Analysis
-
max time kernel
92s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2024 05:23
Behavioral task
behavioral1
Sample
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
-
Size
17KB
-
MD5
a62334b80eeebe5073f3dab446f27870
-
SHA1
5788c9db1d4abb9e36ed87e178fcf7da84f00aab
-
SHA256
370a1ff7670051900c30da978d6fa4817503ba83bdec99856934af91370096ef
-
SHA512
789459d2851d8e4c9b646f91e233c2859de30f3f6f30f440ae59bc74800efb482b2bb47d9800eb3f9c9cefc714633cf167198c1a4732886124b7a77948e42335
-
SSDEEP
384:yebFNw4Pk1itKkpAjjI2YpdmvgqSNrPLv:y0FmBkpKjPYpZ
Malware Config
Signatures
-
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmmc288.inf_amd64_3e3f05a8a446e75f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ba5b77b7d46bc10d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_holographic.inf_amd64_6ab9629b23deb837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmdsi.inf_amd64_0b96cc4cfeb2cbf8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mlx4_bus.inf_amd64_4c426f3bebc68844\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\xml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\sv-SE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\DefaultAccountTile.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\170.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-400.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-unplated.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-125.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-fullcolor.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-150.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-100.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker32.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-150.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-100.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\logo.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\music_offline_demo_page1.jpg a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-150.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-400.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-250.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-unplated_contrast-black_devicefamily-colorfulunplated.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vreg\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-48.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-125_contrast-black.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-150.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_contrast-black.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlInnerCircle.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-100.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-tpm-tasks.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_56b9c81520f855f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_net8185.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2f44da07307faaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-msc_31bf3856ad364e35_10.0.19041.1_none_e5e2af57be7da553\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devicecenter.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a2b1dc0d433b380\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..lineid-wamextension_31bf3856ad364e35_10.0.19041.1151_none_7f3073a2e8d33842\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ice-winrt.resources_31bf3856ad364e35_10.0.19041.1_de-de_e5f7db65ea946710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..levance-queryclient_31bf3856ad364e35_10.0.19041.1_none_6ca9c19f281f40e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_mdmusrk1.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_6eef9270869f539d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..vices-dsrole-server_31bf3856ad364e35_10.0.19041.1151_none_9d662f191fa1248b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\PresentationCore.Resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\INF\MSDTC\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershell.isecommon.resources_31bf3856ad364e35_10.0.19041.1_es-es_b2055aea1fc7a6c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_517fba6041b2f716\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_c_fsencryption.inf_31bf3856ad364e35_10.0.19041.1_none_9386dc7cee51e04f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_6d8093807c1fda3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_10.0.19041.1_es-es_f2081f188b33554f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_644333f2ee8db8e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4a25d532171ba14d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_gen.htm a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-200.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-logginglibraries_31bf3856ad364e35_10.0.19041.746_none_f529c07d28ecf28b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\DropAccept.scale-100.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-tree-classextension_31bf3856ad364e35_10.0.19041.1_none_9b50abf379e00821\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.264_none_f62481abb9c79874\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_presentationcore_31bf3856ad364e35_10.0.19041.1_none_0603843f76f45ec1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_es-es_0f2982f466a2581f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-packagestateroaming_31bf3856ad364e35_10.0.19041.746_none_f54f3e2f30856475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_10.0.19041.1_none_d0ae8d599de7f858\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\f12host.html a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_06e805eeefb0ed01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1202_none_4714a8b784b340e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.jscript.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_7aea1d97c71ca2e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-security-webauthui_31bf3856ad364e35_10.0.19041.1_none_b00cf2a030ce503f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_hyperv-vmserial_31bf3856ad364e35_10.0.19041.928_none_78249a563018069c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nese-core-essential_31bf3856ad364e35_10.0.19041.1_none_5fb83c6969e4c59f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-devicesetupui_31bf3856ad364e35_10.0.19041.746_none_5dc0902efdb43877\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8335c7a6cac9c2a3a77da9f4a1817282\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_xboxgipsynthetic.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9a2171d279b6ba57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-white.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cognition.