7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2023 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Size

12KB
MD5

0a5e38ff165e9e78e58fd5b47b19b86a
SHA1

d0cccb38776b7390bf8b0fc5ebe14a75b1dfa3ef
SHA256

319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5
SHA512

330c946e02bab30f4f33a6b246c0ad3d83438dddd1572d499aca2af5a1789714b81ba08729c2917ad8b6090ccb2b476d3a88f6bfd537ebd5a2f0e8ff9048ab67
SSDEEP

192:K/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMTrE4l2W:KebFNw4Pk1itKkpAjjI2YpdmToQ2W

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\HOW TO DECRYPT FILES.txt

Ransom Note

Attention! All your files are encrypted! To restore your files and access them, please send an SMS with the text [email protected] You have 70 attempts to enter the code. When that number has been exceeded, all the data irreversibly is destroyed. Be careful when you enter the code! Price of private key and decrypt software is $50. Discount 50% available if you contact us first 72 hours, that�s price for you is $25. BTC Wallet: 37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8 Bitcoin ee Transfer korte na parle Bkash ee Trasnfer korte parbn tk2500[3days] Contact me here: [email protected]

Emails

[email protected]

Wallets

37t6hwuzJbq6PtEgaxyS3AWyLS99qMGrt8

Signatures

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Modifies extensions of user files 1 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\ShowDismount.png => C:\Users\Admin\Pictures\ShowDismount.png.BD	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_f52d5ad58116f6f0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\F12\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\XPSViewer\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\F12\it-IT\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001d\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\it-IT\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Wdac\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmx5560.inf_amd64_209486f1c39d4b46\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\MSDRM\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\spp\tokens\legacy\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WinMetadata\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\MUI\040C\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_b401376fd0a39c95\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\fr-FR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SysWOW64\Licenses\neutral\OEM\Professional\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailBadge.scale-125.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\LayersControl\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-100_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\forms_poster.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\canvas_dark.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarWideTile.scale-200.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\204.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\auto-renew.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg6_thumb.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-100.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\19.jpg	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-150.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_fw.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-150.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-100.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-100.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-200.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-60_altform-unplated.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_SmallTile.scale-200.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\eu-es\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-100_contrast-black.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-black.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\README.md	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\da-dk\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-125.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_EyeLashEye.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\181.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\WideTile.scale-200.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-200_contrast-black.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-right.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pt-br\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\Common Files\System\de-DE\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-lightunplated.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\Relicensing Statement.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\FileAssociation.targetsize-16.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-125.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicesetupui_31bf3856ad364e35_10.0.19041.746_none_536be5dcc953767c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4e26ab4ab35b8882\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-timeline_31bf3856ad364e35_11.0.19041.1_none_36b281a7740d4722\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm_31bf3856ad364e35_10.0.19041.1_none_e8fa8c5c27595c1c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fa84bcd97ed5458c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ng-winrt-extensions_31bf3856ad364e35_10.0.19041.746_none_4b6f731c58270205\r\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\DevicesFlowUI\Fonts\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_chargearbitration.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8232035b5dd78931\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_sr-..-rs_7ad775ed8b32a9b0\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.19041.1_de-de_b4b44d9bdbebd40c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\msil_system.web.services_b03f5f7f11d50a3a_10.0.19041.1_none_b3ae3b0143191c93\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-c..experiencehost-user_31bf3856ad364e35_10.0.19041.746_none_a5506db9e54cd669\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\memoryAnalyzer\images\i_foldin.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..dlers-extensibility_31bf3856ad364e35_10.0.19041.1081_none_7f6a472fcaa4abbb\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wusa.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c29f78fddbf97b15\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui_31bf3856ad364e35_10.0.19041.1202_none_2bb62096a3cc570e\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_system.web.extensions.resources_31bf3856ad364e35_4.0.15805.0_de-de_fb5fb8480a1873d2\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..nt-provider-msidcrl_31bf3856ad364e35_10.0.19041.1_none_b3342ea410595916\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n.._service_runtimeapi_31bf3856ad364e35_10.0.19041.746_none_73e2f45df40bb696\r\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasgetconnectedwizard_31bf3856ad364e35_10.0.19041.867_none_224d36075f776b38\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.0.19041.746_none_77bc2fde474ab2f3\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_d2bffd893ea656a8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b222cbf596531ba8\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-clip.resources_31bf3856ad364e35_10.0.19041.1_es-es_af24fa607a23f935\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ry-services-sam-mof_31bf3856ad364e35_10.0.19041.1_none_771f52b46f435b04\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..pp-ux-dlg.resources_31bf3856ad364e35_10.0.19041.1_it-it_69a88869cad4bb39\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_10.0.19041.746_none_04e0c3143681ee85\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1202_none_fd56911d1a8238b1\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.19041.264_none_adabe55a275dd515\r\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..eprovider.resources_31bf3856ad364e35_10.0.19041.1_it-it_d8bd8bad609078dd\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-printing-platform_31bf3856ad364e35_10.0.19041.1_none_5ea144b16134be06\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.746_none_06265749b0df4cc3\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_de-de_d504cc4406eb6c49\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_help_b03f5f7f11d50a3a_4.0.15805.0_none_a8bb05d72c9efdf6\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\GameSystemToastIcon.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..yphanimator-library_31bf3856ad364e35_10.0.19041.746_none_faa6ec755f8b9fdf\r\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ll-broker.resources_31bf3856ad364e35_10.0.19041.1_es-es_dd4362edb35fb713\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_lsi_sas.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_19b628732a1e67b9\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..management-omadmapi_31bf3856ad364e35_10.0.19041.1081_none_241b8c46f4c6ba60\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..pport-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c58d3e5a4bff2dd7\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmgcs.inf_31bf3856ad364e35_10.0.19041.1_none_ebd8ef27a67106a4\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unbcl_31bf3856ad364e35_10.0.19041.450_none_39fd9ac80b2685df\r\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ApplicationGuard\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tiledatarepository_31bf3856ad364e35_10.0.19041.264_none_ac56521bfe3760e4\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_10.0.19041.1_en-us_32650d5d49de2e64\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_10.0.19041.1288_none_006587932675423b\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_de-de_62f5941788723da4\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_c_fsvirtualization.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_413897ee35c40e4a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.19041.1_it-it_dd6d0776414a0dbf\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_10.0.19041.1_en-us_7338cba7bc66a170\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dui70_31bf3856ad364e35_10.0.19041.746_none_35adfa9d5cea0bbc\f\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..oledb-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_2d353760993bc5f3\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1266_none_9123280a93582482\@VpnToastIcon.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxsetup_31bf3856ad364e35_10.0.19041.1_none_38b4bf057e9fa0fb\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\htmlfileicon.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..eiver-api.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8567daeaed3536ca\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.scale-125_contrast-white.png	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-taskhost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e0edf27657f79bb4\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setnetworklocation_31bf3856ad364e35_10.0.19041.1_none_c50d198a7330537a\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..rdataapis.resources_31bf3856ad364e35_10.0.19041.1_de-de_175d98210872462d\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00010453_31bf3856ad364e35_10.0.19041.1_none_4b88bc9e29f5a86c\HOW TO DECRYPT FILES.txt	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\401.htm	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.BD	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\DefaultIcon	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.BD\ = "ZFUOCNFJDMPZDFQ"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\ = "CRYPTED!"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe,0"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open\command	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZFUOCNFJDMPZDFQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WU17sDZVZ12PQjL.exe"	319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe

