Analysis
-
max time kernel
94s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2024 15:52
Static task
static1
Behavioral task
behavioral1
Sample
c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe
-
Size
43KB
-
MD5
c86e6c9a14e2c11428dea7f72805d999
-
SHA1
1e41e641e54bb6fb26b5706e39b90c93165bcb0b
-
SHA256
1f210c60f90fd8403099482455f3220b56b2864bc4d2b6af0abda4a2c3854d40
-
SHA512
32ed8ef777e5d30ae086d6bd05202b94932f6894e25a48c2e92a2e8a77ba80651c45ee04ed0b70831d479a74a2d48af14b40623e59c06223289cb3d4b144576d
-
SSDEEP
768:wO70S7b0vJinmDOxCRfcwt5Dqcjgqa57R/SVcQPnmX5URz7D7PpUmNq:ngawv2PTq5D1jgZ7RKJeJU1D7PpUQ
Malware Config
Signatures
-
Detected Xorist Ransomware 12 IoCs
resource yara_rule behavioral2/memory/3188-2-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-3049-0x0000000000403000-0x0000000000407000-memory.dmp family_xorist behavioral2/memory/3188-3270-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-5033-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-5030-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-9481-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-10890-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-11003-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-11308-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-11309-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist behavioral2/memory/3188-11315-0x0000000000403000-0x0000000000407000-memory.dmp family_xorist behavioral2/memory/3188-11314-0x0000000000400000-0x0000000000415000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KR9SpeDJd0PU1OJ.exe" c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_19bd1d6c2b642b6f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0003\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\uk-UA\Licenses\_Default\Professional\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\it-IT\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\ja-JP\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\acpipagr.inf_amd64_a3248d35e6aba0f3\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_51d6c57c66e3de87\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0804\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\wbem\es-ES\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\zh-CN\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\pt-BR\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\sppui\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\de-DE\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\uk-UA\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\Volume\Professional\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_5b64b65052c3a32a\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_ed209c9a3da66777\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\Msdtc\Trace\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\nb-NO\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\XPSViewer\ja-JP\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0C0A\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj3.inf_amd64_9658f2eb83f061c9\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\es-ES\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\de-DE\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_dot4print.inf_amd64_33c48c563d7541f7\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@WirelessDisplayToast.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\vdrvroot.inf_amd64_5dbe5e81fafe4636\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\GroupSet\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_7cfab61cbab23e11\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/3188-2-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-3270-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-5033-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-5030-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-9481-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-10890-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-11003-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-11308-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-11309-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral2/memory/3188-11314-0x0000000000400000-0x0000000000415000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-20.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-400.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1851_24x24x32.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-200.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\PaintWideTile.scale-100.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\license.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-125.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageMedTile.scale-125_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\Mozilla Firefox\browser\VisualElements\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-200.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-125.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected] c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-125.