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3652aa0ab88f8917\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-edp-task_31bf3856ad364e35_10.0.19041.1023_none_67d9ae9ccb89c9b7\@bitlockertoastimage.png a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..r-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_161dddb99aa1cc43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-application..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_es-es_9ee5461cc22d6dbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_10.0.19041.1_de-de_8e98f02cd3feecbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_de-de_763add5a14af095e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-printing-platform_31bf3856ad364e35_10.0.19041.1_none_5ea144b16134be06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-s..gstack-boot-onecore_31bf3856ad364e35_10.0.19041.1_none_af9995d1577b1d00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_it_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.19041.1202_none_b918e36ffc7a6ffe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_d0560aa6c0f64b1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sysprep-spwinsat_31bf3856ad364e35_10.0.19041.1_none_09258e851ce03cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-desktop_31bf3856ad364e35_10.0.19041.906_none_b28f9b85117c14ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc_31bf3856ad364e35_10.0.19041.746_none_4fa3449a65de1c39\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1288_none_82b5dd00dbb53a5c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_0e10cf5e5c993166\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_urschipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_de4d5278d0b2ddaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.0.19041.1_it-it_4c775ab7a368ad07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_10.0.19041.1_none_bcb77cf92a5ac777\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ces-targetedcontent_31bf3856ad364e35_10.0.19041.264_none_57086cfb3caa2cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.964_lt-lt_15f508d8d9b8a291\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_c_1394.inf_31bf3856ad364e35_10.0.19041.1_none_6118cd98bdc15ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_mdmvv.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_78073d4d410a0cf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crypted\ = "GJVLRFLRZEUFSIX" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\ = "CRYPTED!" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KZVTF7jR4O0SAj0.exe,0" a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\GJVLRFLRZEUFSIX\shell a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a62334b80eeebe5073f3dab446f27870_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD54a337021db9f3f18a85171095a86a216
SHA17e097ab6dfa189e3035cdfce446855d8b55897f2
SHA2564b6d51ba442e1d031d6336beb0a91200323327c8b980d547105d3421b48f9d71
SHA512e15b37ae36b4cd2927ef66ba3d363dce68e37775f0d5854aec5adf963c2136e88823d1c19242be07cae5c1603b747eb0c4ede151352437e2234cf8ddddce0faf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD58ce7d9faed34c10553d84d97a5c72017
SHA1fd45f65710febf7cf2599216f8c61a79138b7ee3
SHA256e140904fb2e74564d98c882ff77655b966da86823a4233516ec417514f24afbd
SHA512ded38791b73d42cf0a6e69cfa3187efcecd08d73a9cfda014a645fe418c6ef1214cbef531e16951be974a376fea55d5d47db307e0d742c5a0e4aba0d0c0c3fb2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD5c3266a99993b01c5288acef9e29f255b
SHA1caf5298869ef9c7b9e94afa4cd65112348507f52
SHA25637adb540e81577b681fe8cc5fa0cf87624e45e3e2058c885e4c3b77a28c003e6
SHA5123b3fea25fdc633a4558e3716590a658f6ca0fb6f9abefb587083bb02ff98e19b13158109991426ec9e094c240ecd306b5b4b17efdfe58fca3cabedaf9c04c8b2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5605a4acd96fc40977e06bce7e591c68f
SHA14af04d9c98e07af758f461b7b95503c34c22af6e
SHA2560d863288c8ee7073a1a4df8a996f5ce0b4c45f839f6b82e26588b7b27dc72377
SHA512c97d04e03e39598bcc52d84b077042eb8b3e097fe275708424503c06c6f5d99ef570957ccc97673946944c74dc017fc3278529a0e2b71c049b22b874ef1234f7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5edec33c39a54f41f4d2f9e05e0644616
SHA198b0abe3b83c6b834d2f821dee8dc4e201a06ea1
SHA2569b0b1a0e6e08b24c674c9831ef243818e19ab1bee786e47e1b924624d7efc6fc
SHA512546bfb886d68b979ef5c49ec0b4cbbf2881d294d6ff066c329d8be56df73853588e464e8fae2a9858db8fc303b6e18158d1faeebdf6a7ec7d4506e5f1801a4b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD568a63563b648d442f97cb3baa945491b
SHA1af8dd6a50157ed8f872471365e9de18aac05cb4b
SHA256a69568ad266d2c0a04bd109905886952939cfdb420a69fe5c39117d97ff65147
SHA512130ca76371da73b7c32063560f28b7d69727580e806b1415c01e51b35ac6008e697f9ce8627da4363c2539e975369bc4f92c735e506586aa0dd7958de6b2b4fb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD516ff2e6f61f31b8754b88dbb604690db
SHA1d7d20290dc70022dd5c264e7aa2237cae7c93089
SHA256b9bfa265a3a61b736fba79db2603399ade83d0521f5875f8d2cfb4412c3f1fcd
SHA51228e10c6657bab54fc244b8b3ae838495dc7e57650c76a5712026461a5ea9d4580ca009343e8aaeee4e529368783cf41ad79b808ad82e290ad06e5041f6253dbd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD59a5d13a7c13df35f919e9ff4fec5aa95
SHA1e521441b83df549f1bdfc5800af81bf72401e64a
SHA25612230e477fb14efd5b0329a3da2a6d7f3ad104c6751c6a8ce01f424decaa6a2e
SHA51218d34ebfd48dbbe38c91ba712a44d61ee58fa1c42c2f7cd08b1d0baba66b0f937bc08c6e7b06e6c2b1ba758fb9604ba96554d1abcad14aa9e7c66568e31995d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD56854fddad99a69feb571f63ee7e759d3
SHA13d02fd1560ed920374f1b698f8c8f54e63f2f281
SHA256764be99d8ba8e34efbe1a7da8b5c939938ad003a5ba198b2e39fb3862c533060
SHA5122b05b1898e75a55e9e660517571b16b90e9feaaa7c3806c584b7de07d0b727e42d5b16bd07a529402c46cf2de745fa7d5463b8a8a1d0c61c6154f5b516b9b7ff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD51e26d586dc4f8ac26a8bfe3889bd7035
SHA103556dc8e20ab06a7e4507933708285f4a5824a5
SHA2569e6c26825c4f5a45c5650b21f1f47b4df41ad0322acc39680b76d057e17c7613
SHA51215ccdbb5fb93911a5138d236c55127f2c2d316e0090fa5bc6f523fddfb1e4094beb7bf6752720960475cd699300644d2ea1062a35c926167ad6c9b9a20dd08e0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD55d5a72c980428a33eb4adcf6ffaa59f4
SHA17de4bf8256177e726989bf3856ba3ad166ea6cad
SHA256505b7b99ad74e23f522550aa3160cd378b049c9adcc56a57ea3809f72717c169
SHA512382cff41605c4238992be3789feab68e8ade784c36dab85e8f48bb977b56f56cdf35c700b8679048ef98155d263afa231f94138b04455a597c58c2b02a5592bf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD52ce9e581483649a5d7afc01b24a92459
SHA1e83d360361a19cb19428e0e0aefaf4183ce2c764
SHA25630933b5ea8982c2da1901589eb2e43d24cceee0bdcdbd62e2703f3053d586544
SHA512b133f639faec0851c15b04ffaa74b467b79b04fa7fd421442330315a3b700060b2ca5326dd792880164c5542d3b06c91637f8dd317ab64cdbb77b4f7228c8bce
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5171e89c2655595e5d8a96f093b32f3a1
SHA171b23741b488b3961529f19177f95d81532d9d04
SHA256b3d4584f45590be70deedcc8f08a0c8b23badb0d184f487f68055021b7e455d7
