41fc14af5f4387932d72ea3f9a6dc80f55affe3
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5ee378793a43dc6de677f8cd3796dc482
SHA130ee6021ad5333f13630b2f0dbf6f13ce4f1c4c0
SHA2560fc2a9e8ac4dd7152279fab8e852815417b4a64f6eb409127068077f1fad4f56
SHA512a0fbac121093012621ff7ecae57a8ea0f2d0b3de6d24e50939ac41b4ad222820d6033c6f455f809da2a744c17d564048b2722f9d3944382ec63a88c9c5e76c5b