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-200_contrast-black.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-250.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-200.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-150.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-lightunplated.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated_contrast-black.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-100.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_contrast-black.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nl-nl\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\System\msadc\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-32_altform-unplated_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up-pressed.gif c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-36_altform-unplated.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-white_scale-150.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_buttonconverter.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_867fd4c490f3784f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_urssynopsys.inf_31bf3856ad364e35_10.0.19041.1_none_c25c085f7763a4cf\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ureengine.resources_31bf3856ad364e35_10.0.19041.1_it-it_44e2d3f797c55ac0\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_swenum.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_800f9bd43fe53628\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..n-comrepl.resources_31bf3856ad364e35_10.0.19041.1_en-us_305e90ab79aa3c78\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..panel-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_9fe3357d8beb3b9d\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..urepicker.resources_31bf3856ad364e35_10.0.19041.1_de-de_187dcc1239ab96f3\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-netbios-netapi_31bf3856ad364e35_10.0.19041.1_none_8e501828f05c3499\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_microsoft.powershel..orkflow.servicecore_31bf3856ad364e35_10.0.19041.1_none_e687754c4c9c3d83\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.19041.1_none_ceba36fd1b479c4c\AppListIcon.targetsize-80_altform-unplated.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1023_fr-ca_71dda8005d38b726\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-runonce.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fa4521d275253fb6\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.746_none_8c45e6e8b672ffff\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-d..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_56221b517ac0f8b0\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netpacer.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_6563b68864d1a48d\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-f..yphanimator-library_31bf3856ad364e35_10.0.19041.746_none_04fb96c793ec61da\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_de-de_c559abb4507d22b8\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\XsdBuildTask.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.contrast-black_scale-150.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_10.0.19041.1202_none_cc46843e404eb749\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\Fonts\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.transacti..ridge.dtc.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_b957513fbc56751a\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.19041.746_none_a89196e695076787\@AdvancedKeySettingsNotification.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ttingsextensibility_31bf3856ad364e35_10.0.19041.746_none_06e2dddebda5c3ad\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_10.0.19041.1202_none_de8b08e5f31655d7\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\NetworkStatus-Error.png c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-offlineregistry_31bf3856ad364e35_10.0.19041.1202_none_f6cf6090531738d1\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.546_none_1e9fba3daf5ad632\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0007_31bf3856ad364e35_10.0.19041.1_none_a3e90f4f4fc05fd7\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\scoobe\js\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-aero_ss_31bf3856ad364e35_10.0.19041.1_none_c20963e9df445dcf\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_10.0.19041.1_es-es_117eedfc8292c125\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.264_none_f62481abb9c79874\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.1_none_83157d6cc9e85e84\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.19041.746_none_b3df5aa8d99e9b89\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_10.0.19041.1023_none_a381359b51d29b19\f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.153_none_4b81b20e830f375b\f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-imageres_31bf3856ad364e35_10.0.19041.1_none_92aeb0b697438cb2\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\Media\Windows Navigation Start.wav c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_system.servicemodel.activation.