SHA512bb54d7fa9740634fadaa079b6997c55875907dfe257a4a99d31021e1e8916b6a928cbb242ad532e38b901c80c109bfa24af2729aeda6e556a70202e3c4516043
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD57177d4bf34ff41b0d49c68a116d233ca
SHA1f7ce980f33b38650bf7f4e18c4297fefc267d2bd
SHA2567c6eee7ed60f28ac180cba64244a74ce70a00f042279451e3c287aaa94c56baa
SHA5124458d72fb6af49608a045519d12f3cfc15d8933195817b7cabcb5c5fa252f6539311fcf15fcd9d49f0c455157170b0e0d6ef4b0d2af8cbde1144480f28ce3d5f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD52c982d2ec50e11cf50c2d36d497645b6
SHA1b907824e43508b901c0979a349e397fef27439c7
SHA256650fe0cdc9dea62dab16a9d50432bd7cf86a0cdb3d450b21546d4a3364ce7343
SHA5121dffaa0259d937280a6fbcacbdcde76ff87b81900c55c674f84156e85f61d9fe8b4be783e7527a1442fccf285e76c75e7488107a8d0ff37568a91aeb42ccdb50
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5affe88b47a952b2c8c48b6316a2b3214
SHA151b92e88449946f68e35cc2c00cbbe0c1703b08b
SHA2562f1fa50c3248ee204022ae407ec1e67853969e840053e01620ef1656fe317732
SHA512e98e6475f7fc2fb2a8616e390aa188ae9b78cd0f85265581ef81f94e17d6619f0248877d664efa8decff6a2b777344f7bbc75f9675d2bf327bf44817ee6046a9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD595f3b07afaf54a031b2bb1a6f9169278
SHA174937e288520d0201fcd5b399d60ebd93067ce01
SHA256994f2abe9fb35568588b269d8f06d9f01e53676a9b8b05181547a0f1f4625276
SHA5122c71124b4080206b52a6ae1d087c42d2195708dc8c72e1b43303703fd0cbf93a807a3ab7a691810c19b83a3683f66b9fd1a5f53d1a1f205fc3853e269c0261c0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD58c5a63520ebd09dc7898cc5eabad16d5
SHA163f578745f34155afbe54ecfb488b68d42108647
SHA25618ae756264d87260e14a137afe5eb762e6ea282e779dde6816d20b6c4709b60f
SHA5121547fc93bbee7a64ba5c8deb56cf61adf7c875bf91f45b923208679f923ba321f9bd37eac9068df98aa5222c92a086920989323523c1c0c4f7816acac0128416
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD54f869b0ae2e07f0e2ddec68adbf66a50
SHA186ef11fd8a170720304c65933c3b1d3616b2b55f
SHA2561d2a41928c6a1533d7d419f70d9c8fc85286bb04a7e29f80b2a38d92e00534aa
SHA512b07d85b8cbde930761f24896ba7721deb7701876f32b4d04ef18ab7cb1ff2658374f709c20aa403c66bada0423a58b7e5b249b4dbe64527a6b18084a5e04041c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5ac25ae6fcf6b98062a73423d3c369da4
SHA1e6cbe115c6c41f38aa3d8d326b51bf52fc8018c8
SHA25674a84cf435848559c42272a01beffeafd16c35c8f57ff7956358c7e1476f689a
SHA512dce0043f595ca9f285bce5609e520be17d31f2835c75a69b242adf55264a4118c8c957236e24cb65eeafb489dacdaec2db81056e2974cf824cd2611964af5180
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5d0840367d0d52e6d5dffbd69d8866e24
SHA1b56c637f5c94fdfcc7d950d3432b3795f8a494f8
SHA25648e212d224d1db4695d9334f437258998defb7be0005d832541bb4aadaae0f13
SHA5125c3f021dd69f637b97bdf38e47d4f6e90a8eea9029c0e500210f1fcf37e78722e5c4454bc61505f8dd7db3ea4ccf205737f0242e5ea9aeca1993568215ab4eca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD52045666f7d8287e6d12a7d2ef9ca4691
SHA11ec3c1dc76958dfe135699d39301ba4798111986
SHA256021274613001abd02e216fa0a00a54a2fe7d03a8ad8ad8bbaeadcd4eb7f73a46
SHA5128fc91be8e0d1765fd1767d3ec7a69c0b87eaa20fa883d6978b87f62172afc2ae3358d0df33f683f0d3c2473430fa47f1bf0a66dc2ef0dd2547bf70cf35fa3480
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5112f9babeb34a81bf4c2c26d23f24b33
SHA1dffd7fe72c437d9d0775fd712c1f6edc1ab39b2f
SHA2562c017792805917de60a6609c47022a0833495e2e13c270eded9fffdceb8b8bc2
SHA5128041e14c4f2f4046e6c4d131bff8c113eace361ee2cdafcf1a22b2540493c265dbef9613a40ca6e69f918b061f05a1ed85d967586b63c3201868ed47bd4a696e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5d6d6bad4fe945300865104e15e4e88a8
SHA17b9b6858fab2c7cbadd3b68e0812fb135fe887e7
SHA25639ca5c60d9d0e80de7cfc54ea8d86835f882c3bee9e8a071ece658884eb83657
SHA51202e1d760c1ef5f9c7108bd51a1dd21667ecb0032595d81886f2e78fad55df8883f84af41859a1edb8d9a05d3deb711a99cf4abaa2f4f86f6bd335d59a50edeed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5cf307ba502245432721ac0ee16d7c7d4
SHA1a0d3f8d034866890aca943879ee3577269c04107
SHA256e11988696f7101f583cf0d0e4725969eaa63542476ce0db6d60aafff5f077af7
SHA5126b9b9c8c31f77fdfd0c9ed79e3a479b2a68086c73fde0def54fca0406726a2b94fe8e8cf450a50bd3957657bf4c270aa21765ddd39ab540e8271dfda4d11f66e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5522c926e50cb1dc81acbf5b46ad95633
SHA1525f48048179f1efa2261f66d0941a95f16eaeae
SHA256ec317e509a003e2af56b78694a8c2987bdd2f880c9388d6ce872ae6157316c7f
SHA51217e6402d6408f9358ded5b2650611ae6141da438fa33807f459f6a3ac34deb64740c5bf654e052f0296dbd376c1f4e9379f92d798aa477e602f5bcdceb865ca3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5910f777027fb28dc10911c0eb77d3f29
SHA1d80f3f589a86ba0d7d739c8f76e04c84528bb177
SHA25678e63b91c25efaf652dc719842a03f14e4c381c599f56f9e6a88e361789a4097
SHA5128c3d497ca6a4d558cfb0855d180c0438e1be5a07fe0b89afd7f21b2088fce8b69b13d53a1d90d8df53501d36e68ad3fc31a6b056d0ed5652410be2fc44a89d29
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD57b4b837a5dcd38180c775911e933991a
SHA1b5c08b0fa76697153e4231d58f8178475b241421
SHA25608f9a6b59886c79a97466987427513dc98c9caffcbe2d8a9924aacbf5b3ab91e
SHA512b75a310372778a5f560e72a795a72d3af4722f0c6b71a1bfe44928309a74b7c6bd60f36d4fc8028fde603a7a6d237117e37f346b675aecff05c65b50e083a428
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5e2e47e0b70e232604438bda660e57381
SHA11492431fd4b31b99b69f08a2dc4bfa5a91d70b8e
SHA2564e49bb1230a2e17b89055f5a86db86d0f699df48b4904d871db48d4392903dc3
SHA51290fae09130f2e1d3477ce5c9c4b915de7470e4af90b0913f2c56bd33d61521ea16092d0cb09c237c5284d362f430ecb2926b8435fc37be6dfdbdbabf5d4ebaf0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5d82bf07c40cd6baaf0957196cc1a713e
SHA13e5e5eebc8e8b03e062cfcde3558e3047cd66e1a
SHA25691f0a296b64987187551fef1e1aff496bcf0b103c2f18912040a14a8d890ff20
SHA5122b390dd907937ff8531a34f78771d04032c949156b94ec897bf28ecfaba443bfb867c669a1fd566cb6ddb49c1ab64094edb62437a3cb95792bda06639e7d6d63
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5c6d2d62869c8e8241062094e86b104d7
SHA17365fa124efbf5430d9bcc0aee4dad1c1ca22ccc
SHA2569656e7c5bede7150d97ac3af19fe592329d33dc0a0df0439ea45e38230edbdde
SHA5127b4d64edd7d29552fc7a28145b7304df0de891929a07180919c6553dd691804386de90f49a22d86606a4dd756b64082113e8bf149738dd838a7f832fd367ce3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD52911e54713b05320e541ecec010f88fc
SHA1a951c83137cccaefcd515d21661b10a005c6871f
SHA256175274ff43c0b6b9ef34fd3983ae2c6c67274500a0a3c748fd961d8c4ba2403e
SHA5124f96ae1a530b61fd71263562ba70a90a5ca94a7ba6743fbdd3eb28a6286b930cc4e490cbbeb04266a7695263fa5647b6abe67f9549bdd04b7abc5eccfe25dc83
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5c13fb31f56d4736d4d775af3721a1edd
SHA1ab94620b8a13f1b1a76db936666f71feeebdb8a9
SHA25683405b8e2b409624469dc99ee4821ae49fb0648cf1c066548a055bb9466d9baa