C:\Users\Admin\AppData\Local\Temp\319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe
"C:\Users\Admin\AppData\Local\Temp\319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5.exe"
1⤵
- Drops file in Drivers directory
- Modifies extensions of user files
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:4324

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\HOW TO DECRYPT FILES.txt
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
1be60a80e7e4f8da2eefe8a7f5db97c7

SHA1
3da012f736a8198246227cc876584ea1082ef9d5

SHA256
057251f2c84e11da62dd6df434d5e47e4e16b2b95d75019d48ac17080d5193a5

SHA512
d80a193b7ba6133413327c2291164fd6157899cfe78430a26c2f496fda9cef3c1bf373129425fe73fcdbb15052537f6a1df703de077edd5bcafef6c232d9c598

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
316c0a7407aee540a923f7d024629662

SHA1
cee1bcb518f83db0c029248cabe765d07bb9a5f0

SHA256
ad4b156f5f47c9b4f00c64401d7d9b277a5b5a755ba16c204f17621b6fbe1436

SHA512
d1d7b31dee6da55bb41cbfa2619365e3bcca78b1c78fb76334fd1f059bd4847ede85ef24428ebc1e8f5156dff48cb20496be152cec66e265630607f96e6c5388

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6ae6b6b81d7e419119a0e30de067fe37

SHA1
f20e125189dfccc9f1a77c2da2c1c02d95aeec52

SHA256
13ee9f18505d6608690366811b464bf21a84325c37ee648d440bcbdeabb51fac

SHA512
0a59c859f84940ed8cdec56aa9a543f592e543d53d031cbf3373a26d415965ba127e85119d682d21468381f0519c24795f44811f1237680a5a2cece4928096fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
a29b6e4b38fb6271bccef7175fd22387

SHA1
d846b0d8e119ee68981fbbc9ac9d13759ad8d72c

SHA256
71cbbc1cee75f0f785e0550fa8e7d34a776a74f66b35b0222aa22e27ea0fdd3a

SHA512
86a9a3a38a0bf38723f2b3d828b53cfaeefd346f5777e0991b8a86446a6d916e26dedd48313e673c008a73dba9aab904c1f9200f77b1f79dfe6f2195e0312de2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
01252987aa16c08962a9ceb6a1fb9f2f

SHA1
680702d1a51439eb570b53f21c2585ad6d1ca394

SHA256
73f46170a2410bacd27361fef9ad9d3d68edf4b88786bc31d2329e552b251222

SHA512
055eb184a3c9a05f6761533181490605f7c1a1385de6e66976b07f99165fb039a1002861d45ba07ecc9c5229b8348f14820f5eabaf83ffb44a0ef4c7c8102d08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
09d230b0dc4756187585782e1c0138fb

SHA1
33791fbe17860765af31a149b660a5829f16a441

SHA256
52c874ac087de02f0fd343b29008a570b058e0e04afc5983c122f410bb7da950

SHA512
5e9d0cc0174290a3ec2e3366d7f16d04502fd9c6ae5db59ef2018f615798b97e4308ddc6642da2d4e40e0e14e2540e4373202e936096b4c3e83e5382433464e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
cefaf95a9d07fa2eee6f1a2a84b39801

SHA1
3b646afb7c8222be9e6fcf79169420ff3b959bf7

SHA256
98523a73c89ce3a7070188a539b22e52b3e83e19a87cebeaa8997ee76e7b538f

SHA512
a500d210c877d3140da2adaa8f84a13e391e426adf5f5ef106c760f7a688cacf36dc70d4bf54186b0c2a97b732e695054e8b9e971a78fa7858f72b83c265aa0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
9ff58fecd752ad7d66381e9480eb6fb7

SHA1
b43546e0a3959509241d46b971e3f96afb46704e

SHA256
6c658a24e3e53ec5da580080f1acfa79e77a89bb3a23e0852e0def2df076abb2

SHA512
11cb46e5a750180b6452ec1212f5ac998b23f3b4bfea32a904b0716d57cfae0f8fb1d44398623039de30d2e958cbbc0676f989ebb5aed2a67ea620c66fb438be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
31cc6d49b6f7238e1e0d282264e5f731

SHA1
27d6f38beeb78f09520533ec5acde59972b71914

SHA256
47e043dd327ca0e835c7b0e776602ec02cf84b7397ceaa3a7e22289162d63a9b

SHA512
670b5c328e694538bcf059f798cd55c213a1ec75e6b0162135a5ac67d26ca4131cee4cb98384e460d05b9c2ef97f6c4e270e8d92c23bac365ebf7217dd579f2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
12784ec57fb76bf3faefbfb8937014c3

SHA1
3904ec95d49bd7034b969ffa3f6891e0f013a215

SHA256
99671edfe316ad99504b42bf82b7b669ccd7295d50a7a1b9191cd33c9ae68f7d

SHA512
219f0481d58ad623ef3cad00f75c44d1b310328f3dd8149d0ffa459df4b70dae1313f76c0fbc671aa1c13989344c6ea6a9e5cfa7771c3eace865c662dec97f4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
8df628ba7f47090c7abe2be32aa96575

SHA1
1a49184b4ff92084d19ad5986a7757c72d20a163

SHA256
0c4fd3724f987c328207b9110985508b911a85a41a14286430a6fccd59423bc9

SHA512
1a62d07c7a8df890732f475eec71b171cb07b28ea2f05b2ff7d1e766edc9ecf9d92eee91088c24e8795c3153e9a0ac9663e3342061908314327d2f3ec46f5cc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ccd1e37286a438e6e8e9122bdff70f65

SHA1
157f0d64d94e589e14b915720607e686a3ea1e97

SHA256
e14486f2b2dbce8c165c3c6bcb2ffbf39fd242f69385e0e17d5254397277036e

SHA512
10d018e624068e04d2902a874aa830c8d071d26cf5111b65c1b50d9d828d72e1121039df81a445fea97984d1850f52cf26c3fc5c1136ba4f235dc29903ed917a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e87f0c1e890454fbd27564c810e6f57f

SHA1
29dfcb17de0127b4486f9c5a0c9467f3f3e2185b

SHA256
7943cfd447f718b3e721026b5c3472bfab4a6fd28b3eb6a4970212c9800a10f7

SHA512
33ab426260d7ec35cd6642b369ddcb3b02277f19f4ea229ecb4462e53872dc764e0b2a8e20f4164b1f6f880848107b139f9b4fa664fa7158fb7a6cc9da99db96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
351b436746bf5011cc480e546016dc69