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_c584bf3c54771be1\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-security-pku2u_31bf3856ad364e35_10.0.19041.1266_none_fd8a521e8809d8ec\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-sendmail.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_523b4df349069c27\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_hidbth.inf_31bf3856ad364e35_10.0.19041.423_none_226d067426a3a65c\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_el-gr_33ef81ae7043d81e\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00080c00_31bf3856ad364e35_10.0.19041.1_none_b5e2d87e983ccc3f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.19041.1151_none_aa086da848b2c07b\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_iastorv.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_2b8fd220eb863bc7\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..nt-client.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b2cc5d8f1b6b020d\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_smdiagnostics.resources_b77a5c561934e089_4.0.15805.0_es-es_d0121f246da0cedb\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_he-il_0be8f8db96d74140\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-windowscodecext_31bf3856ad364e35_10.0.19041.1_none_53d784428c63c2d8\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\apppatch\de-DE\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1202_en-us_d882497830128342\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-beepsys_31bf3856ad364e35_10.0.19041.1_none_7a11aed6a6faced6\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_48cfae7285d424e6\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-xbox-authmanager-component_31bf3856ad364e35_10.0.19041.84_none_4149bab988d0c5f7\f\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_fdwsd_31bf3856ad364e35_10.0.19041.746_none_5ba1ce4020f51d5a\r\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-n..tprov-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_cc2ac6acf8233add\HOW TO DECRYPT FILES.txt c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\KbdSwipeGesture.wav c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\DefaultIcon c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\shell c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\shell\open c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZFHYSOJPQQFOIHX" c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\ = "CRYPTED!" c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KR9SpeDJd0PU1OJ.exe" c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KR9SpeDJd0PU1OJ.exe,0" c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZFHYSOJPQQFOIHX\shell\open\command c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c86e6c9a14e2c11428dea7f72805d999_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3188
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD53a718360aa124d817167789a3c2d9017
SHA1f201309b114f77da2fd1440741927920c65c5390
SHA256f83ca6b0ab223df6b8ebcf04cbd84301233d2dfa86350aa86596f7a836c96722
SHA51272d097a4183f47d455dba2d2b063e59b0e3408a03e13e042ff0cbc605fd6e838cc85a529481833f13e870faa0462657c6a9374a29ef1a1d529022ac3a6b61c57
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5a51758bd3fbe2f443413d215ae4205f2
SHA1572363eeb0706510fc314c16401e96267db08043
SHA25614a303d9ea20fbd270ed0ac077dda3211087304e71b8b504cd987319004a95bf
SHA51221185ca345fb2066187138e95fcaff0eb0dd9f038e9d4b73647f31e63f375d456cad471d6423066151e57afd55ecfdfe833324cbda71cd409ebae1b4a139ab34
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD57f75a7af544575aca5fed66b3f21d28e
SHA11627f0e6b40753bf99cf5933c957786a05fefa14
SHA2560bb7cde64b3c5b471bc37dcf83a110c17c8f3be9f9979eca5a57b99940409bf5
SHA512ff5e4561eb5e17b50d60ac7efa007a615c1bc623c7b00c1b6cbb3b570d6997ead167e51039c7bdfe27bf1a178fc8f178482d5dd324d7da73faec2bb11da5c2ee
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD59bba92a294419b56ccbac2650f66cce0
SHA118286c2d5bfc5c70bcb9ba9c068ed4a880afdb39
SHA256963b45378e7d0df09ef40cfe14e852cf549b6c4a01d97a729bcc30f120c1e127
SHA5128b0d9317b2ab97f12726a332a76305f1dce5d0ece2ad673287dc4c39847eb12094336cefdb68b56f03dbaa2f7a0e9e534fb80961c68d880f602a61cad73f12cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5edc32ea95643ed79ad647c62ccae5e3e
SHA11c599e36a17d0ce314a1c7eea9bb4d0a42226b25
SHA256fd65da1a346a6dcfd21094ba1019ebcaf5204fd182d4a0484ac49611dac46a3b
SHA512f64d06d3b0990c045f49c228966fc46c973c8262a8375599a9a4abb7a54729b39492210e3fbbcd4d9cbdffed6958cb697268bb9d1d5d6bad7073a17eb784b449
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD5b3e34f68e4c9d7166c2bf58629d560cf
SHA16ee68b8cd167e03e49daad0f93262106ca0252fe
SHA25625f1629fc9ba8c4346250a6abe086e637a1cbd4bdab5ff5529c2c2df48088939
SHA5127fe0f0f133baad3ebfd402430e8a82c2161fd7075029f15787d3aa3ee6bc85292458837726cb4bfdd14a06a03118869b532b14a8549db2034a5209fa7e8e73d3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5e4dbbf5674a5b4c51fc1538276d8d8cc