SHA512710b4cd85639a6960aa991d741465b763c6b598d17f4b54e0453f26c09ab8731b3f681362b2350dfe40aedb077f0a04808a0fcd185b8b7dc8b7831c8228cad47
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5358e43a0b238f40a0dd07c9553bae3b0
SHA1aeb3c3afef3d2746a9b17b6318e6f874ab002de3
SHA2562a056518dd8cdb91312dd53d66ddad753ea6c8ea9b3de4f95f44621d8e1e2ea9
SHA512de72315a1696ebc86222acd879296dfbf7376ccf291fb9ae05848a1ee5fd852d16d82fe138dcd96d264e5d6d805958c6d67b7e017cca05de222622b6b5a8e3d5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5bee344a8c374dbaa8db36da971e27b56
SHA11979b2b9f6e811ef43558cd3f28ca2874ffb2cb4
SHA256fd2b25b87a48b736dd45e710725026c8d6d977f50bc7778c4b9f912111dc4cea
SHA5124b8538034826166d87a040bcb4afe97e5a619eee33ef858df2d4ca4a8e4d9a18263c18ce25af4bff10934fc6049b75419f37929f9e5c4f90b1fd78fa9080a8fd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD5237eb3d56a88fdd82b29362f44b984ca
SHA1b8fae891419d44a487a358fd768d4ed3be6f9501
SHA256a805b22f3f19a062f890ee426dd69e3b277a9e1433b86f3677fe96e055d0cb47
SHA512657d7bb17a7639f2c13a66a5c061266b9dc9878cb0e4b6d197131318df3b7cd945c5c708c45412c0e5095d252101a119e80967fae020b9789de23b33ef2a57a5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD57992232f848714f0dbae3e9a87beadc4
SHA198ca3e0946ee3cbad97579bf5fc4d30fa2fda9b8
SHA256b58e427413dee83ac614e3d47577657f29b6eb2b463cddd0a7ad26397522effd
SHA51297030cbd1b35de464f72ff99cfd4e0781a699477754d82f1b095b9b16a5f2de10f4c2bb5e427868a084e0c0b745c581f627f2105414f889560d62fb858f3df1a
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5f567b23d441ad68d02754f7432d4d613
SHA1e7970176ba4de4383a1e6fd18c7bbfd5bcb596cc
SHA256bad5cb61a9e4e3aba9b07a895a2ec747b05e2647e9590510071c2fddf3f3053b
SHA512978f1841c8e08f01517fdc276d22fdf0055fb2919d08fce451b3037858117db3b34cf93198cc86c9b648fb5ca1fd9fc4b189be972d6bb65097d4a8695fa063b3
-
Filesize
354B
MD57cd50824a8231d955318607388a0c3c7
SHA1436bd8eeeae6f3e568152ed9636bef8b5675a0d5
SHA256d5a79d781f6c0289024ac21c314942a6d4a543cacb02a9840074bf0577811361
SHA51268df3e776f5a41ffa81b11d817cf10e932903ea57ac3f74a5202984c6675a78297e18b3162e5dc5ceb22f7b7481ba70d916780dfd903f4a7c4161fc16716a436
-
Filesize
153B
MD56e3cad08bac022872618a3c4fe5872e7
SHA159777f8943343f886bcaf879b089484c9cb87e9f
SHA2566fd5cc7769e635b1f192d5a233be40b75fdae6b9c831a78d5c42c8326f99b9fd
SHA5123acc544941cc1ec732b034e8e4e10ed402731bb1b41189152daacf41b590701cc0b87a7e260b3c59ef145c8e385dec612487954a204b8c68a21066071f60e925
-
Filesize
190B
MD5ffc99087c9ddad7361ea2edcc14f559b
SHA19ff641d3eea65f978e2caf1b385c6f9694016bfe
SHA256f82fe8625805f5062252453596c14c1f38fe5697dcb4967aff49c778236b392c
SHA512a410629d5e9e23744d2895ca114951f51df6cc4a84155e90e91b7c217f5f8e3c5c867b58dc00d95bb699098d952b21605b5d252568feaded45f38ed8017b10bb
-
Filesize
190B
MD5f3c4f687e8e786e837a9440923ef57a1
SHA1fb349c9cc795ddecea730867a51dedc214b2ab14
SHA25684899cb5260c4db7ae98916fa8ad78aa6916df1f9007f52a8605a18cd9e04dbc
SHA512e1907441350ee2469b0d4c1c0dd8e09bc087c7922a819ecb731fb7a0ad23c6d09a1287583f641ac5299b995d5325f2092132300452dee9cd39ab21b81d50816b
-
Filesize
1KB
MD56db08e3763c96dd93360e22272b102aa
SHA1d47caaccad3598a235620a7d67aaf983029333c7
SHA256a72cb9702915dc100523d3145580b6212c02c43e5c68a11f7caeca2c4e7ed1cb
SHA5120637978d346900b0b79bbfe6011acec1fd6e43a79692755758767a9815645ac5bea99b9a909456ab7319f9b61807741e981816cb4412aee55985d8eb2aa17fb3
-
Filesize
31KB
MD55f1dbd9dff4f65afacf3d660a8d52e6d
SHA13c8f4b5576dab0785905085f96ba146b44255853
SHA256266e36dd16d38df8e0846a25d071aaf798581604975ff1c6434f87900378fdf3
SHA512d50f334e2d10c971eea59d28b3e4f04d564ca13577df6a7de592037849ac33f0bd915e4412bcbd175d7381fb942ca97d638ca7663e64bd45d340851bc14c640f
-
Filesize
34KB
MD58bcdefba522930679d71acacbd498e4a
SHA18057ddec4cb7cc848bdf765ed616b17adb92234e
SHA256f87959fc9c11c12453f0ef1f8d540ab249eaa5fab4b129c8471cf5c61b4bae2c
SHA512bcf9ff773872c7524910a1dd4a37b35a7db277534bd25e748d86d747b172d2d522943f577d477e7cbf624ac0a9690aaf848e5fe52d4605b1e1a3a86e56a23a75
-
Filesize
23KB
MD581aa6e297edcc807ecd561160aba2761
SHA1bcbf4e86d76b6c4a555b9d5b370c8f913f29eb56
SHA2562a126522ec12152544fb74dc8219eebb2ca6e321e5fec23eadacc2d9eb249838
SHA512139372674fba9668676188a956b54b418051718acd0b132a247e5088998fc997d1d61d2bcd3af7852a4dba30b0ceefbcd36a5f2f697f0335845831cd499cf2b8
-
Filesize
2KB
MD5e6f826f98b2fa69a91d365dea84666a8
SHA1c55d476adac05ebeb5b3738cee38082c985d77e2
SHA256f54334d379b14585ed05943f1376f0cadded5064d41ebd609fdbfebbe2352624
SHA51290ccc23ba802b9aa9cfbedc2c876a659b66c1c8c82294b0f1363e9195782200e0a3b27d1c7467405c5c8d58389626b20333032be06dd8522a2e1c140fa53e72a
-
Filesize
1KB
MD5557a03acc5cb1d4eb2e79f6bb110f58f
SHA15e52510904e631348bf4d10ddc0102f5bd150c22
SHA25609bfd517663717ac453894e695f58e5f33a4a6af65c676b40d18f34d65734130
SHA512dfd5f0d022c038188a0cde9c002441b2b1317aaf3b0de8f7e378fa44cafb05a40c7381b95e46842876cd1b275a08d8a5b5ae85fccb3c3ad94e0f0f90cbaf8d6d
-
Filesize
3KB
MD5f3d8d5e65f0262658c1f010b5c5d667c
SHA1ae346f5f17b4baf69c22a440da8629cb56aa5251
SHA256488ddd5efcf4b3ad8b0b5c41c9fc95751eb4e60e7c51bb5346776042ed01b60a
SHA5120a249d398b257eac38fa2365311e9901d5aa3d4419769d22b87d501d8db872a7f114f699987a41a570ecdef0347eadcc8b38c890267ff7faea700fb03d9a628e
-
Filesize
2KB
MD5cad761a157874c696184a9fd7ab05dfc
SHA1427bec10b139dd2fee35373ef3297e0e9f4ddf24
SHA2566e21327aba22f3c88527ae8e391dc7d0ac47496fe92e038e1f8673decbb8327a
SHA512faff7b1e011419ef8b79910ba1df2e37aed15276d36671b3f359749da634034ff7e979c227329eff5b4a631638b9d5500e148d72b456df5e0761f4ceaa4f8273
-
Filesize
5KB
MD5578df480f87e1c38c3b2801b10e74293
SHA114ea7b88051d23db8b07b41314e8148e1a0b90ba
SHA2564eaaf530cb52937f62a0959d0838b20771702ecf30cd76e38debac8f78523efd
SHA512406c5b78b58e94431bd3201a64c91bf86740aa8d2c2559453cd5495dd28f846e377a7f39765511e82cd500527d46044fbff6a4dab25f76790e2d6b046fb3b564
-
Filesize
17KB
MD5b8acbc2c4934a23762fef2a5d8c11550
SHA1a04fa8ff275523bc14817d27cbd625e0a82f33cd
SHA2563e20c70d053b4d34c266005f4a1b7abcbd6caedfe979125306dfb4e2d80099fc
SHA512f10ded6e1e51ff4d66da6b6cca05fd40223682ebdc4b500511f3b1664fb1f98df6b78ec3ad079900242c58d4e268c5a58057ce8ff68785334214fa9182d31159
-
Filesize
320KB
MD5ab31df4380ef52297dcb07188e28d3f1
SHA13b4237e3021b9100884fa6d8ad0fbe1dee62b216
SHA2565198c7b139181e7ba6551e89f05f76c5f456486320de65c01dc3769a31c33558
SHA512e97583bf7af690ecadef999dabdab4447597308ebbc02909bf45844699d1d0e5ab855e8732870d90d19da6268a710b2086ef78d31242344c7ed7f4fca807d91e
-
Filesize
1KB
MD511edcf6ead6950a38bdc273ce1f283d7
SHA1d05dfeada11e2a9dccdedcb4d548869b4d7796e7
SHA2565ce4e6d5bc8bcad684a647a7da9baedae52298047f05175eebc81e27e7f1db68
SHA5121a98870a5c42f555fa06b2da8ab2cd9cef1fab10b5e1fe8379235bb3d06e52040ceb0058b7bc25d36d594910d6be3441b0912fdd31e3f3fc673153789978bd88
-
Filesize
10KB
MD5379589a026f586bfa50fa40862b48f76
SHA1e337865ec67462984db91d755dbd4f45a30a8006
SHA256efd63757f89ecd306fe8f2c76adb0175750bb614885f1ee1f883c0defa786e5a