SHA1
54caf04a4e1ebb792542beff703dc68612970868

SHA256
a40b5a14aa6c892053bf08db342bfc7aeafd6261b780053ccc60aa717351eb5e

SHA512
626471a2e613d78b611b60979202f662660628313b72d62312663f7b524db7c3de7c36e8e3d96cc3d886eb5290f3fe1a77b03950b3dab4cfd3d4cfc7bf3d48a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
8319c16ca8527c43ac965d7c6217fd08

SHA1
bf4147b97bcf0248863813c823b3e86bf68304a5

SHA256
6db3f29c1f00da613840bbb67fc05ce00645041ea08c9f09a9a2065480e6952f

SHA512
20c66a73191ba7215c0f7727c51855963cc805587fcbddf2d0c6695e6edd1d024cd7f9bd96c37398a03f189ec625d9ab5a5dd9d89113dd4ff0a3b923e654aa7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png.BD

Filesize
15KB

MD5
7294cd158494cc1ca6d5409d3f0039eb

SHA1
19bf3d481ab3a0880d5f09f984cd6cbe8f73ac9a

SHA256
926d98e4a2a3561c21317408ee996cd47d93ecad21545aca81b197a659d406c7

SHA512
0089e7d616f3cc193dbb7405efed97931548e07b1e34aae63ca13ae2b80f505782f505c67baf862c27a18dd0bda18ba873c96375caf6d9efd7827ab46faf2ed8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
f0a9501a1ab7ff21578f7f5d711f9f6b

SHA1
45e8e5d49dac80352d33d622edaac8341c46bb87

SHA256
85448c57c5e01de37ade80787d335bec71b28b477290a4120cf5c7a17c3f9e3f

SHA512
f8751ee34f93770fc7fc4df69b4811d997b5d1268376e829d64aab6e15bd8bbf90e67be0e985acc2e71ea4682503a97e21c36ed822a9d4b9782b6da60746dd99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
24da3a01795fa8b449772a09ec6fdb87

SHA1
dc217a39965b1a8eda1831d0646f1fedbf6d47f2

SHA256
6c3dc65937ff160dacdefb7b277c94636e60b6e8c5f93afc262fc5ca52e3fe63

SHA512
84470564bfd85e9563cb8d15e2ede455c01bfd8dcdd08d9235fdedd42c998fa430397a2644e0a363c797f27ed804cb45ac283aee497934611f3506dfded3d5e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
62d679c08ffe22904c265feb3a023d29

SHA1
79815e175a7485850f3ce922e4fa88c68cdc2e3a

SHA256
7740e452f6fb0e5e7e1f799db9a8720a4c9b0ef795f0926d660add6e97aff20d

SHA512
d4fb0a4aa01ea03828e5299c371a8441666c12f1c503fcfbf16c21ed549be815dd40cb97cc20e898afc53e7563f204abf1a522d6832bad29cb49c82f8236b117

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
c0040edbf14d54f51cc42d3719ef76b8

SHA1
b886562f3523958a815a360546c78be3802d9b16

SHA256
d1355ca7ea9577f07a806846ec414979faaf0f84f99a7f2a42effed427e7a34b

SHA512
976a814e4e6183ee5bef5f01a99ceaa78f89d207805836afdc9f3fc9c6c427026e2c3dde3985bc7dcf71a240e3d105b1008df10c89661f392468984fee20c423

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
0ed4caf5fa8a45cd8ea73f00ce4feaa7

SHA1
9d259b1424a7ad152a52f11e056ff19ff06587c2

SHA256
c4bb8abd29973ed858e37265d0d4f9a7557da2179d85c0cab9996b0f0f5bd831

SHA512
ef0d59892c5eabfd33e579df60d58982da3c304262f93dbbf5c6d97720584d46766a151944dbe90abf11f6d604ebe1101e4afa865af162a3d9058063df213452

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
7990900d8e69c59ea81483a2fed7f0dc

SHA1
296ae9e434da870b545f8d337e9c3fe6c4c90dbd

SHA256
1b1a70d3202dc0cc963e5bcde54caf384396844886c6063af293312f49b9b9e1

SHA512
447873d775a9460fe6684299495b2bc6abb57a1d1c141f8a503d374ba051c7d2c36830e352ea3cfdeb65f83c8cd65470c96e82255fe5954bd00f81139fb563e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
eec2cc4e1413a0d9c533ac76b9830b1e

SHA1
5824ce1d97857e34259e75091d2943bd5df38bc6

SHA256
768e3d4e34e724b2faa2f93c360948e673ee8800d89d0cbd56b78c59290769c1

SHA512
b8ee2ed821c4ea09fa96619267e380007e1abb37f600acb90ade176bf5480d730de1c191c850f60a2d4df5dd584298caf70f7e81c1cd9774f43e07eac42f3064

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
071e8140df4d15203ce50cd546da2ef0

SHA1
1e3fe119d70958437e2ac3cb4abde5fa49bd67e6

SHA256
e6a1355a7915575f2a40dd852f7054f6389ff456a2545b224620da81e0cfb04e

SHA512
ecb32886b7bf24b4c36b62598767b8e26bca8909e6a36d726aff94211bfd8e4d77c662e215f5b871b9e86713f7957ff831786798e81d0ed8f487c5cdc972317f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
cddb355f81944b77de6cd7ce223cb5b4

SHA1
21caf47385f898a54954634a33cedd93d0f3c5d2

SHA256
67e238b692c1a03adc7af43d515e5b524263ee28407ebecca9de3dfb7b0f252c

SHA512
c4309530b0d64c98ece6443fb1b7decb5b3ac494456ec798075cda9191b131ad1f164ca9f8fd9a019098a85e48c5d78602bc109583b0308bc825408642e69526

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
f4d8735e083d95dfedcdfa489d1d77fd

SHA1
59987eef0ce7ffc78caa0840402b7ce6b9743bce

SHA256
4a6ebb88320186cb5252e47e7c400f7cdbbbc836299800799e99a0392c4293a1

SHA512
da7ca6f18236b6288c110361453b636e900a1f04d4628fc4e6fdb34d034f6d08e7c92cb2610918779038e2bddba16fbc232fc5dde337009410e3171be59884c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e2d65d37e126b0b02aef6ea623175c4a

SHA1
fa653680fda3e36021ac32cef72954a5d371a362

SHA256
6d132c05d7b63b5e05fca43e87f2c2f830d9a28539ed90ec33b55a82a825d830

SHA512
46d44aef01f0a85106ac2314f694c2484480505d18a3d69ee81975137173c3b21e73a70240e936c2cb4fe48417023bdf08daf412821aa4048cbeb9c0d17777b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
2052b5e6fa9513626cdd63e48723f2a3

SHA1
ba9f2fae43bd283b54f0ada823c814000ef8978e

SHA256
ceb00fb8989a5cfdeddf5615f4e405f7fcfbd907b77b11b4db7bdeb653cac9b9

SHA512
cddfe49e8e52d85663488ef6841cd3c704f4e8c7092fb0814d40027ad57215933d93f6600cb109c31814eaa6e5ea5292fbf9f955799ce95fc561f3165ea8ac32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
42ed38319b1209fb81e3a864f91949f4