SHA1d53d5fdac1559a92d32f28d1b396668a648a046d
SHA2561dfecacc69cf54068c5252b2fb30f7a2091937adc33e9b6b6c0d61fe45c53246
SHA512e488fef8338616b3d4d0cc59e185f01e16b7d96accf291377ba6e6636433de23ca4323305d081b14cce628ec01f2c7748e1c0d1980ff4a0e2a1bb03977fc1ee9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD55c531fc3329496b089463204f3d87c3b
SHA1d49c2b4b7ce0c8aee0b435bb1334dd426974f2af
SHA256584a0c7398b670fed9397665b1f97fb7ba32d619ede861265a925858c2e9b95d
SHA512b9fcb9c8cb20f25d53f713d3f53a5e547ce1fd60a78e2fa054dcd47f75d46fd06422bcdfe0481e80b00440da5d43a47143375472920ae74626bfa782f1ee03ad
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5f4aceece5a9d4d71844871041963d164
SHA16bb83ecaa84aefaf45b712221aed6489b487a291
SHA2563e3b9ca10ee702997d0542608b85203b4083fa422a9a4efa78cf2ffba727d4c6
SHA5120ce191788dd9056bb82fd95a03b5e460f05fb5fa4101f0740664d5ad49f803b33526abda9c63c69ebecea0f17ad28617922eec71947d7aa8d1abd3dd3c2c05ea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD5a3b39e5cddc4954c36f3b5363ce48b70
SHA102c87739748b8b57801747f9859b5cd9191f9310
SHA256c02c5e674ce123dd8bd6007086d639306ad3974beda69fcd664c4839062e3211
SHA51224cad9e02a37451c0bfe0b4e9fe63096e3cd9178a3692491905f805211778a061cb79a692971c1f440b8901690a2ac4e55dc63e08109530439a0219a9b61bd1d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD55c42189389e7baa2cd0f6009fdf78452
SHA12d179f0b7f92bf335d19d3a3a6485a5d05063cce
SHA25686ec951917cac23dcf8fa5d73cfb5719d40924fa03fc9244547d440cac74c02c
SHA5121581c822a1464fd7575316385c495d1202b6e9090b0b134f1c9386416dd07ad32b177a501afa4f875c1c661c4cccaefb0883df28491ba002bd76bc895bdc8683
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD5ad146274037d8776742d90b9c1951c10
SHA1c85e8098e908f13c4b4640e889672cadbb08d7b2
SHA256c77af11c29e9e406ce167e5722c3b3d95c322cdfb08ce6e6a0479effbca22102
SHA512ba60d40e436205796dc893d9b66d71f4b864fbbe77a9ea99d748076a30152d3da66e22a8ca48c585d76f26a1868a8cbd47d7bb34361d9a9c140161416d1a1b37
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD5d584eb63a41643786661d89760116fab
SHA1dfbb96f41d31ae96d70c2dbec07758e7bb87e804
SHA256e3c65e6aa2bcbc50201b2f74648d705cb4f5843f4304c57a15bc3ed1fb8f79d7
SHA51294aa8c4d348570a93e2650810ca0fff8e7e92a80ca80ae9b3c1993404e4d383759b32b297b150121aa480828b4ef838cb95ac34e47d2e890a5742ac8bd269682
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5905a7a2c91930242b6e16a42d705a5a6
SHA196c965ab2bd80b61a22f050ff4a01038cc2ec381
SHA256745525cb77ae0fa8eb892ec193da3d8848b2659a17336c100041bc3b62e8e8b0
SHA5125568de170fd9399b85284afd4fda5b1fc7f56543c8b8ed3e97a9454f2dca91fdb40f5247c9f337cf0d2050ea7ab75cf1639574b1ca8b234d41c850178f181d0f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5836f2a7833f28d148f5d357c2d68797e
SHA103e4ebeebefcd566e13b618879c2948855996f60
SHA256ad0b7ab839586ca4e7031f4ac560a4ccf1c31c18a913db7932aa9ad9a6646f82
SHA5124260f5871baf9e96dfd880ef021234acf5bbe99a99ab8e4554b23cdbd4130ff2e90362db624270a9bd2953a5ef8657b1f76ec077ee12e3ba960f650b41777cf1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5e67f382bd788938b4b01c49a70889bad
SHA1c1cd1c14c8e9e79eb13ac81a5a784f096417ccac
SHA256a55f095e0a69777a7b936ccb14a4989499cd307b61e53d59cc6072012d39902c
SHA5121158efea64bc64bc152322145be2fa1b287e6d7af44a234f4caee0a1b450caaf28542cb47f53c8f9161a34f068fb0d2ff41020df76d548444c65bc73a3a614cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5a567d6f07e8083f7faf32198b45b01a9
SHA1464941de0880009386ca1b5a40ad3bd2b8267191
SHA25630af0914a1d240ec206e1df81e90b76aeed19ba5d240d0295b056533d5ccf332
SHA512bb0c424fb629f63c169b5af94a80de0f39cf04ecf1679e9c153201351a04212e440348ad9aac8c4b135770f066225c76c013d61de89c817b8f36b622d282c490
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD52cad697d7fca5c4e86c41c430c514001
SHA15c1c793fc405ba5b4d9322a363a5c2241f09709c
SHA2569f3a8c3dcfeb55c9c269d0b9647e170b14b792982eed95dabc7876e97b49d2a9
SHA512741847894da804dc0d83e8d3f91432a7c5dd2a591f59621b7894da7e6a0fa9dabab5377a6712448bb44f72646998c287f33cf6a23011d3a19eb0319378a5de86
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5ecbedaf0da163bc6a70c742182d22911
SHA10e8fcc57b09685e9e6d00ede06faac912dab98d1
SHA256eecae9f9dccef550a3a94935f3c9207d4cc3b8dd9a335fc7654d5e6fc45d4622
SHA5129f8f4ce7847501333f96b2022dfebad30e1f805b8782743ff2fb4346c5bcf50ff77d931efa4d01777bccbe5f010e56f29e5002ff0e14d5ab012251767ed2a829
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD5bf843af8b141f5bdfdaaa3ffe83117c3
SHA16962dbefbc9cb471502eb9ed421bf2ea24c02496
SHA256e0292ff8f48809b12466e088f73b96657738e41d4d8f2fd5df47929bc52f76f9
SHA512c61b2e622f8781693957833ff93683b4ab77e4c6f0961997b5754af57bc63e7ca129fb24bce1f6e7d00c1837c2f2e2b96a365351f0a108aa4a6608315b55e6d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5215e1ec2a576cdb5d870713799da8121
SHA15a35040e580dee3c9e4495312682b765bebd26a2
SHA256c0b8764113f6d0efb9913553c40605d25eecb12ea875724159252c43ab021c5a
SHA51295d793c98f5a9b4fbea278846a9831cd0bf9a3268df09a632ff3e38a51222ea7fa1f49ae9b1bd51f791e52fcd686ece34e5e2e2a177268034f5b7744585be4a1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD58a4614686d9cab62897e81c54e6c58c9