SHA512b6e278496ff67ab85a7fbc2960b7504d1b69e3e3f569da5f2809888c81e21f29bd262177b85c2db89b0ddcf5573a2289ca394baa634eab2f497e3c9bdfe5eb0c
-
Filesize
3KB
MD5f4bec2059a9f8e6643dba750155db766
SHA166b7dbef5c7ba62eeed0f4614944a0077dc2f23b
SHA256ef130ce0a72e682c590ebeaa270925548cdae30bd6d7daa9ecb176cbc18b4058
SHA51202c8af4dfcfbcb30d23b4705c1c447865c9c0ce6b3efd425d4c05d1def5cc6ecbada6f1207761ca8c2ed8831ddf6ad9d512385c082babf584e808b281e265930
-
Filesize
162B
MD5e865691912ad46ef5f828d9bd249817e
SHA1c8ffc3d9b41cc3b6e0541e1d49308651e6c2725c
SHA256bc6dfeb79675ac6c18fb553a076c502332f6894c9090f1d217eb17d980586cba
SHA5123d94f967f6cc1dcb4167dc7768852e20a28f3afe315aa32a90fe8884787d1add7ee199c51a4d30071c310db87d78a42cbd326a457d7fb5ed2780ee697cf5c096
-
Filesize
1KB
MD58533385633b3d65788540b6090812847
SHA198195e835cc1162dc8b1aeb4ee34b490bc617241
SHA256197c7bf72a60f4bfdaec2e21da8ce313fd103e26db58fb21ed38b2eef5ddaacd
SHA512e9e527572a0261392c6cce64374eba71ffddc3f06fe6546a4d7ae34eebaa386b8e7dd85c3036c7a12125fcae7e4c221af89a107587af5d3cd7e8d3301624e402
-
Filesize
3KB
MD5b6278bf458795580a6bc404b2ae3f277
SHA112af3499702eca35077b82c5f5a247f99f0c2d7f
SHA2567df6d3d1d37dde193a318fc87e964c284dc76670d7358fb1bc7caca8e9fc38c9
SHA51218b143af53215ffee961f3130deb5e38062aa24503fa5caa9f8d5a94bbc1534add058b6b8b23866547f1b87b97ae17cd3bd7aedb1ca1b1de0252e29968fad611
-
Filesize
1KB
MD5c696267fedd7c29cecbea879f680c6af
SHA14754c02cd55656db3adf6f953e02456465ca09d1
SHA2560e5c46d7468d6f99fda70dbcff9e7d5b9e6eeb3e81ef636d52ba3c26912297ea
SHA512ff9073d6793fb4ed86cc4bb4164d1f7977e2d8d04ec991d5a6917765969498723b735e86f3a4ea8f7920ab5038bbb1a1da10683565730512c3303a60638e8e5f
-
Filesize
28KB
MD5fac08980addfda6d9b384e47bb30972e
SHA1e86fdfc603bb5e0c084540017a1989c897054ce5
SHA25608aba7869551a85452643f2d50cdf449bcb356705461b75a37811c2ec6bfc000
SHA512cdfa303973f21c03ecf6521a2be3e462a82ae8869160d225bf5a6c99bc7006af159b7cc715c5a3326c98a0f544abeeb78a6bed4528d6007223b36d6d034d9850
-
Filesize
2KB
MD5ce57df5c2764e248a13a6f7c904a91c2
SHA1f17e66d269199d85c668fb1af1943fcdaf970fc3
SHA256cb1efe6d58cf085639b133143462f904bb05dcb5f73744c34f554d41033e321d
SHA512a53f0c1d467cb0fcb86ebffda7cc0c76450b958611f6e86d969fd4a8ba635825fe0ea21494aa15ce11e01e1f38a659c17a4bb036733a846a8e372fd60c3f7cc8
-
Filesize
1KB
MD5417ed8ddcd73e6fa006dccf8f5874f6a
SHA11516e891a847db6aaca28a34a224fe5941ac955a
SHA256cfb357420a64b796c2ea797933cb59d82037707b29e7efb2dffb39e35596b809
SHA5121fd629e331f022ce45109907cc7859537f8f63acff2e8b13c40ccb35a3295dc79a2ef301c3c37aa6d5c6689eace30dc5c004707d7f966dfe000a08d581743872
-
Filesize
2KB
MD51ff13241ee95aa07da24f8a29c6a62d9
SHA19bff24daf81954c395bd761db525c02e2645eea6
SHA25602a8a0bdd985192a7e7587b4607100dd4135f5d8a51078bfa6c63ef77bd5339b
SHA512161cda5dacbe9522d2e561c003b2fe1254f76c48e6bacca1134bbfecf154ba2bcccc19a91631fd01ce3b5cca34fcbf3d92839a24b209892edb162a316ed6a28e
-
Filesize
1KB
MD5319419b3d5295e314ca8c9c655e87346
SHA1d9d130bb5d65535451a13427630775280311223a
SHA2566d615c84f6c905af232b9d31b34b66d9748bf817b829eb73f0c8f915b537a763
SHA51254c753f70fb6b73f465f514f89baf49c01693b558083197a15efde06d0d3d1376b8a7f448ff0a376cd1c28c92143158aa22567a3dd223c65d23e5449e001e1c9
-
Filesize
1KB
MD57ffa4807a0fce05d600dfb4729a181f9
SHA120cb9a40da4428e9889f47ba988e9c81dcb2c616
SHA2567557ea2782581796e9b19574555538fffdab9e928641cc7063b53f75a48b54ca
SHA5123f9cf6ed958a0653568e202159d7729ecc7395e5cf66ba40192be2b848614c65283ee70c6e4254edae786c2badcc97770181263a88816c06640eff8c04a010f5
-
Filesize
1KB
MD59a53ad23afe13edb8af85d9f5cda78ca
SHA1e7b22cbfa6ecbb2466e4696d9d26e6cfcad375e8
SHA2560f1eb409c25a6e7248547655c6130382f5c6e740b1dda6125b668918f84620f2
SHA512ac10322dbd71109effe367149b53d44a82d402c0e9bf20c1a43826c8501322d011571d4ecba96ed385429d47d146ef262eabe8368104822c61d8ee95e0814676
-
Filesize
3KB
MD5b7d76abbc7b96d55c16daa254c0ad83a
SHA1aa34ece326ecf75fb97b6efbc50d06b389f4c209
SHA256cccdf31147ecdef0c7aaf3920ba79985d73ba4b8f8de6708bf09c0814810db2e
SHA512c4e1494046bd3550dea3b386a50494ac1941cbe452d62dcbbf493b86a64f9235fdac7e15c5221334f98d91953c8b708ea1cd29ab065fc6595a99bfc10e5268c9
-
Filesize
2KB
MD5ce1fb387cc0cb991903b64bb88dea24b
SHA1d389c88bb78bd6f1e810f85e79ae5c85da942742
SHA256caa5075847de63edd6e3b4d0baab326623d6cb2785a74158a4c436b8ca77a3d9
SHA512cc415aaf0a2f3ba31e9816047fdddfd6e05f73d2c3935ea796b1503346a6dfa84fc253fa1273b642dbf8fdbd1fb6e9674eecbe55428cdcce247f9c1dbfaadca6
-
Filesize
6KB
MD52155f113cf5c13a82a7b71013159ba68
SHA1b9ed290efe3029140c0acdedf0d54cd80b657973
SHA2561e62320d662020cb8952463291f24617c2db3aa1a1fdda1d57aecd2784db8e5d
SHA512d5e05aadd6ae67ff2c21fae87366d8d82ac04e9c4c960980ae1936e6a587202f4da9e8856ae2812c72099c9c13f4f7d3cab87d058156c252bc8900a0663e0026
-
Filesize
5KB
MD54db59d9fbe6ae1581070779f05828c41
SHA158e2431dcba6ddac0e9ad29e26148ca79442cf16
SHA25636dae96c349545ba7a5213fc46e9ab5a4a539c3480850cd583912019d9828cf0
SHA51256c662d3c8170121aa3239fea677077cf1f688060d15357810a484fc856b36713b402a145111437750eff18f699e17439415170f0e4658cf57b8754a60ac088d
-
Filesize
3KB
MD5e539e7bbef6275d1c472b1f057f53e63
SHA1b10494b087b3137f8823bd2a49b1b718fcf2bda0
SHA2560ada10a13e6d19fb9e408e129cae46cd2453767b293ef1ce521c4b7d648606fd
SHA5120b03b5e5196ece6e41eb87929e937b88e18288ee11839d472170df527d55e098f10f40317eee248bcd947c603816ca689cbed3c0d953475dd0e74985a28c52c9
-
Filesize
2KB
MD563cd4ea51c3a0c9e07f3572bae47a4ae
SHA18fb96576a196bb4961f5965a2e399dee9cf2d058
SHA2565fd6e13f57dcdfb29f2472e832dc8dcdc178aaa581634240661857d7ca4d532d
SHA5122ace549d348bbcc7ff54dca61658ea59badb75907f0963ddf2a46d797c8550dd9dd1b197f1cc145ac36ae4f176ea074b216548acb4fc68f27c934c700173af83
-
Filesize
2KB
MD52dbc1f5488551c7a39c6a93dad111ab6
SHA15703162854595d0b29c20d2b3b7a422defb1572f
SHA25639cb07d64e1c7bf821c798e1b04e546848908b590140227e66428ef56d6f46da
SHA512c6f5e2dcf3ce450c76a5817b43abca69cd6612161ef9eb5d9a8b4aa3c7b2bd9a328caa1a3c8a4f0f9d964adda6a0d08334dadf03a029e620f1d537861fd06815
-
Filesize
1KB
MD554fc8d4b615231f31f8cd7ef80074053
SHA15c7d96f197c6aa416e9f7a1fe20a9d354d2a4080
SHA25601783e067af2848ce014e38ef0532113bce9e4a322c3e9f8d7be07f0b443fae8
SHA51250ad85f23208662b8c4ee8bdf82467f9cf4cf0e4bda2b7ac94e9c296c917eb0cabbaea01a5d703f15930e84dd9c2489172bf0c559fc4c960c7b0d59134e685b9
-
Filesize
1KB
MD50efb69007c9e0f82c704dc6f1ca9b926
SHA1de498e81ca057de06bda67b01bebb65c2392fb69
SHA2568ff09b6ae151489e63bd9d41d51e5de88554cd6d8f3a16c3855cf1b299b311b4
SHA5125609afcf0c29eeb213b5ca1f83bbe72c8d817992684b703943b1cdf20fdaf8e2de760ea88b237740a8245dd58e9f0762dad08a3ffe3d67b156926da23841c0a0
-
Filesize
11KB
MD5bf117df746f7ac1b889c97f203a015c2
SHA10c92373daab636c3940412ecbc3dde9a3e521835
SHA25650070bdce985880b3a85bd4de265949ec2244f62e84128c688eeb34b52bcdf7d
SHA512bfecc7b5994792d12be34a2f6f7af31459fcf4a13bc81f049762fce8b80fc9ece810a73ee9aa61c96983f5be9387afa5604ee0b4b4f3c08334f244702a603fff
-
Filesize
1KB
MD56378f0e90fe15f04e8e3761acdbbbf2c