SHA1
b577e14d74949748bba9dc820e1c1dab796b9940

SHA256
785f5dd6c98f25904119bbce708e309d53f97911867b31c313d63efece2f1cd9

SHA512
69568e25eb7528b9205e5b482ebfd998508aca98e9a5e00bf51b02d5c8b796b47f395ae7adad27e8f8093b2f166f80287111a94b47aec7b696ac41e679357fda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
c8aec3e2188a4f9090ae3786edd9529c

SHA1
f5a378ad7cebd3f49cfc1a533d05d73ea479f60e

SHA256
3ebba875827581c44853cda0000357e74f48f3006975fe5603608f9201dc88a9

SHA512
efdb5feb5959aa2a4fa4b58891cdbc5a845ab4e92d158bc8f5044a81831507b595092c5beb092dc30e1c985a642a7eb6479d5c5b55c5f64a18247b8241c8a2c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
140c38967d981db76c2674951eb63bfc

SHA1
44f69ed94c6df777d286076b8b8ac898e994cabb

SHA256
bf7029084237958e77fb98e5d2f88b83e56d762b70cade3ebb9e652277dd63e3

SHA512
d035a3c0552768f521547891c5273e1d9a65966cb7fe702cb39951af70abb1ee0f65162e807f0841badeee46e94faf259211ee1439766e817ee07435cb9b478a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b88f8a6da11c75e2b758f492ceef6be7

SHA1
5c1aa0b1a17ec077218c2abb016f519c72e08873

SHA256
d1d04b49527c3bcf1404e4d8de1d4c7cbc3de5d82f86c9b192d453c969ff4caa

SHA512
4a492d44b65b488f8d0fdff983ee71f465f1b0f3598a56e5d948c3b96805912653308eaa2f1f20f209bcf512e78197a61f23202bc59011d29e782afe4c9a1dee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
b338e3a38d1e2d49fa74e0605add8c81

SHA1
7485ce1e3433d8a364a38a1f1dd7d1e516eb6014

SHA256
84652d9e06dcf87cbdf103501bda789a26df0eeb3d1369a2f0fe1a8587299256

SHA512
c47fc9b96e83010bc55d9cfe6a9af94115c4910e93d8f713963719da368ae976489c146a4cb19930091a5c4b972e69195de2dc8efef4fee9d7a246df7ee92ec6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
d7ca7a9eb2436322b870db722289f9ea

SHA1
4cf0ca06cc29af52dd4b8cc17e42e8dd2c2cc8ff

SHA256
8fbba892ab81a8d43642b334f1d085054e70fe8edcb819ba8fa6d6ad201253a1

SHA512
cd7d33a6cc158a27a9433c4167f9ac7b817b03f765c82b206a7219534b782935114436235dd3714b45c3aa452dd8bd86eebca0dc62db044381b02b36cbed1c35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
f9c01322f3d97a99046b52f59b1ed34c

SHA1
5088d3c869446fabf788b38dcc41345efe0300ca

SHA256
730be9a7fc0688c509ad4cdb19a88718a17ed5a24fbb43d82b5bd7cded8e5037

SHA512
e21ee59d721a0b6395b2f899bf8c2aeb2dcf07f6d1809213c4f7a10471c35ba0d7cb94aa44b72b120f8b02d483daec753aeaf5ddd3a3192c626620d0268f2b4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
2011951d4cdf954dcfa3b5bad5c798e2

SHA1
a570e96b9ca63b010e281755b42890668acdd2cf

SHA256
5edd00b247a3d168f5f369ee3008a77898cdd27e31f64027b9b34d92ca0353be

SHA512
7c44b99316ef3c5b16c53b688e913dc03208731de4bd6b8ccf8c3d6fa72c76e93195b5b5fff41f5d9ca6f8d05ddc8444539ad62c7ce133a1bacba12f6aa06cbe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
3ebd5f0d7ceed19536f7ec8a1186e46b

SHA1
dc881c31f79110a464e3a2fe3618836e814cc88b

SHA256
04ff22c36d624b3639f5201e7d05829094d2d0a9cae5bb188814c838994784cb

SHA512
328e32b24aea6a5700fdefd9c96a381ff36cf1ab76d27c256447c8b6a65b97a85af2aac1d4fbbfadb810d71a1e8ae7ceb0a0947c97bd6a6727f9eb63619123cb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
0745b3a8d6a91e244925ddc53665706a

SHA1
4b4df0207765714f9a029e53fc37bf140bf2bd19

SHA256
84cacf001592547ce3a8f54faac9bf1fc452d761f05b682d752bebb8dd4bde9b

SHA512
1d796c97ebfbbfe438247caa5904f7a1be5c74a4bcf6bc45b4c75ec28e6d7c5d306d2f6b88479daf04db1d6bbceb80f4d9580242fa48c0bd5c101e652b6cd9d7

Download Submit
C:\Program Files\7-Zip\Lang\HOW TO DECRYPT FILES.txt

Filesize
623B

MD5
d09d56abad11b8be5a40586cda2b4f5d

SHA1
69534e7d71c379cb3bcde6b37c217d7d5675dc01

SHA256
9bbf513c05697bf8a6a23b9015e15247b5c05039eb1f63fee5f54ee3dfec3630

SHA512
18a645a61814cdd5f838735dd2f1f97deb08ff6e6b93088fe21dac04f11efafc1e3fefad628d8e517ecf52f3198cefb8ec2dfc6a03d580bda672dea09e6bed5b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
7c994bf890cdaf54b9fa44b088f966ee

SHA1
dcd76de3b377ec4f7e5a34400fe91d993805dd69

SHA256
b846673026e7f61c18b9cccfc9cc57faa2d5cc7e0706bfcd96ca274f34553f6a

SHA512
5dd2960c0444944ba789931b5dc472e583426ee091e0810201c267d939b4c01f7c627819147298ce0636bb94e64d44ac2bcdc75c9d4f519fc0ff61ef9f7993cd

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
906d9281e66888024d0885fe29120872

SHA1
33d1ffb26f273199a5dea04cbc1f0f4cb1705192

SHA256
ac9668a66998c3bed1c112bcff45a3ec859afd8b47d42ed3214a435416e7c1fb

SHA512
660c7a8669ac4e3acb8362cd992c526846901ca14ae7b27054ff16e51224331da23de9dfbc11ca0469fd99f3e9a956258b199d4653b02408f1f9424e1f1613b2

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
9244e88031b585581d75b6c8126ee227

SHA1
7ce39528b2daeaec759b98722351b791fd249c22

SHA256
b0c3e79fc7cddddac0f7a85241cecc10a3f16d3c9cb0c37e15ef150435ceb880

SHA512
5fbfce9383a19d5ecdd835cffe0bd6c719d5b1a8875fdd6513d81092530da5e53dcad246d40e481ca61914866031ab0ec3bd55fc7884830104c44749815891c3

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
2364d050cc96583ed0a19a67241d5f37