SHA1b0689af253705cccb2bac283053db2d92049594c
SHA256922786b2df2ba2130bea26889a6b412d1f97e64b909c4549a529330c293884f3
SHA5129fa6cf493aad26593a95cf7d33bd75984f8655f05afc4e78de5bc606e67682a7f2d5177faa823b21ec7af7434a89951717a7e025f99781d7f83295a3ef59d19d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD51b3669615627a742b551c991b9c18078
SHA130eb6ba2598ce68684917c59f60026ffa290e03b
SHA25657416f883755891a94db2cc2cd4f5257414c1981f65430fcdd49456568ef8976
SHA512a18dc2afa98bbc6dda953581adebccca6f3dbb79d0246ec083cfa3a5beec787ddae3340a806025b3a4e754a3c729cb86eb3bae72d421995adc915b76ccd3f498
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD52959f20bc2689a2820e2b30f83f85b9f
SHA124b089358c4f8c95b5ec59405e16a26d9f6ec615
SHA256d0002360675177b518c8dfa92a290570028775d557ef3733fb0a1316c5ed5668
SHA51259ae06ecec15c01bb7972abd6957156be9c12fab3324f7205b11395b4d2a088bd055cfafc4b66cdd391b19a7a7bbb575150e2ffb9c69e8652306ab14da637746
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD5be5fd83c43aedd12e5a5bf839d461f8d
SHA1c0f89ae0658f8060b6e8b6958050cbd51c8f6ca8
SHA256ad0e0888002e591e66187f5c2009f0150d88383d8e04c01a66cb71aecfb6858c
SHA512cc6f3b4c424404bfc11ba1c8eb555559e78b0d425994d5878e1e91c8075fa2aee07a62cd08d04baf01e0bd44e51c6432bf1ec8e3a6e22b45a09d84fb6428cb45
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD552167f042146d6b50ea6f04aa2643ad6
SHA15f58abc50c0d75c3c7641783ff330ea3724367bf
SHA256f626e52083b241b87a89ff5cea929b91cf5dd5bbb4921f73b00bca087e1389d5
SHA512b6116d564ad2dcffdb934d81eca3ce3de2900e6e83e2c62d702b1938e32845a41106d17a78783fa175dba642d746b46c0ac9d6af69d441ef61fa2065be690119
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD54694ac8cc4ddb054fcd53a6ce3381693
SHA157e8f77ed6e43110027d84208300b0c4c15ab13b
SHA25635dfa4cdc2caa44016f4c29a4806978cc2f2429b4b9d51eb4e991121448ebbef
SHA512e93fe26c8be79fedebadd392f333d86d24b5ec084b142d7b01bb155158ced12f6272bf373f9b9aeee5e0b7ac2661d8baee1838d63fa9ab077331f4dba41a6e69
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD57be8656a5c43d8a640bac80078dc72b7
SHA1728258afb44a50dad653f3021f69c36db42698a4
SHA25619b9b7bf1406cb6c2e48bbb4627cff5e5a234ddcf710694f3dcfd78d54c67f83
SHA51286f0b5c60b95d823f64f4e3885acb5e26d81ab677a7c3485d48daeae9dc4b284f91a13ed882bff9c4c4a14be5ed42f30db2c4730ba24e2e0035b2efbcd661414
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD52afb2c0225ddb2e8a3695d78b9e28004
SHA12a918b74d77670202f0c6247d2f901c99b43f6d7
SHA256791efc131899e3bcf22c38294bc8f09c19d0476dc0ffc27625b11beff8445097
SHA512444c0f98291ad473fd6535c71120e2ab1ddc754bf1d250087bcaed9362c186c595b793a4df40eccbba1902b5c8ba00ed32fd5b45bccb534ce1f6aaca3e9c80e0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD5a60dd97a527e3a8c4be5ec0690aebd3d
SHA137b6a31bbc7f7f07888171ac2922022027702291
SHA2569ad6ae1ccfe8c285491eabf1209123da76d80ef82a29c08cec75ae04ae566811
SHA512d775b90cfeb86b1adf3b225001b2605e3ee37e0257aa21f398415277a743d7eb1afde72d0e6beb4d5dde872a7b2fa9c65d18065118975fc8b8c20853e2c64b03
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD5292480cd0e56515f21e7e369ce1c1042
SHA12eefffdc0a1340771cc75c6a4bdc574f1c4f0f43
SHA25623922e8066a51dbe440dbc3217c7d433b3c0d2a0af65ecfc2f7bb60ec659ed2b
SHA512300e24bcc59ba28ce2d6e67a6d4161bfc9813cc6a1cb2f45cf218503bb66eaf4541e11fec17a04c6db09380b3c95f04d455ad2fcc24d9d0d83cda34b643150be
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD55e4d4fc59b228c708ea9e6daaad02074
SHA13c08b15ad94a2abae99dbde99cfb1bbb46723447
SHA256cb5e691d9e7e1ede1f5dd356d48733dad8c2ce271d5b519f1b943725fc6770ac
SHA512b0f5813432e6e1e78848b44f19233a18c616d0803ab382332518098f663b7684d2d98ade906e3bccfdce70e1829a7b0e7a5a62659ec9bf41ec9ce7db989e15b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD51309fd54dddc8d74892819561f4de1f4
SHA1a0066454cd22f372dc54802900b9310ec5e4c5a0
SHA256cf0f815579afdeb8b04b26a100cd0bcea9f829629eba3f6721b80dde332ecf5b
SHA512d7fe16b7ce6cd399f6fc33be1aee11f349f81646e9c0841bf319a18533f4613ef098b2f36333d6e4cc7c432d359472c313b58472449c8ef7b8d4f218210f9816
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD533ea3a9c5cda5cca6935d5fd0c7fec47
SHA1a1e0a7b81ebed9cb95f9db92699d0e0f8a305306
SHA256ef20bac0f4e2a930fff258f63cfcc22bc9feab07d65f9c0d68028a648c448f3b
SHA5121aecad7b52daefde39c167e156f0ea1098ca61042662b102fc11654a79aa344a675d7a40e1f8314d57b748a9950d74fb91eb4ecf3569f998a3f7b20233697a6b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD579ce5ec89b3e7ad00f9b3d62f23dc2f2
SHA106cd3c73bc5b0ff9d49d2114b50a87718ed9e681
SHA25658c6e703b721a716cafdc7c9bd30570b875d1e6aea7c87299c8096dc30d94559
SHA512fedf543eba2bfb64607aad65adbecc8ed8df3c0f3b18ded112aae9e8156b3cce99ffc214152f82ac5ec8a76e7af8eb9dfb49c1d9baa5530f557868f44637147e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD545d02a461cedabe2aabe2175fea758f0
SHA1e0c73ae2644cb9005febf5ddb4ee2aa6dbcef581
SHA25674e659c6c57d829b8e4e16852849acfd2b2012de47a239af82c665ddf70a050f
SHA512a71cc3f945d0b39d378ddaddb3a15ea43ebe097d799ba9394ee992a75d8f0aad9d0051ed962fd4d47c0946a9f2604d6008a42b31697d54add8f563a97e0c76f0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5ba5c9dc5d99d3532695816af08efa19f