SHA16077b2df752276b358e5e8bed164fd23f372d675
SHA25652e560e0dbdae5704310d250eccb7c94729801052a46e3cc2b05afb87ee1d79d
SHA51230df33c9c962b267095ffcecd861362299b7004becb802eac80f4ac895f1df013956325bf7e4fd782cf30f031f29a70d0f9332bdaa43848ddeed53ed1d950bba
-
Filesize
2KB
MD5b49ac179df1dce5a93b6d250d492265f
SHA1ea74f2a7093a3df73634b3b7d37d3d9ccfaed891
SHA256de2c2d2aef7c2207f59a4abe6e793f27d19d1adffff5bea425eeaaa75d064a2b
SHA512ef8a064ef63fdacffcab9d5bd763c47b7fba8be8d57c9fb50cd05b1c2d44e6bb095df119dc94951ab8df898e452e243d77d945070a3807289e9351adf2d7af49
-
Filesize
11KB
MD56afb61402f95d40fd90886de08427879
SHA1a7702f7c78955c24e15414e3f1decda373b0b02f
SHA256f0c99f54da161f825d6df29167dedd39fe0c49d61cc01f9b4f1a527367476cb2
SHA512f5f04721611728fc4bdf80ca3c7474ae06029609f17c51fd8567640122bca731abe3aa7f913fc0b295fe20434c067971f5c4ba605f4b0cc7e41c78754d91788e
-
Filesize
11KB
MD5ad7ba379076e26c6adcbdb4117998104
SHA1e7378b6e7ddcaac1abfad2313315fdba6bbe7ce5
SHA2563ea6fb87a43b9f91afd32bdf079639f827eb9b98e628873b0366e27b37fdb103
SHA512418badfc71b93f3222b8005d9dc95a1a06bb0a5c56e15943df9c07166011998ef0a3972403b1f349e9d59f0052c36734f0e851453a47680969bc2b68ea4e1c1e
-
Filesize
11KB
MD5666868acbc693fc5ae66bd06400f80d4
SHA1221bad098b66c9f5723947476c0e9b8ffb95f71f
SHA256f6bde4686e75e694425292b6f55f84bb7c0d3f984a7cbc0d16813185baf19396
SHA512be76a732e3df906c10df170092200eedcda9f77acf3a15872495ee8d155a9f15ad3269e49757d411e70b9ef402aa4c31084c5741232d1805f2fdcdb1ff14680e
-
Filesize
1011B
MD5ee365b6bdc1825b1f448860f65ef8eaf
SHA1ef9151b481ff1bac02699037d10522dbdccaa0fd
SHA2569cb030556e5d9c33d74fca720855d9718338ba57914ec174c3a4d8f4bbd9692c
SHA512c648d3562d697968c9472cab427c9e1830fe605f49ed316f9d22d2e79faaa7607fff297491a583fb7a47958f208fe9f1d5c82bb87fdbfce43d5e095d68206af7
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662191305923.txt
Filesize77KB
MD5ce9aa530371cc74804777137d0e8c027
SHA17ecefd8dcde7d4140ef345c4b2d01e9668fe2492
SHA2567bfefd5f6bcc65f283abd65f788c8ced79b3600bcd17b3b98258a5d1fa636214
SHA51254131f93c9604c975372b4144ee02c2ddfcb10749a4e1c76c40e3c199a7807454aa805986a32df766a12b5b2e16115db9018441cf4b2ff5028155ed78969550d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663623337830.txt.crypted
Filesize47KB
MD56f5c075ce958e2d4bc6a13b8a719f011
SHA1069bcd6bd8c7bbfff1176e3216a555a4e85df58c
SHA25660fc83774f230911036b215e1eb046034cfd542d8e676cae453e1ba38d278aa0
SHA512e26c63156ab202b23a8a251c67b7bceacf30d58630e63425be92d28a51d9d7ef2f633d59bf335ceba9b8c24a73f6d4fbf01165e2f3c2b401839f3464aae036d9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668521654543.txt
Filesize63KB
MD543aaea3f7ea6eef6e854d10a4f283d82
SHA1f6bc3a68a4c73d06e4fe1621843baa3032ec0519
SHA2567fdd8bc8748fcfa5cdb9f91f4b5a40d3104232414896e5164fe573873561355b
SHA5126c8eafd1ce11342060b6474ed345eb7dfe00e46bcbdaa0c76d91e95f089bcaebf448673350d15a6fa4ac0f65ee2dd36714540d26db56467f606b95456d4562ad
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671211214398.txt
Filesize74KB
MD5f748a686fe5c9f088b08757f7dfad2ff
SHA16fc783dfa2d1a7729cf54963ff17ef00af6239bd
SHA256edca16b9e0ec7480a9f3976b0fe79895e2afc86a4bf80fde2632208bc8fcb217
SHA51223e73190f0cde32419d2b5396bbc5e8259b4237718e529b0a9006ce399928b1c265b1d262b285cf9f642459eeec4bc8fe453d42b5aed6b89a48befec795ace77
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD5dec1f176fdf15c95e7fc590d3b265485
SHA13870436ac50d84cc9ceebd8ac883f15ce062f887
SHA2566431f84fe25835ecbaee886f876db5cfa87b458538e0ba0499bce4fd4f1c90fc
SHA512ec3ca6464708e820b67828656a322541ec88de1d65c47ec195f519de922d5ca9f9b4fa62ad1a6f7fc24f7386f496537ef415f3bff01e8a7f90911beea37de210
-
Filesize
21KB
MD5a4e8722e6833cb2998cf4096cd748f81
SHA153c8a3e879ebe3be80657de19a06c9fbf1812f2a
SHA25639fad2dd411a6f293c85ea1504623c42c381935cf884793136da6bdbc4767b32
SHA5122da6a2995939510ff64cceb5dff5c5ec2ddd71e1745ed3f635bddfc04b56e7dc255de8c2c5684b8a4d7b1bb575c2e55225a8ef9d44e2d5a13fd5227975b20846
-
Filesize
1KB
MD57dcd227a5633751baf6db52048983497
SHA14416b614f4b48d19a35185378ae0db2b3a126acd
SHA2563032d5395e4bb6572fb497923f50d7c9e1b83b4116926f7fc930245ae0fa7db4
SHA512bf946373ae0d42b1a180eb147f1c6ee4144a36c3b33c2ea9b6eef76a1a2485f4c1716b8af60807aba03f6e7980a66f4286731e62442bc0338c760b50b778cc22
-
Filesize
952B
MD55605dfdab0c1f0e760544da59a294338
SHA16ef9ac208f76c43921289f0c4699c7d85cc652db
SHA256244f602b98689073d967c1fa65ef35477aa5ba83b61ad2ae682ed1ac060516fc
SHA512793802bfea1f94f3ee83047680fd25a8eae5139ab9feee6ad6e9fef194086cf8b307d32d6df5c6d491bcbb7df7aca414ea79fc30e465179fc9024ccf44a5f889
-
Filesize
121B
MD550352b8876ff03d7a5515bc49090ee08
SHA1a2063986f48c7e75d21c595879b14228876f318c
SHA256f7e3bf9e249b30027b8ddd7cdcbec3f9fd45fcc8800493bf3e221b6a1f9ac15f
SHA512472df02a424fdfbc530830f8f7682cd32d09287a77a8ec22ff16c26a26d4c7846176a407f009cf7561c7fe726924c8915c669cb27b81077472d74135f5b575c8
-
Filesize
1KB
MD54328030c5e2f5ba3c97a5d378548e7cf
SHA103febec79c4ca77702dbb8e4269add62f5257b57
SHA256d54f2f927039d394f05db2de4da9cf676dd00c7351df14316a9545f95c02528d
SHA5129286e15b719223aff75cc3c49e0f774c846f127f031ef41144036b2caacecf1db95bec6b114bf29ac7ca8816c60f30692bb3101465f7347f45c0cca0170a777d
-
Filesize
8KB
MD594f3e8abbad4924ca9bd23736cda8c68
SHA1cf400ab186beac039d2e26ed753287c4b4dada9b
SHA256495cf591492f2fe099cfeaa4c0906ca89e7921055fd924f053c0d9f44d9b46aa
SHA5125ad7c97dcd310aa79185c1b44de17f1a63f75802c47f31f339a0be3c8cfacf3167f4bc762198456d668e118b284087de4bcf26053523492520a7ba2733a9e409
-
Filesize
914B
MD5641acc3f1fd32fe91672ff8df6eb25b7
SHA1dbb4682dca7f294a5618e89a35486e713e51685a
SHA25652a1b88b738e336815e663b6d8538f56d260b8e913ee5faf5d2d9b9eaf5f4d1e
SHA512e638495122aa801067cb2a312c0e34c06f31632af8ce48e998694dd4a202a470a16c58d6a397cf98e47354db7dc0f2460e694b589039fcc4751b574f0adbb5f3
-
Filesize
90B
MD5a3458ba856d9c89dafd57abd048dd8c0
SHA17c5022ae99a3d5b35dbfb32b805c64e743858ffc
SHA25647f804378ae1c0eb1a84fa2a1616971004183110e934167ef0e8ffaba7f73938
SHA51299908b4b47664c62e72eb56aea6852e678ba07fcccdf8382d9164d8660a1933e79765fa1bbcc041e619eee000133f798b6a7b0eb800e36704f72cfa87b50012e
-
Filesize
90B
MD5c92fbb2aef7cbf08add47ad4762289c9
SHA110f657e1d3efd17181fc05e247ff51a88dac115f
SHA25624968f539f03e49c2f53ba2805a0dbd7986c32020b26e55ae15e47a709769e30
SHA512b50dbf44aa88064492c271379384d58fed74ec5e527be6554dad614f4ccfa533d06f9139c95506782757a0f63ded2bca761cb3bfadce6d785566deaac7a831fd
-
Filesize
328B
MD555faafbfce36f6272b50814e946cc6fe
SHA1b625ee0b2793e41024d6be17e7169bbc84fd19c6
SHA256b48cf797867ca91c42f238c0ef279c89eeeada705b30cd3427a69c238b424de4
SHA5121b98242a2d32a10f5212867253193999d3b456055bb278ad289a4118b19ede8e3564fe95c230717cff5e19f02bba21b8c64f8cb3922ea3ae2a9ee2e6eea40324
-
Filesize
1KB
MD5a714695aeb95547f973735b1a23e8a4a
SHA14cc57d36a370bd2218de9157036a208aa0fcfc8a
SHA25629c509be437bb79e13f9f48403f95c6a9cd51680b63ea9d60a5a19aa496a9a7d