SHA1
8c3626b6b4fca9f351fdf69ce066dcdab3153d02

SHA256
d4c3d0d7067d94c39103ccb0c298abc178a7570a71b3d0d964988cdfb9dbd011

SHA512
72fa6fae011300a832408bc5a0eba0f33207a5c98ca9ce990b55ea43cc46aadab447cd00e86e0b9df2899e4133412d2e6d959fca7711c309c344c2cd39733e5b

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
107KB

MD5
255b1a7fdf13c76a086412b43754c642

SHA1
e2545788bb7922dcc71ef3f4f582529f497dc962

SHA256
63036a9b45e39469c942b72b7943f726226deeb08662a4163655e600e33d2a45

SHA512
dc8e62eaebf1d2009b268c016d582d1ce281483de4501236e41245f72c5cb2e3273d8ef55dc577abec50795a27e89d94dbf4ad5e204c594fd9d42bdb9b983451

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
9722b9c457777d822b0cd719f63837db

SHA1
bc9002f667858e08ab85207611ee6731d67a38e9

SHA256
8c46da0148c5abb2e84bf2379e61e7a993b5465fe6de0b830566f2f90d263c17

SHA512
989046cc520683e501d5334d8a04b67172c25149db466508cb5bbb6f0ec578b4837ab24adc1ffec7386e4cb5de0627b0a4229994a05b28c75e206d03665bccda

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133213925657841214.txt

Filesize
77KB

MD5
1e6c913526a35c33b8ff89255bfda2a5

SHA1
d11d02ae470eba264b24c590d7b0920ea481f39f

SHA256
0ec8c640a5f35a7a674e892d947a24db2cac76daf1d4619e1c4b772a5f56162a

SHA512
d3f5718016c6c73fe989c73806567e487380526f82037026d5d3f5b4f5b480626228d8fd002c9ac92ee1cb0349ba51329712ecfd9adcc2548f77fc5e2f8c4771

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133213926134831092.txt

Filesize
47KB

MD5
f8bc0a6efd3cbc40b7d16b57b34ec94b

SHA1
61d26d818cf9721fb14a4d2be95c77f052e36e84

SHA256
82bbb3911c35afb71b6fe2f317c0798ca386be1da8d5834ad1c6f06349601925

SHA512
24eac40f83a24715bf417ce7dcfffb5a07d319f23c5c8bbd09993b82f70059efb7c43bf9d3867b417c815b20bc897f78a69393956b97dfff9fcdae111754e893

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133213933507785215.txt

Filesize
64KB

MD5
f621974d0eee8de1496ca82bd65623ef

SHA1
0071e0b164f5ce40482c8c3ebd0eb778daf5cc89

SHA256
5b2fb0139af769adc8ccd55852cca13f83975afe92759cbd1d893c3830e2abd3

SHA512
ac6dfdd085b987fe8d6b9cf88b6d6d302a46dae3b4875158d98c6d84e23a647e3e4631f1efd1b459d93600d00327acf85a9e1b65283bd0972a01b87d9ba83239

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133213937391256376.txt

Filesize
75KB

MD5
1f7af190a63e02e605d7e9698cd74c24

SHA1
39d6df2f1ef503b1b587df036e67c39787af9d6e

SHA256
e4e294e4356123a777803723f10e821da0df7a151271e272c17dcd8e3722eea2

SHA512
e45e31c7ed93c35a15db20ee637a138d8d0133745582d9562c2c8b3cfab7ddca7be35386c2a9ddb41a77fbb1b1124c0cf9a9aa70c4448cbc66832482c19aa6fa

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
4f1ba6ef5a3bae3e17a23fabe6dcb801

SHA1
694881a9751364380dbae0b1aff65fdd0e5e536f

SHA256
dcfa52a8479341962dbeeaeef790fedf65acb497bf35c65eba472300a09efa97

SHA512
aa586c95af796db181df4cf0bcd5e4eb0749e27c8626f7f0825214f807935bbf5fbf4371303efde8bb066c3699cc70b21b1f10de99456bbdf539fa8eff8b6d3c

Download Submit
C:\Users\Public\Desktop\HOW TO DECRYPT FILES.txt

Filesize
623B

MD5
d09d56abad11b8be5a40586cda2b4f5d

SHA1
69534e7d71c379cb3bcde6b37c217d7d5675dc01

SHA256
9bbf513c05697bf8a6a23b9015e15247b5c05039eb1f63fee5f54ee3dfec3630

SHA512
18a645a61814cdd5f838735dd2f1f97deb08ff6e6b93088fe21dac04f11efafc1e3fefad628d8e517ecf52f3198cefb8ec2dfc6a03d580bda672dea09e6bed5b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
95bc33753268e65dd81d2ef5e5f847fe

SHA1
e46e7c32400cbc026815cf72c189b6e5e023d303

SHA256
cd183b8dfae47cc01116984433665ac4b88b2150a1e1b09327437dfbc35f10d5

SHA512
479800c53a3d3f4e45cb56a371033a7d8a86cd343ce9b2fe2288bcedcfd726eed88efcca9af9943b916fe73eca74353bc24bd299db1ead77165b6a2b6c82b473

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
bc003f1bbc404d67ffb68d99e2922c19

SHA1
9ddeb82ae3068e6003d0ffd8b0bb463ce912f9e4

SHA256
1a3cfbd9b2cb80d7b895ec55ce16e0cbcb5bb20eb0f427d6c97bd703474163b8

SHA512
14ece60046a2044ae859de4a71242c30eb32e169c8bd0126a15c547be947ec43766161ea4308e079028f042fb0bc6c695d994e5e343480e7ce8fe11d2d760b11

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4460fd08b7d0da62ea7e0552e5a3cee7

SHA1
30680a65c0fe3d501e1e6175e39507bd60100425

SHA256
057bac22ee6e5ac30f1453b33b5665824aaed172a2290fbc4ee03f7b475bcb2a

SHA512
2c94178a88170cb5560f3acce3aa8956dc2dea719398436bf4d2e904e0418977480f201e3761226f50dc6473f7a0c744cbb2ba35453d2c98ca1df3a19ba012e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2ec70ba4c76e915b16be00f0ee3aecd6

SHA1
a6d9262c85a48c48708a0f6d2b8af9e651526980

SHA256
73d3051634b052668c989e6b041865fd50b34d0bb2d2908daa9d02541910b58d

SHA512
746aab2ded5bfef90d0c74135f32c7f4f0a9fdd422da8a8933bac4af7fa225ea375be684975bfbf2ea161320516a2d5884e5131a5d04c2b01988586e3a59717a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
82b115fc0a19fe1ff2b3405d53d2238d

SHA1
a48bfcc0da1bcb551ea6438fa1b220d29a016717

SHA256
207982774e65bbd0b228f37f772c421052cdbb1d4b4d1cd115e12b65d3b95611

SHA512
032da2350a826366a5fb8e4ae0918a61dbaac35e666b69a90f94656a839d6b346ff762e4214b40fc5067a06cb9b418e7cf8729f6bcc193092b8c92899ceae056

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
98026e2f401c086a4b4e413e096fe561