SHA1070f63b337cf3889d6e6bbc9e13be8220c528e32
SHA256869555d6acf195ac6522c6bd4cfa6a2308c851e455acb5bb7dff9b25508c14d0
SHA512c6b2b783098e4e76dee44e3d150b38d7a9e8b5814a762f8576b03ce6f6331ca412236c1b1295ea9821c052e24f20278cb2f21b0d2e413fd1840f5a93669e42a1
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD5eb99879cea006c5cee17506d0cf8f28c
SHA15cc32a84ca823019326b30b2c81ae146a7304fd8
SHA256346ec7dff4f84b0ae0cc44e43249ce85f9924d26c97de61e9eb06f8830d1af09
SHA51292b3dee2af5f8318abaee288fe75c2780de06dbb9d553a80dc85dd2f8e103c189def735a51964da3665d4c9bc7ceae9ca021a1930e37c59c49cb7f8b38a25f9b
-
Filesize
583B
MD5403bfaaa91c60738361399702b9945d6
SHA18193fd7d9062be23d726f36e7a6cc3a9f6128c4e
SHA25602b79fe6ced690038ae030729b1865a36aa1bebd9bd4fe16ac1c2268417d6a47
SHA51254ebba8b7304fc95a44762f34da41adc68a2630bc1a9ff2a6cef75edfbf459bc38ccb1ed479070311efdb3a0f8c1f9070d397783f5eb44287143105236f80354
-
Filesize
153B
MD5e8f701444779a65edee6b7ce59ff8fe2
SHA1341ff8f54f6a77e4819231391fafe62a004c6c28
SHA2561c70e6c83e51c816da5fb4ca51d050ae6f5d7c6eb6c111fbb0c3d84389319f5c
SHA51246de3084ec5a94652e3837eb17b17ede1d141c4c98529d0481cb8c817fb0581f7a7993b662f4b661812d948b52c8711f65b9b76ba54e2650ab5d08980ad6b60c
-
Filesize
190B
MD55f065944f28e5d7cad68f13670c8debe
SHA199b225c579612211a108e0fba34e88aa3c97165d
SHA2562df170be8e163ba2c5a6021b63a3c6074337b7209306e8014373c5d3702e2679
SHA5127eafd04978744cbb16175b20bd0838403e77ffea5821c1392ef9e845f5735dc1d9779307968db595ce5a79df4e6bd91b8783ef2557b0dce8bd81bfae1ab7b842
-
Filesize
190B
MD5a19f085fade9a84b76784221f6ad65d4
SHA1015f5edc392f9303f2c0890210551a5a553ff0f8
SHA256e404a6d97497f7c5d822b0f2ad0b7c2a330364feec6aaedfe7db5b65ddbf64fd
SHA5120e598b1129473f98e18efdf447e8aade9bae9abf4f99fab5d3373e2fb7441036fb8b0d56a62fe383a2b2321589a8f29b8e7266e5367b354f6021b29ef9583c26
-
Filesize
1KB
MD575799047f2b240ea139f0d2a8b96dee0
SHA1ce6f6f6b4c9fb234250d5e25f331d6794d4d181c
SHA25647793e9540bc7f191e82ca55d3b073f3302dc6d2e503bdb2eacf7a73a6ac404f
SHA512fcec62dae7dac5a0a364603ace1a61db528475dcb98c232850825c579e14ff64adc20dc59f429933d18bd5693e45c27f10c7c1677400125cea16dbd66cb8a279
-
Filesize
31KB
MD57bd76c72aae3ef3c1ec60baf11ca4313
SHA184fb31251c3869a19308016c547397d8b44266d4
SHA256bf5d86be6098290769c6594897df55dee8a1e3483596649c6d5cc9dc5e2718ea
SHA5127a18567dc7f406b63d3c65f84f6ab88ad3bac68a1ac7953e324bedd41ff63337f2ec31bad9708af25baac98fcad894c2268ac263673153d674db283209adc49e
-
Filesize
34KB
MD5305e1b21c3f6462a5d3f85bc7fbdfaf5
SHA135de8cf5273503e14cdb8a199f69c2b97cd1f1a1
SHA256445d91fd67790214c71b4cfdb2a3d16f8a80335b1ad4e53402f654d5c687c7a1
SHA512043b2564b628652e7a21ebc7bea46e14d2f471d093094ba069098b48342c64e10027a22c3ac54f3e619bfdfc2a53ddfe9eb8e07b1ff83b5f704428bda3a27f1d
-
Filesize
23KB
MD5732e6af0cb437eec75554dc145b5296d
SHA166f8b88acb87f55b6d3c0c440b1e3d91d3624824
SHA256a21942bc40308a63b9d3cc3746f494ff9f7127994135db54be811fba6610bdc8
SHA512c2def596d67ea49407bc18171eaee707fd9118ac8e1dea05a7fb9b1bfd372faffb708f464ca409b773ffbb5dbcf7f98b9e74d39df14666b99d1ddf503736c032
-
Filesize
2KB
MD58ff9193dcd7f5868068b724b42ddabc1
SHA13c7a6e42d8a6d4d92b05280444db11f04f5e37de
SHA25636e19547f4258a161932eef4f129731d993c635f47803c5fe563dfff91fb7f23
SHA5125076c3e8451babf750182d753a61122fe52f136d5e180fda30bf8ddc65c0873ed92da0f3ac549ab0091990b04656b0edea88aaea1b25ba12c5e10d7e2c2b7db8
-
Filesize
1KB
MD5028b97f399417beec6d1bde73c823dd2
SHA117785d68e7e6c31a1298cc2d1665afa6f208f319
SHA256eec2ff8410b7e00be6aba55571651e0d087877ca8d754861ba591c434078e1f4
SHA51254b1508ee123474426fb720df45b5fe18ded77439f822b8c4bad8a621ee54483ff86ff985c19ae91cc244cec4832ccffd2ea5bc68de1ffd76cf6082d5cbc3ce5
-
Filesize
3KB
MD58cd1c98f30e41b232ef4dd8b791c91a4
SHA12c5fd44bc02946c7612e3332574b0f6c5424b15a
SHA2560b645ce19ce9feb235b629c6f37aecccb9a4fadba2dfe2dedca2be9fcd4e1a05
SHA512fa1bd80093e14cacfa581c0e43d9b8d0958351aadafabfd105338a0b90d7fd9fc3c607f29896455212804127bfe4f88320fffa84b649855443fc7e5c8215b1bc
-
Filesize
2KB
MD52730df6796f99adfcbb45f40d4116530
SHA119d58dd25ad1fb4d5175eaa168d9b189564579fa
SHA256eafd37a76a04bb2182c729c949709357319585e3fab685fadb90d4ce4f73a51a
SHA512c4c437ca943b3167aebf2918fd0a67eb1e86cc90dffd8191b89c81a4ed0ded8b03cd8f0e8686c6e1f75c1dd9dcab64a39071b8653bc5b6546660cb73711e38ea
-
Filesize
5KB
MD5a8fe455c94ec8c1742b2da4d63f35032
SHA1b959933c1a42c1fc241b4afd370baf655b9a9381
SHA25655abda0cdfbe85cd3c554b3079569f06e4725f24dadd28fdb95eabbf8c8c49d1
SHA51214234e0254e4a48c94ce58afbaaf3c2cb89240056147fb0859b531f466255711b1e4d5b8648634da9301e0060b16ab3ba38c777c83d78b60307a31b641595a54
-
Filesize
17KB
MD5ad5c6c9545485caf7c5703b142ef324c
SHA1d68f94d814e507b6dcdb77f5743fef36f671fd76
SHA2562a5b7a46725a8f8ab159ff2a527dd31cde8c6bebb411e65d9d9ebb8f5798c3ca
SHA512088d3c022ee9fd94e3103542cc4fc6372092a0de660091a247729e42d62420fd44795bbd67dfca0c1f9b3334c0a76274ca8d44c044584cc7f5121d0694ace3f4
-
Filesize
320KB
MD5a15a8187b756fb96259e26d91ad007b7
SHA184f816d766eb42efdf3272d1e0e38a4b2740891d
SHA2562a1e34ad7cecaca326f9a32d95e45952cf4c2fb61c42444bb4069e5a4ac3a18b