SHA5129e89d9bb94ea86a084640a1648e24ad0af3172823de2b4b0150a15f6eb18f56201ac899ff3b9c2c07471e3d092f7d5c508cd3c0f0fc5884e0c9a5206efed83c9
-
Filesize
162B
MD515af0028c28b8ecb88b263d578033beb
SHA13af80907e8854fceb1a8607decac199349ded052
SHA256e472308e08ab5e2f881ea21201f8568e65521df9121a9422fc03bbe251efa20d
SHA512443210307fdf19716fbe2f077457dfd3c8b87b310b8f7ba4beed4ce933dd3381c59eab4119b8df19e76e0feb7497401a3d069f4e0b1922e6176119c874ecf1f6
-
Filesize
586B
MD50aaf86a3a02df17767c6bf0e82503a34
SHA13cacedfeeba46495f901f07f39692612ee8e4b6a
SHA2566b4bae3f8953288f0c8c29d4b026b25a5901674200349738aa906c4e177e151b
SHA51259cbf761678d187d9f5fdfeda95954f177d5fe62b96e74fade634140bb2a96e489cb57feb6c052cdb1559d1db704c6ee300d672dd77e40e1dd8c7fc1d36ccc5f
-
Filesize
124B
MD5436901edb1e32c3cb0c6bc42514a2f8a
SHA107b8d55844aef54632d5464451fac6036e09802f
SHA2564822ccb59d36277cefed0cdd14e9c258e8cf07c2b3858dd399be7deb0871ed49
SHA512b33e5cde319a6b5ff46ea0e98e6ad751e82adb4746e30d99b0412e4b280d7a711c22e1debdf268c4132928b751544aa987724ed513785f22ff540c881c8d4ba6
-
Filesize
8KB
MD53dc120c7f2ea67c0c3c299d75d39dca2
SHA1a0226eae6815a3c1668f05cfabc0767a427032ed
SHA2560328e4e5c7e1e320164fc44fddf1a6b169b9a6f0c0a99e8e6ef533577a420496
SHA512eab66bc51415859c4f7c3f0df77e6ab79be156403c9c2b0200cd2d5ccafefacd7de833cb63a72d639ac835c44b132c3294874ca016904184530d6046bdd5dda9
-
Filesize
880B
MD5c9e8f85692a6b0e3d33e76d3f00dddd2
SHA169994f7d63eadcb759441fc744f47f0a377ac7ac
SHA25688ea587d43fea5b6e461cca659f187054d50c2a7fbadc280a7b1525eb4707a75
SHA5123350cf375c8b5a6fd8c52b30f36563a2609991a80e5d4dc12b279d527f9485f5834fe8c709c44e62164ca1e4580c6973bfa0efaf8444ff33fabf3affb5bb07b6
-
Filesize
1KB
MD521d1fbd9aaa0caf77f3d7528b9c8e4bd
SHA1d62dfeb2a95f28a5cf9219265f6db715e7b23a3e
SHA256c0b7e3a83744098bd8a886ee9508f15fb8827a006312a31d948fc8f23d362e01
SHA512ce7f03c52f173dda130942e15b6ac53bdab4e9d6c1479f0368c9d096bc5aa8d992cf761dc54c4ffd78646b6256acc7a994769a5a733b768758fff24045f32449
-
Filesize
1KB
MD5df12cf686e94d6dd11623eccd5d67f0e
SHA16889953b4d013eb4a61fd45ac1391d9ed2ba6319
SHA256d6cbf75b4ebe34473fc4dd40f8253ab7ed625cbb42dffdcaaaee92da330ad70a
SHA51287eb70b64cc9840ff15b586bdebd037a99b8171aa893a563cc0a03527506d2f76f351a6f79509c89f800cfa43de34554101818524c77a7840b58edebf883e525
-
Filesize
1KB
MD5c0b3b235f59f996a6f886d49cf1fdb3c
SHA12f5ff81322b00a00c5fd28c6e44d7200a8f7981d
SHA256b4967b9fef18badf2617ef0ba64057552fd761cb299fe38842455d7b9b5cbd80
SHA512ad946c972e7dfb7aa540c57cfa69eba765dc03cfaf1921bec5bde18386737cb15fcca7863ab097b70defb35f4519f063ef313618ef24c025948e24f91e414b46
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD5097b935bdeadd0a0c6a3c48333fdd820
SHA1a920e52a8d0671b0633ee87a4fb6a493cb6d4c86
SHA2569214c7248186194e5049e348cff77a665278e562f091499704e9e1fc30c7b4fb
SHA512dd1d359ac50af4fc99e19593a529c001e3f5cee865b7828faa22d81c6e36331aaad0a5df9fbe0983c69f190ef013fa00a29595abee348f4118a571ab86d9f40f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD50024aacba8f0dc53fe7f6584f8cca994
SHA1ac8cea7287cf6fec1499b0ec79c451a3ce4010d0
SHA256e6ce1d2b24f758adfc098cfa17533ebd8af9eee6d179798090e16ed87e4da928
SHA512265ca743904300c526a6aa70dfdb22fa572426c150ab880dd837f6347ff68414474addcde13626c531636b91cd3e90b1fa292b46b425d7f2f2bf3a1342e96728
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD57dea09dd6e054526592cad3dbf9dc614
SHA1e76922160235b2ad2b16f4de1019ba1791bb7af4
SHA256e6c31f3a90d72cda0f6e6ec53263220f9d3f607b7cd662918e51bf6f25345949
SHA512c5a4e6e260ae6703352918290289fd4e7797b0acfd3b726cb2ea7074313501267c55625972116a705007099889b66a40d33bd67da2ba606fed5799f87939996c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD574318496a31e684457e6cc472d05ba1a
SHA136b27817f0c53d8dc66e4ccc03d7587b494a3137
SHA256556732feb535b1f7497d9620960160d11fe8460cfd5e947a013cabaf3c72488c
SHA51258b6bc67f64216129d30c01eaf327fb4d580e2555ea5ba4763b1245057ab85bd21a15ae8ecf7fed0da25dd2c2118b75898c6512fc4eb7f7de044a76f09884804
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD553a24ba3d3680165aa265e9cd2d6c12a
SHA15e858ed89df81657589189d3a32701ca498d10f5
SHA25697afaa2c9d11b6ba51cfafc0a6b34cc2b7a2a45d531fbfef55775f285c9b1027
SHA51291e52e38d2e363b5e8d47d93b041e099de81ab07de846ac5f8240e79c8f8bf6c193bf80b190addadeed122c9f34a4726352dae992e923563e834348199bd35f7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD5db23fffc9f300b19239c7fa95d7d2f90
SHA1ca71df39ab683fee92229337670ccff8f7926e55
SHA256fa169f02433a3048fec26a642bf2de5ac9b935b0462a5424c37304e10e920989
SHA51230a9871cf166c444503681e6ccea6807890ef45e4d95d06114b7530abf4652b717fa00dbf37ad17339f18b2597cbe93a857db5bd0580b866db6662754ef02f82
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD563b630ee641dbfdf5793ac0578e8aabd
SHA1c6593bafb4765e02e59c2d04b8c51a3fe4e67ed9
SHA256594354f0b21b740f31eddb84f87d4a2696d6dd3beb732a5130a15de9abd6592b
SHA512cd01e59b79ae4fbae90c99c716c4d5e156f09452f3cada2d3992ad70a5ac4ca2315570014910bcb6fc13aa9fa183b77226e1aca2d2e68b0a88289a69ab01ca3f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5f7a0a0ec3652152db1bb7016f50bc999
SHA13c9a031a51299728e93c44b0dcc3ceb73f95d791
SHA256f1006808bc1cea00e08970108a382bd4e6806795ba6dec3877ef62aa2ef27aa7
SHA5120481054a573b6ba55e291072f1982280d45289347c0f9ad4a193808608b8f6e0e17c5a95730105f72ac298c836b812088259ede99729c0eee1f5eb7d8cb6662a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD59f439aacf30d3bb2d6dee52fdc2e71ac
SHA15d9cf1e5d5c03986d7bda178defe6ac7acec9e8b
SHA256ca478f9a62b62406c54d80a0688fcff3b9ae7e3b1e0bc4ad1e7fe3dce2ea2094
SHA5127282174c6174344987079015e803ad13a552544412ea372c52a8722dac2e36289707018fa9b31cc2b3ecdb0f2867cb716b1b2bb795cc30e7b74c8ec571d928da
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5361e2f57b515ef2c4c6705b5ca4dee8d
SHA147d1ddb73d8733736175926922bd281c138527d7
SHA256c760825f37b01916f553e9265a3d6d4884f0f4fef71dad5aae3d8c4090062a27
SHA5126ba299f22027f6fb7e8e236e048b301b79a638a88b57dce610181c6c6106261e7e7f6af8a2415fe1b4363afa926897a0066a7441455854cc167fa95c7c911083
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5efcaac31466835b083ab776c42fbb862
SHA1b2105da298a6f6e7cad618126a86eba5e9e96bfb
SHA2565e31e45e356aeb34e88acbe81bf200e10ed5ea768eaac4d42e1c87bb20047d1e
SHA512441969c80d34e9dff02cc6cdfe198c368678b5d2f7ab247921ade41211fb8d791f00ec59b68cbedf2a189ed5982364aa5fd5788173491b8449b984c16c962f37
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD59a42f1d8a4fb6d05b0a1180ddee48ed5
SHA1d357b137a6f91f7114027c27bd8ceb87299b5936
SHA2566aad885701cfb5e67bc0701c78e23088ed78731bf01022a018eb2fe4c4c2c82c
SHA5127ff588c968e108d5b54f1350aa94258b5746a440497d95c5b109bd90694e1120f0695c9fdb4c6b67c428a901beaa743ca41d53e66b764e266527e066a7924423
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD529aabb185367deb477542f0fb14ab6b4
SHA175ecdf81751625bd18da1d4ca21e65437e421c92
SHA25645134ed2dacc96e500fc6921bb4b7385fa19b7f6ebc580df0c049c005ca70d7d
SHA5125671b165a21010a0bd3469270c4e18d4565520bc01a0e957175bacd428a515647989ba50a133e3204f61ed9b2def393c38dce09e6bde434c7acef374205a7b73