SHA1
05c97071ce6694e22a3ef10adfc866ccaab19c09

SHA256
3fc19bfba9c4dc345271b98b3077dfb320789d411adf309f169b9dab44adb731

SHA512
cc783d6f07cf22973c84f631abab1fa064afd5b9ba1ecb5b74df1efb4e8e750fc305a17f1bec5c7c391c8cc53cdbff63f8405e3f848f95d854368f83d94b96ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
6aa0517a2cf3129794065204015cac1c

SHA1
8687bbd98018eec2df47c775f7e8eac58d8c5981

SHA256
20fe962b1413d8a1a27079bb62428bd39350e597ade5b261dea848362456cc3f

SHA512
f243ba36a949e60916d621a62ee5d6f04d2ef2b9813f666c071ab1b1a0bcf6a42140f9a5da88c08c5421c85161474f3fd14e304571e81ea0e748bb6b62d167c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
bdd31022e69442599cf9dea252dce11f

SHA1
50c3d12fe8292403aaf0240871106e07e1b9a07e

SHA256
b464f29a9b2e9c5161a866cea67db8545202f1fcaa0536ae914297d6fd21046c

SHA512
1e6f41f12c678b5d7deef9ff69e1cdfe866ea45938d2ebae22ed06127e994bd829dbcc6288bc836870161f654c32f32f01d1bde79d19f586cf2d575fc8e2fe1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1c301ab5b813c45723fb8e6643b2989b

SHA1
dcb234ac6446f65af0a34d402028dbbbdc37f906

SHA256
a5429148babfb8a0f5b852ccb1411fa67ef2c014b2ef88c21ba871ffc489f754

SHA512
502ed33ce0116d6935cbdcfad3922cdcde07fb0b2533b50c1d326f83593b072775f59f89e02d4155635382d19871df9ee070b6af19d419ddd3d91064c397a686

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
8f71d34e2e90cef6b5c2db1cff6ab7bd

SHA1
fcf4073d0ac6486802f180d11f02f68a9828c7e0

SHA256
13fb5a326a65c5cb649a3b8d3df2e8015928531c09238481bc580883e14637d8

SHA512
9ac4117dc4fdf12e4742ab78b8a1bbf1525c7d5bf0c52bf7c3f15b33b8a144a32b81ee7e6a3028f7b36b5d7463a6ebae0441a3b29ec4ff21eb81cf844396bdbb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
98a8797a7d12112d9bf743517ce2a238

SHA1
4fa6b6d8c28715fae97161950e081521977b0524

SHA256
4fdb473f07c6eae16428104138a448af4f7b4bb7d5a1a98a7fa208b2ef2166c7

SHA512
e2ecac7cc0ba1a80e474b8422ae30573e4c65909717432dba0d99d01be47690a3bffdda79ca25a2e2e3ad872bacbc00c56aa1908d33f3f53c29276f840f077d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d2f4b997e11523b2d678b7c77f346997

SHA1
9acf952aeab0e8dcc9eabfa71f065a642578316b

SHA256
1b6bbaae9f2de5212558fec82918b7e4ec7babfb5824c756836991595dea4dc3

SHA512
e3696237047385f2c201243278f5c8e8e12c0b641eb96365edbd0784cd157f8073eec96260379e4b12d813fdae42e7199437801cc0346d253ecf674bf067e98c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a20e461e05270d7d7f17817268d83147

SHA1
f2555d8d8a6262eaae1834eef9d061725a4ce30c

SHA256
1a7cc55f36e08e2653ae420d8a05820dcb0ba41a9d96172039a4db95e4ec318a

SHA512
c22b7c0dd3201548fdfe56fc87b132dc689abe0a46639b57f5e4171603d2d621de863c5a80d79e7c57cfc421b9604087b52e2f80e244c7bfc8dbcb056ee4d70e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
227980ea2788d316975ce7b2ad009111

SHA1
c2feee01fa8d4f7fa466c3891b1be8703d24169c

SHA256
b4684bf34089b66b0d72d7b6b94badcad4451e9d5151393ed4a4f725ebddd5a7

SHA512
0dfd625e22b947561caee60237260940025293bac9a1a841ff631d867957d53d507d14ad14d9814b6ee3bcdeddb942e91b5c10d911b68bd253f2bc313c6b60c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
b27fcc70c8dafa681ec100e9fcb6165b

SHA1
443eff524524ee325b850b80fd697831b671ad71

SHA256
f50234f4f15ab963fe218d610abe3b0881711db73eb9efaf7c28694286475e8b

SHA512
042812210555c3545867fab873291158574e08f5423978304823f83c2bc83f1def5465bf97d7ef5340f6c5f74b3c3e512cf150072ceab94f9e2b37c72f788af9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
34a5d165ee0b9827b6bdf93182d84208

SHA1
282adde63cdc770627c35d9005a61c718768fb10

SHA256
2fc4d024f38e63f33c9f703485af5ecb1a2925c9bd67cdb69e4d898453b7cefb

SHA512
fd9eae666ea6fc01586c3d3263b6188f7ceb9216c0158a9f1c8c861651f2618513a0837e61e21d4d4ca99354712b918f382fff846fbc29848dc9efbee5961ca3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
3bda340353d8e902cd12c9301270cf0c

SHA1
734b48acda1e138f7d22982bda4d4c50c2c60e4d

SHA256
b96ff1394f048b8db9ef48f6dd2953d3cb687846258ed4b79d33f23550bfbb9f

SHA512
812bdb6bfe9f507b8cddd816788b1e5d87ccb6baa7b2af87e045cd65ddef1527e521559723221c7ca45f212c32dae22371a7c4be50eb412a8741626ffb0483f2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
0f96117c51161cd0feab4fca436c6ffc

SHA1
e56590a1346b69f0d83a6e64414ac3f5850c524c

SHA256
a7d4aee9f3c6d32e1f9416e115b33116443eba9e6e86af0705ac6f7711b19fe3

SHA512
5454050f2ccc2a0bd18d80a0f1c9e1a22c92247480c2ee2384b9018f0506ded598829cf163bb990aea1193dd8932c17a36b4825b3d6ef9950be716900abffcae

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
356a4941047b647c19c3d9e74710dba6

SHA1
4d13f664ae7c1b94348928553ab082354eb9587a

SHA256
1542acec4a87a33ba56a24061f54a2674ed4217b1014a63aa43e4f01d0eeb8ac

SHA512
ee75c2534a5b933276644aa0ce1ef0914ea5f7b939b021a30a34c417a7e293b381476f444c05fd0b981d9862a83510d479209cbb364ca971c4397322fd7203bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
848e09aaf44f30fe6bdca6d7809dbd9e

SHA1
73045b66f418d0cb44d2e18a0335418939a9937f

SHA256
f40c2a3ac2b7772c2b85b8ec3353c65e37f32591c6885154d94041b0f938cf25

SHA512
5fef7dec2069913fca304c54a2b0c7f0003c078d098305c237b9d8c641bac5e90975de209dda4d481fe989766793801e36688767773b81379fd5a6d2eff17f87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
7804940cfe65723d48944cdb09e09590