SHA51256c6f85a9aa7654d75cc6ec28ccfb28955815cdffc9f46fe11b098dbb832f41df42f407e93d13c09afe4d5d6c5716da7374467740e054be9e36165d339652de5
-
Filesize
1KB
MD5485b1ef35ada8f49040446df03015351
SHA141737a7aa8b1739ad3405b5d4d3eb465dee01f81
SHA25623b389ce0a80d0f75ad8d3f4550c52bba17aa2680a2566e7535e21c8dcadf32c
SHA51248fd4695ebc37b89bce92674af3f07f44123331410ae1f0076dfdc9035eba8c3836e5d150e44bcf0188ae13443e387a4ac4864fb24cad44804a1a3dec3629414
-
Filesize
10KB
MD53d792484019fa8394bb09a0730782cad
SHA100bd3a03dfcd189528c8d7c68c2cb632224247f1
SHA256a2dda025fe9ee9cbdc16115fff0a583954ef95f875b7f37323aa63b5490dcc02
SHA512014dabd6d31c888714f1acad80b4815876866ea3ac04bbfe01317c1b682cc54eac69fe97eb7c32278e79b66e5d5b98349dc7e044e01711ebe907502cdbf63a26
-
Filesize
3KB
MD5be9be5866e08889a4fc167310217f01d
SHA1a4b5d89f209e6505e8fedca898cffbe448679c8f
SHA256b9f377b6e495f32b58c38517e54a79995642143a69ab02987daee4eb833135d1
SHA512481581b0044f22247516ce6227c363e7eea93fd12b48c47169b37bdaee8f9df2f6872c9928a0bb232c7951db24dd5aedc6cc54aa6b1802cd1e1ce85a585719f7
-
Filesize
162B
MD5be12b9cf1026b0dcbfc7990924c3c0c1
SHA1aeab4b75c83f93e32422ac9334214aa15a6f1b59
SHA25663afab114a1820a90bca0abeb1476f1a9d4769830cbe376d1fd0f1e74db50be7
SHA512f1d41f7482e70c4035f405cf2b0cd77cf41a777590da5355a2c96e77d49d21b17c1aa10958945b3cd65444607b6b5b662b49d0927f94610d234d1920d3af4438
-
Filesize
1KB
MD5cecff0ed52c7817a4c88df85f09d6e76
SHA1a928b2208532e2bf1d5dd6e21cd5f6fc75099fb0
SHA256ba6b50651bbe6e9f07034fd9f77a520fded7265deacba8f484f0e5203cdbcc8e
SHA5126bef6a93588325ba1d50cae53cb7c04f2fd9b248b2eb91066300aac85232b3398cb7d4e85566f77216dabd6c515717ea1278b71c6a07f1435fba1af9a5278db0
-
Filesize
3KB
MD53b30d938f595eeebef707e9439f87c93
SHA1c3e16e36af75c859b8ecd3ed54278214b7192385
SHA256582312a4eb908eaf1d86a080153144e52f1e592fd47a48bf9e3da62840695127
SHA512ca1b97c085a679fe7959a26c54249514b42c96650495b67c33fadca95cd49d4793b47269286c3b42ab52eadff984329f99ffcf7192cc782c669afb4be4e9197a
-
Filesize
1KB
MD55f93befb7f63307a493d3469ab77c8be
SHA1c3d9b09a4223184285412b1a5dac444b48edf610
SHA256b11cd36221090cb5ae5c96df45a1ba793be570476f0905bd6061c1efd0da0e64
SHA51262d361875e4d41197726f3092fe9f7853426397316874044d88e49827c163c167d1ab148addaf3336f810a8988ded0d670b5f801e5a6d99aa8042f21101b37e6
-
Filesize
28KB
MD5c17abd5c11fa079da58ba1c15f0dfb75
SHA1bcdd6ac04e770d81765067caa56a2d8ab86197b0
SHA25662fce0e45fc3de60ae19ee5f7b8bc8fcae88efd8881cee74d44c30eda54f357f
SHA512e8a77e6b5da058e1779ac2832b0a0f9c2e868b37454d28395d1c8a2ca2e2286abce67d9b76d82954c0b10bc11de28ce725018380840c6a01ebd498acbeb6694a
-
Filesize
2KB
MD58a0c69340061afaf567b5a81c105bbac
SHA12873c72c5144ccbea3a9b5185a04f3159deb75cc
SHA2565e78fa4061934cebadaa2dc402eda24d9d3c5b7ce3fe8650491b9b952f81113a
SHA5129a622a6afca4d8c4c2d6664c609b012ae449ca60336f5fd18f04137e7d7198767cc2ef79349796f63b1eea7415494d1db84f31b72f4f2559459aeefebcd9ce29
-
Filesize
1KB
MD5bf03f00e1e06bd4ccdc49808bd4ab57b
SHA10c8f6eb371cd547e9ea62e0d24cf33565f99b9bd
SHA256636bd93e5de3bdf38499d283b8e2fff6d282a5003de15b39927ed7939683f538
SHA51246e3cb9c5d58ab3e2cdbed080c3fa108f51f34960f26683fd6cd664835b60a52f3639fc7cd91d672610d462d5368e643c7d21618e323988fa066857202ec098b
-
Filesize
2KB
MD5793971833f1ba6266f4b54dfc6c990d3
SHA12518dab0b8e6cdc849b08833280edad825faab3a
SHA256c39296abb1688692434983a77a753ab51a9e79e0a9f80018752bc594edf492df
SHA51228367e022da99f401ae728d5f36a62b5c83188c375cd11913858444e49430d8d838f9fb12d4cf2acae9c4eb1b00c7d5999da1a79b7fb67345a9e5fb46af6b897
-
Filesize
1KB
MD57188876b08b980e4dda19b13c413e409
SHA1713dda1c97ecb2317fd52b8751e9781ff60a8eee
SHA2569ffe9c4a74ab4b3f0655279d02814c9140176e65f75065f6d06f1cbee0b631dc
SHA512fadfba92f552c7c8108703880fb6bdffd741ad5c350bd1f7494226e748e4fa962bbd9059ea687d42aecb2f7ca227f8d8a3f19b77a084b6a9eeef2cb6a66857da
-
Filesize
1KB
MD589e64aeb0055040494bafd54bf3e14c7
SHA1f67cadb3c06fac0b50c40c8640710ccd6d92bead
SHA25632c505a3d3be2021a6e8d913653059070a39da1f2bfa4e8c14d2cf4996ea45e8
SHA5127c911d40790bf7c140516a4fe2a1d65b4af514b1108a583b47bcbaf28ab5e860700b4ebf369c4f5ac12ef3d2c474aa3425389709329c208a8958f8906bd5cc7b
-
Filesize
1KB
MD51e0deb0aa8c2505ae3ed8842a0cfe699
SHA1deb8dfc44217d2f5a0fa39425c64a7dc3537fc38
SHA256c6b384cf125bea4da141ee5c988be3e33d2184aef2075ec069dfaddb8c5305d9
SHA51234cec5e8dc808a479e5cfd3a98bd6a3d80cf7b542002eaba5cc9050188cd218d8ed67b5f3fdaa9ccf4bc8e859a225ba7d68dd419a228034991366ec78e73a882
-
Filesize
3KB
MD5e688ad1408277b15bc3d2c8da89ec72f
SHA1f2e7d3b1b2a3a532c78f3897a28b873d657a4d5e
SHA256d59a9fe5e18996f047897c743f31ad2f4bf8532c9f01866a1dd94950fe2dc86f
SHA512357810dbc1507727cff7f121b5f5eaad920b7d83aae2c4e9e18e5316b08c78ee4c9141c09218de888682c71fec1dfa73c98ff13731faf78d64244865d20c6089
-
Filesize
2KB
MD5eeebc8cad013cde129a07fa8b298fd28
SHA1956937430e998db4d695e7d4b4d1d38227a91034
SHA256fd2e543054eb77805892bd5791fcf5cc3769a3269eb43b001bf71d2e462174c9
SHA51267079781404424c7cda96d437d970c6759c066d7bd28046cb5a65c7da0abbfeb711620f465488565666f4c98c8479d118a869d2d99e5025225eb0e47f081eb0f
-
Filesize
6KB
MD54e1c06274c9adaf082e873b0a90d9c31
SHA118253356b9e852fc168f146397fd0964ae5c1946
SHA256ee03c527d3503e1c86f24caef897c52663d79960be1c539da2391c8216a3b034