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD595abf7caa3aa8e428ffd5438c9583477
SHA1f36dafa97c37d20fbaffa6898bf8020847c1d839
SHA25651788a22b1c23dddf5aa9cc4af2c482815663fd37a888ed28a605752cb7f8bff
SHA5128010f2c9e976efe5d0bca91dbc0eee271afd0e7a8529b86975939bf56ba90c606b34ac25e666f6ef645701e68a43722c15978566e432f2c305a86ae29b3097a3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD57b700bf9c01081b7f0d468fff67e5db5
SHA1878441499af882d3ca28e9af51165c52ffee32e2
SHA256c4b8aaa4996135322921f4af389533b1fb1d923dc1ffb70384fe8fa4871131e5
SHA51265039c65e8832976295d34e99db89d80e90727b4528b9920983e009a6defef49b5890c28abc493552a8b360d89baac9d24169b3ce25423542a69b5f51a0e948e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5a9bfe25ec2f07f7d8c688a0758e4c77a
SHA1aae855252f1ec27ed168b909179fb84cc2d78ae2
SHA256ed9efecda27e0cd594909de51719287db8e85a3edb53991ad1524c985351a162
SHA51281fa550b74b57ebc938f73ae60f1a7a5e62f28ff5c155085adfe727eb6f06ab5a8db3588da7385f623a34d9e2210899fcb77f73866e9d327d99c524dd7f24d61
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD50d745c03cdc1fc811fe0b889b11ad693
SHA16e815c3c02a4f3b736078d2cdaf655ab25ed2062
SHA256889babe32ee3602499a95c1fb0c0a6570e5597c4e096a6864c9c326c4e068fe7
SHA51216446267ac60d024bca951d328b2ec03be1eca946e23b2cd86d5d9988e1923898ddf8e383e24ed8b355e91228e81c051e203f3fbc0c98c79962f0cc5a8d67aa7
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5c4e4ab9f3ec3f9313ee147649045b8fd
SHA1c7bf9e683a84f1d0ba8ee2965bbae33c34006a17
SHA25601d3c636162f15745fde1002f45b4ec497701dc2fe0533f95f2f2e86dcb347ab
SHA512b5aa58566eab4cec72fe5e9e3c6438f99b490580c2e417c868062149623498c3c34b8f8b14463bffbf035e50b8b41fd9cf6962453a24c297408a291941ea68cd
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD505b5d0dfda13c99da2201bb866ba24c7
SHA10f42c675614608187f00816871024e4acd0ecb1c
SHA256d318e0b1c868fc0d304ebbbcc45b5f0a7a0ef2b2aa86918b61ef0dc89215b9c5
SHA512ae3e648e0d11f3027dd99fdc3fe9f2a5908edc170cbd11590be07a848613cfb1f3fdfa321f71d6be06884ef5980885d2b32577518e3843942e05d41abc9b5997
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5af3374be777c1ee1ff0c67f782965ef4
SHA121d4d74f379346a6b0525b3033c7ab6ca8ea30d7
SHA25685f6c5c91e985985b59546b286a9709ac6db7c3b7ff28a461a68723a585c7e29
SHA5122eddc5db9ed1bd65d1856f60ecf74a882086c425a4fb7b79f4c10fc39a6021e3f1280792d0bdd30a3bb10360aa6b142b1498508d68553cd4eb6ea3295702e1aa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5f7f01b0f634fd346011e5757d540d2b4
SHA149f6070d991318299c0600732fb3068793150c10
SHA256bc55623e077c36339fe1e3757065be1a396222150990bf206bb9669815e42ddd
SHA5126f9eb9d03358592585cc82dad6814b464de92b35fe5d70db630be4bab505c026bba2ae844cf7124c47391235d61c4c30d5ac04b9851b895e7b4fb35370a2a96b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD597f62ebb67929d72c27e24508ea98c7c
SHA19cb0ed4ab777907c98caa60a6b99a320ebcae3c2
SHA256393a60e05824b73d48b8bd16fdd6be7736df3c1ec315a3807e239ca79b4bd4c6
SHA5128c9ccae25c2aa34598fcffc55227aa19448c22084097b7aad6593634dd88ef090e576819c0085eabdf94adc250de139f94bdef281cd7762ca7c120f62356fca4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD54c70f2c60bb0ae2ee4153b0ea12c12e5
SHA1733eeb10531a21ef230df3230d4901cb6d464c01
SHA25694bd2a17aef8b3344c90f94d76dff8d1520b30a6ad38262113a7a43b39bfc167
SHA51246f9eadd22731717e33e6c29b00e820300c7f3e5b8d8f4b4d0ba97d49263eaf31e54da86a1838a9383248d905aa1c3fabf92260cd9e54709011eb189b038dcfc
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD5720fd331c61a35194e93bdf3eb7020d0
SHA19bc7d17b67b76c40b772d711c694a17575e96626
SHA2562d2e5818e121d40691a481ab791af97c9e317675a77e87051988e6096794fe5b
SHA51262824dc89d122f629a549081baf7d4a2ecba63cf29811467d2e7c56098ea45b47e4acdd2d7840f0da05f73c4d74efaca9527b81516ca84f525852a40bb5787e0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5f54c119c7f2317caf1668c72104689ca
SHA194f3fcd94beeaa898096bb701436853f64e285c5
SHA25613e2b2a01a4fbd12f4c9b04e051b0eb0f9858e2494c6ffed880416d6cfabe79b
SHA512fb28906628d01c294bbcbad474be5592ac6779829f4024798fb43b3b03f02d071bba330c0587da488437bea1b2fa834827aeb513c1dfdf6f4b163bfc3c00fed2
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD566b71abd1c97d102983667251dd8e55a
SHA1df47b46014758f5ae0ef4ed604b427331375ae03
SHA256127693685c3ee1e646bc88d3370d4f5e1dc68c2935608828f9fbdb8c959130cf
SHA512f10e938285b02fb166e1352be02eefe63ca40571092d7211721d1d66f5c03e166f06ace1f1d38bc835110575d0ce1c138c4f965abdedbdbbe22cb42aaddcdc6e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD5e0edfce75fcb910a0e2e13c3977d52a2
SHA129f42879837fbf5e2854a5c79253d4277b51e42d
SHA256c6377f99e29925d8544ed64b13147050499df6154d46edd86da409302fc11ab1
SHA5122609e8ab365541c9d161b8f95b8f738ff930bab4fea03b8aaed66a36f6b4f53496df95a5f807deaecb2090ccf1ed4b9d6656baa8397dedf0129ce6f11d8c9712
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD59c307fdd9cfe283c1fa3257888a3c4f1
SHA12105e03a977abe900d3dadf3805c5f08a0699d41
SHA2568da104a424588f550ca39d2cf1aa3febb03266365bd9ffa30a118fe3925db643
SHA512a2ae01ff16fdd8f00abc1dac318763bf561e47fdb5f08e398e98cc8b9ae674fb226bffb730f145645f6c30c0647b865db95dd0d1798c96d4fc52408d0012558a
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5cf374e72bd0fa35df967f3b76d0419e7
SHA1f7a68c4c84eb50214a5ef7dd140251cdb37d6476
SHA2565db1c5eff59ab77cd7b6c172dbb7cd3b05b86ddf5c87aab01e8ea154a7b5f2fc
SHA51217049bd6c6b98ad1f64ea80b3dba2f370d82ad781ea62ee047f620101b2753d9f22664b277e8c18f2b8851d7f79295c8e3d19df80194a3143def3643b61bf48d
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5ae425c35d1fdf804a1c9e673b2200c59
SHA1fe246d7f6b2603e38c2903aae73c761145bc488e
SHA256cddfe6e61e31c52f777c428924bb27283d4cc72d768bb1c83a83651ad292b9f5
SHA512d46d3b2275e41a58c0109e1fc8b76b4589820b4f28abd0e759b2fc61c77aea9422a0958b5f43a6c6a4ceac537d116d73caca63cacb3081dcfaed38055be8b54a
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5ea72c29581e486e11eba4d26a726338a
SHA1eab54fa5353431472b6f5560139368ed5a620faa
SHA256759211338081b2784fa49d5fe5837884d95d3c68eb0b1080ae5ce35896a7b778
SHA51283ca98c600c6128cf0683bb7ec93bce4d66fb0537540d0c91ac5b7fb04d244f2c2a9beedce9f4bab55be4296417bdbc3319f288dc3bde5cfa752dba334302366
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5051320d7831f8e6c3b0d2fe30479847e
SHA19a3e996c92376df5de61cba8702cead8610c15ba
SHA256cadc7744bdf0aa89b9b23aae4528ad659b9a539d313882fbee714bcd2755d3e7
SHA51264c38268602c8811c61818cee234116e3345bc11ade87f328fe0f35e9aff1db01dfede5a221b6c56e6b886d0172ed6764f6a8b6d4248d175e09d6ac46f3b943c
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD59b29f29226d9d5c755b6b6427b2c9388
SHA1bdfa0db5ed35a1221601be09cf4f4771378d4014
SHA2562bb0d040cd28416c2f8b34f16a0ca86c054d2f418f41a7176f40d0e46d633d30
SHA51201feb7688818155d74ee901bb75db1122478fe64f170eea1e99d328a0f347b832f2296b3e39f748734e6dc846fb29ef16d8bc44b5b58acbcb4848747721a7bc0