SHA1
607f451685ca0513c5857e27313c21139031229b

SHA256
1b2fec092c9585ecd97c3f8abb91240375c94bc62870bedb9abb11730662aed1

SHA512
7182392a09bad49761e90cff5df6323f045c5bdbfe1de3ddf7a5df77fafbb0e9a12b84330b0ec78c0b66f16322b6ab76956e34074fb1d978ae644a1c021d949c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6e8fef11dbf57af9434d4608e0de8194

SHA1
b1c26c941c312920ecef8ed242476e10eb0f6ad7

SHA256
10cc679462d5d2fddb24483d76f22735d8354512deaae7de7856413757e45db1

SHA512
1c1a5b214763f36c6c2663f6d7edfe667dc55d327457eb8112058ac80e34339d3e5d10c607a070b6ffe05e885efd1511311de7699f292a8219c878007d8b5822

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
34e706307faac380574777052cf75feb

SHA1
40d88fd75544a8944371a6bdc7dcb796d0f8e09f

SHA256
0c58d464a5c03f8b697ffe8cf2ad22ea33fec909b1df8a75c8b1197ca1386970

SHA512
e9aaae3692ed618e884875e7e660580ef51d89a8b8bb6d066f90de1db25ed715cb90bb66b405d5552c61144a6826b20f25720f4eb76dd1da7008ac4d4945523e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e2f9ed5a394fd917a7ec08874568804e

SHA1
ce5c03c70724936f4b456f9d392cb805f7f7f7cc

SHA256
b9576196075bdd552893d4f154446847f86a633627bc18f2be10c25e019cf8ed

SHA512
2c2ebd3552771f2623df11c07d96f3088ce0b7221f1776641dd70ebcfe0120332ae03f8875d3ef2892d15c8827db3e1f2384b61efcc98a6b2b776bd083628b8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
d6df29fb6cf354b512616b074964cda9

SHA1
0759b47174f9c5d75b21da2cb01044ec493b900f

SHA256
eb62ffd7e919a96686991197d969cfc744530eb8cec3ab57667688372294451e

SHA512
505d5314d3f566faf6b68c50df99757ce0dac7f882f270d53de63bfe362fd0f0c4e71eb66ef32c9783d1ad87aa87fccf99247f0e3ac0539aafc5faa9dd2279bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
f0f4d1cbd251d2f97ff741b5d6f9eb9d

SHA1
416e4cf8d16d9569bd2d6a24f3aa654c26d31fab

SHA256
81ec0c572a0dcc0fa20a588758b87be78a9ee5035fbd8753c72885816153fc4b

SHA512
bc4089112a944180490477e222203dd1abb7e032f19ae5b4846bd814fc5a7514d686fa1d6cf2e1f0dd3b407a0245eb1763cd4644cea245a4c4c7cc5e85e78d0c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
9dd0d6a351b0694eb2b1799e46175a2a

SHA1
0b60a75b97d1674d8966a249439e93aa6a9424a3

SHA256
70fa2161bf63f56d3066177ac7c8084af304b18487f0fb6dacaad069b2a0c7ef

SHA512
fc7ae53d3a89183a6cce499fd064ff9b387f783c8922b5823d5b10321560398db99364c90a1278421fbbbffc775baa1d8fcc730b3ccc6c29e6ebd26aa685f42c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
ae17528c25d045d5f22fa9eb892cffbc

SHA1
786b228b4590d0284c603e1d480cc2650f4ea031

SHA256
8b4f246436e2c41f4955c78739107588fb3a7d3a97f45110f89bd9a9f352232c

SHA512
18fa4568b8359df6e46d6e28585917c8af9283a7c2418b42364737b6c328305473a27ad18469b5e8ad090dd84f07ade76593fe6f37c4a13edf7071712b140d6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
50534e533489911ee73d8f47be022a73

SHA1
501470b8a8f862be84285162306e1d6834086096

SHA256
78bcbbcd0e060975e0ac6b6065a6c63055a0bc35b41a31bb02f827cc80b1374d

SHA512
bd03152184432992729d2dde0bd1c47df8a3e4f5424f3bfc43de376756243829449ecc4ee1907314a4484d2471596ce9c7ae53a84a58d39a0b8ad4dc24db4c17

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
5dd8853f49c037d379ce48b4d34470b5

SHA1
8a5fbd6e424c93b9b4f52ed9913784f6d4906d31

SHA256
3085075cf24cfbef200b88bf2ba1fc0018366924696dda17e25995de4a3ab0cc

SHA512
2f15fcbbc4a8804add20aaf9a9c8250ce0512159ce2f478f25a37a03739ef561e9e14c576c30ba1e0feca960c5291f3ae2f608b1bacd9e5b1f2ce01daa70c8ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b5dcb43dee84ed06ec828bef81c96acf

SHA1
7f0f4728b3cdc33b5dde00ac7ec506c789815b74

SHA256
476a6f6903b59e664212917352c8e0e29b7085db96f8e634fdace7ea8f983d9f

SHA512
687a04e905fa149ebd7b010890d6416eef44670c6f6de09b8d56cd360972b69b03d101cb4bb47ccee7b8ed9f00d169eae5c35a0c5200183622942bf533cf23fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
b575b943463d4b7cc9a5ccbef672a79c

SHA1
163e802e02b8a125dc6e8ea8d95025bd8fa97dfc

SHA256
9d33141d8fe7ec8349a15484315b9ada495c4996ed1efe8d3f903122ef4e57aa

SHA512
d98326a4427164c61fea648e5401e78836de71daca7451810d78e499bd56ee5827786492023bb2687c45ffe493950394118ed275eceee0114be8f5d7f4070afb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
e7cf18b2e4fcaa5577876366892414a3

SHA1
932ff8d52e6dd113faaca91e7d272094866389c3

SHA256
7de0a885f42ee073494f9d72ec4a28ee004acda649c8464b9ef3f8bd4328d457

SHA512
2ee072d95206c1e990b3faa12a45e7d7f1c1b8495a35b527756c1019e80834f27b3cb68ac755f559209f6646abbe4016d29ba936361f5fd68d57531c15203c91

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
98befc9a6234198ac8cf5a04df106b89

SHA1
bdddeddae6f0ae58a59f22ec71210cfb2f0c2019

SHA256
37d5f2e4ad70e7f50bf7d245f14fe4afb785f854e311c75fc201a39d508106a1

SHA512
3b6bc33d9f3adedd86bd97d4e6818866095b803608f97273f1acdc77df09c6ce8f24ef79a5d14bbd8f6936d0839bff9c44a51189d82e880497d583bcd6022e77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
9ed540b8a0e7b6e180fd303e64dbae87

SHA1
46d0850141f39123e462f3297b2104f25f816505

SHA256
08bf26d45db423ef7e22791bcc1bcc730c1e1e6fd0a10e4dfde6bf258c7b1c52

SHA512
5e707bb16ccea2a318b944410ff3804f8bd0dabd1bf023002829f844f13ff3466476f4a5d22a50825d057baaf03115993c8b4cdb77055591cab58b6e44539584

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
2724b986e4a71dc7b56a983c02dd8d17

SHA1
ba8ab89157e59d3ea1f8929ee31558cb47cb8f15

SHA256
7438193a25921937004583b12ab393d25d85557ee73973761d57ab37bab7af40

SHA512
86330a2afc9c6cd9d2cc7934b4124b69e7304c19bf1e974c5366203dc9cf90974dadd8756241cc2d845a36997bef0a5800fc94da2924434d611868838ac7447c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
a5fc0273aec3fa915b4ee0298d365b84

SHA1
a24579389b8fda0c6a76c55a7824f18a5ef21565

SHA256
d6a28b8fd14b212575b944c448a91b9599927e8e7d34d6674ca6b4f8da60db4e

SHA512
11af63bfe0cba4d6de60bb3465269b1e2fac6687a4e4a81819488586cca0967fe342bd0228f8158cbd3999e600e5fd9600e0746032b33c18f9000799dd5ee22d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
3412305e20f80d3183415234821f2df2

SHA1
484a03aae3360d5c30695fd9390dbc1705b5a536

SHA256
5dce2a4081ecbf0b49b0f7a4f84b544cd428d2be79d381554c32ba1b066faeef

SHA512
39df89f465b3864e652debee5442392e951057ea52ae38fbd34f03153ecc1c2613894f36daf9013cc9914222ab2f7770650438287449d4e764583228166c6b37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
49fc100ccfe361b2ea534af4b7fc2dd1

SHA1
f748bfd09e2fb40ef2a2321e18031b1fe81335be

SHA256
e0157d55617200dc417d0db45f2ed3fa5eaeb9ac1586ef45627142475c7109d4

SHA512
ec1786c00bd732ed9e44c8171f98e39d8861453656c0a89482938914d3d8bb4517532654fe7cfbf3e80e473b2893bace49c1e9ccba80a4437f668fd200ac8cb9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
a7fd0da793053c4005bb7e816eff4f7e

SHA1
277c05bfa8d141b784146fd5b3bd05f402a4eb61

SHA256
03435ff3cdf2bac24622a052837648a8d6f4aaa561e9e61354ffd4f16ec79e3f

SHA512
bcb1102641c0f1d50d894e61c7abf79c9da2b6d9a6589de5baf88ee280d511410ca4bd56a308cab8442c4d9f2b9d1ce886e959744c21d7b79f80ec868a80642d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
4de4eff74831b8fc57d2eff7e0ec33a9

SHA1
1c36be8ee89d6628c1f6cd8e32d5013f5ead545d

SHA256
f4745214fd790d361d84d6c3889f4b82276b6cf54314b7dbd29c1f733a9b6482

SHA512
fd52573bf0ee77e91f801857bb7db8d14fe45b521634b3175de4592d726830470bc137ef57997f97753f89b7e6b83b01ec859cdf8b48be8345588bcf48a3ab5f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
544e7d710e92c5c8d996c4fe92133538

SHA1
1b9cbf8c5eca84830ab73084f3c720d68106d56b

SHA256
c287ee638b4ffde1a3e044839032509d7b9fcbda59c8a32b9c08ea4e6ceeff1e

SHA512
7091e6f0e8bbdc2791d3b678b3a00d2aa1d4480dbe7a039316c5f5c458150c4d5ef999d5dca11f4de1f6a9ed8ccbe71fe13b549e371fcbfb7e03e81cf86abf3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
42ee3b76dafacbf7e1c8fabccb9151c0

SHA1
83b5305c56f6efef58c9e88171115caac9aa9406

SHA256
7be64dae85d4fd4df8dfd5ca851ed35b5b972ca0ddaa314196440185821501a1

SHA512
17a359c276dbfe9a17f16619819958ed2de6c56d213f857e88c844750b143ee9070eb784f48c3d546ca0a743a02a52a0bbbf66b21356bd94de151413f0d6cfe2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ea525258bb10babad03279cf67ed2540

SHA1
7586a54d9ab7fe1a4ba1430e022c2df8e4173ead

SHA256
2f7a3ca9bdd17a2737a08f5907fa180151bd1fa54e6c82ea8c9c5d08e3268db8

SHA512
16b6bac0175fd4bd703fa00d74e0d4ba392b154010cc9493f94b57cd02b7cfd2777d1a523198c12dc0faf96714e1edd5be2671fc66311d40f0cce887eef378b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
368124e984e370aa0cdab36b130dba79

SHA1
4642f5b89cbb8f78bbcbdf87622b6b685347e077

SHA256
28c48165d39284d23110edd8e54ecfb5b2236b59b31c1eccc6c0dbd5b86eef26

SHA512
6a02fa283a95b8e68e39e5dd39b4fa39dcb313c9aeba3f62a6badbe893386769527fe2a3bdab87869ae7d1ba698b42feea27bc1341ab7173f2773c5840b43f49

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
02b65f32d07677741257e3a5d93ac206

SHA1
567bd2d58ede2a2e56cbb96d02138b7aafd7894e

SHA256
b3daa6e81cf4cbe278927105dc95ab92a5908694790a5af5c3940523ea75aa5a

SHA512
58eb28802c3c8fbfda58efcbbecb941502825e8d2d12e41f06c5b6487932b74932d60e22ca02aa8dbdfe95929872f922ea90c04e8b679d12aff69d69255542f3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c3064607f9b5131bb0fdf9d9e5d9bf5e

SHA1
be38d9acced8caadd1f8dbcd39b8ed0f6a06d1c3

SHA256
7f7b8077b6f29166284619a8826813f7d441b6d81e360062814ae7464168df27

SHA512
022085117b565dd5a62c2cff73a78352a1fa7f95c88c7306d8705bbf91f5afc3f8e819d7050b0808688f036094e58af769f20c996f6db42e36be8eb9f86a37c3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
faf6023c82c8ccb6091daca18ade097e

SHA1
c50276e0b07688061911c1859e8feacc34c6f596

SHA256
524016f1a6fd961078e232c729898631fab8cf834c941abe1522214c56b1e877

SHA512
70b8861e1c072d5c738f80588270e44e85aa3d72032743fd219b93afe393ab6b406dbf2056be27547e9c352414f53613178375815a882111dd03b1ea5ac00f31

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
965593ec3d35146e4a06b092be3581f2

SHA1
93c1ca96d7e929a9d3fe4ccd8be608b702e48206

SHA256
5689a8a23ded30956ded8bdd727c27735c70d5f8f35805488a661c66b2f8c001

SHA512
eb968ba86d22358bc5c031c7e799c4aa8f230c9e081855b294e68a4318a7e60d52e6b316d6e6dd53ede2c26c4e4c8e0a0e3d54c140d78e37ea1041657a9ed79b

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
de9bd5080858b759664ece33250d0694

SHA1
15462daed716092869e0ee935f43eece3153f0f6

SHA256
6b5ad55a5b75c08cbc1bbc813347cd32d618dbd6cce615c6f01afe74093cb00a

SHA512
076f05469b367533b58b1c19bf92cb3e2c72001d157ea4444d33ae35b7537629dfaf45819220758ffda54de9f79c8db9b7798b1b6d330c9e8f88560730da1754

Download Submit