SHA512bbaebee37cd172754e5efa7f3202b93424b276ef97e8790e99caa0da8167b76f5c4df3172b294ef25619a5ce936e6aabd90c294e274ba2247580a39ba454cdc0
-
Filesize
5KB
MD5673c472e31e13c04eb3cd167aceeeb17
SHA158d1124ee823ece6ad2ecc6541deff8e0302174e
SHA2563389216190adaea500585633ab542843fe9107e8fc1765a1d6aa140fa12066e3
SHA512383f8d9e2a1787bb1ae04648eecdac099e5cee93bd828958c0283c31ed16e99cd09050cfbb9d90d5ecb89f7436d6c63989b7cc2f2e3e12a8cb2100bda30d7bf2
-
Filesize
3KB
MD5363ec065a53cc90b530ed602cc636bb0
SHA1d5204bfc1f687c7ad553f27e739c862f14d08314
SHA2562c18c4de28756b14e738feb63ee5ba329fb76355e0b84a507c18ffeb0ec46e4c
SHA5122d800b10b2e97f80464ab8c14621c14ee7fd408fab02cfcfbc9669e14acc3ecb61714998450eeebb9fb28781ecd4531782b8711133060ea600ec658234f80646
-
Filesize
2KB
MD50ce1991e9aadc3e8b14a14253dac4599
SHA129f85a6491aff16728b2667031ef0912fe06e8dd
SHA2568de3a2ad2f9ce8133286301213f9e56c29b6060e2aeb5ffab117beee8f8115e5
SHA5127a2fa807013ca37829d59f89481fdfc3ed635f8ec84ff114957ae857084c2e0db4e8a5a55e4688fe90d97c6b9c4d24b9780eccc51d7b5a2d23f85b1d7658ac92
-
Filesize
2KB
MD53f0c0cfca1cae3561124a86c88d2a07a
SHA19664418ad07d226051b530e7e8249ebcb2a1ca29
SHA25655cc3fca19da150abd1c272b5457371e1383333c8c980020ff6b1a12cf35caf1
SHA5124af24cc2fe2ee101d0ebfd29ce05f9eb427752fa6a21a63cab03d4774b5df353092501806b86c9166fa1bbd698c768fb9432c057312b111df21919e8f5feb668
-
Filesize
1KB
MD58825b6e85c01f8bedefc625ed87c8ff4
SHA1b3d036cb96343b1ac7f04a136b1ccee08859219c
SHA256bf76c5eb7cb3e7baff099c7d802e072d1ebf45bcec954ef46efebb1827fe075d
SHA5125bb7f7ad2b28301030e59f3a911e6efea2f7161ed6e7eb268e42a7c412efe407a4c98f0b2c6710e76c6a81372930af03a4b371ffc9712b94fe4197248d31d141
-
Filesize
1KB
MD586b5ff67658900cbaa98b89396a4ae87
SHA1ca68cc92c33869f0b6179247ee2f67128c63ee7a
SHA256e0404a7e3f38cab25df618c430d25d5b3c775865c46233b466e492f25c6c0b75
SHA5128e30814e90dcac225ca00b2d26b0e9484d6c33d72b51869e4c5776bd457083f0614c9109533f7017848f12a8765022c223a107bf3b004c89a15d4da9823116a3
-
Filesize
11KB
MD5add4cebd1f9265554be953aad741d889
SHA1aa9950c7f25f732b3a0e1234c79bd427306ea55e
SHA25685fcaa60bbe1f99477aea75b27633f95b01daa91ea5359a0787ec97a522533f1
SHA5122e51450278ff21ddd2a5264b83694edb8d450832cd33d96751fedae9d3e33c237371281556baaab62f9a150ddf92be1c6b4efc486744b02d1b0c7482935e192c
-
Filesize
1KB
MD528a70bc12e1b3058ab55c191547ea925
SHA1b969512af6785506ca857b13f7590ebd046f8207
SHA256595859703b869d5793a264c73bc9fea486cba2235d5d852b8bf4284c0944a01f
SHA5128650609ba876ca7f39bebcc33eabc771f56926290d31ff9c2d18407f97085a06260a4e8f09b51253697fcc7cd2dffe20b6e313440477dabff02ea34d76578edb
-
Filesize
2KB
MD54c2aab7974ee0650e6c40ca2207ca649
SHA10131ee71e32c8d804241e4b9b54b900bc249bead
SHA256df3493898d6b53c5a411effff1e0343a4bc3b3bdb96c7c46b81e17f602ce93ca
SHA512e56fd820e3a0f2b06f278b3624d34deb994c158cb010b67f46b76419bd3f0b486d3fab3110dbf07404e8d25ea79ff30fd7043ab6cbcc1fd030ec2a14f8d7bf68
-
Filesize
11KB
MD58af577257e73f943b3307cd3f54d758f
SHA11c0c4780eea2e2cb5e5c2a7553b9264363f16a50
SHA256e143158e82cdd027218abff702407d32f6d0fecd23ee46e73b088ee9a50eac1d
SHA51285663293c4c226f7668b02affae82c7eec3810f217deb587ae05e921a858ad2ffb11aff61b3417cfbec3453bfb3d2c11713802bfe39c126dd8df94b8abd6ae1d
-
Filesize
11KB
MD5b23cc2d60a0b836ddb47dc4de3e265a0
SHA1f5abbefdc7724ae70f0ba00c387fe75c5d7fe546
SHA25654a4707ae09f2d15fd2a27b70632c59a7b6911181fffc9ce3fe45f4788f58431
SHA5124a17239111080b69012f9cd8cca3d270dea489c351208ce82cf1a3f7b6c79cd4e847de1071d334ab5ae2fe9673803fce1ba44abc69b4036d377a88032ccb3a0c
-
Filesize
11KB
MD5d87e0a90c4bb0b661308b13c3bd20748
SHA19d657848bfff595decbe1f7eb3ee484bcaa8e3cd
SHA256aa65b6f96066018a3de97e7b01a1b18a370433dc8ea3a77021a0702249372d04
SHA512e6e72aca7f8f6f4f7c9e08738259946db894a76338e370e1dfd5a6101c811df9972b09a47bb9b59d163e11461ad3493ea18dcc3d1c7b8ed9e6f41b9e4104046b
-
Filesize
1011B
MD5347280e1af216fefd16502689fd66fc4
SHA19c8533125a5a6d1e947f7699079126b5b787be61
SHA2567685c83c612f4ad7d0134faf85d004db130419079e10c7289af18f9b75ff1e8f
SHA512d4a7d4927d12b8b4ee5954d30961103a3e98ccfc82a699f5c46d594f1ae3cd7052f8fa04a30e9f9c8b5090c2c22974d31b442d4b2599b475b30657d28a17ac1e
-
Filesize
42B
MD55629cbf547b3b307ceb49e569d48cecd
SHA1cdcfe57199292ef51e92ddbb528310a1b01efe7c
SHA2569162aba568044150895c922c64ae4e2cd31ab70cc254a841adbf4fd1877dcd0a
SHA512f2828614189c9f203debbb89609e166a9d14e3d803cde4ca9b9463d463be0f1fbaddf8603ee0c8cb7bae39f8047e848b5091198c0f0b42db697950db94b89fcf
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt
Filesize77KB
MD584fd871fd7d1681e6e5bf39e7c2714a9
SHA1f4aab2aeba8dd5820f9d2805c411c5943e387a71
SHA256d5a694f6ce9f27229819cafebe2ae9edd7374b04dd4fe6a47ef7d4d3d24c3c00
SHA51246f887b5e5edd0c14119ee087c78758af18e6da4a9f6534d86bb706a33381e0c27e57d4c52a00a46b9d9f7313538aa49030eb45509f3c2840f1fa3b8e23d66fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt.EnCiPhErEd
Filesize47KB
MD595ed65f1738dad42f1f11e859f104284
SHA15cdd6617388783e330962eb20c27cff2fc8c8b0a
SHA256dc38400451c59e0371fc6527bfcb03155547069e0dd5bf91d1419284db5f0f26
SHA512562c9dcdab56b3b0f76cb3a59060455d32614bbfecaaf6eacd32291017c6b9b0e398de6eb0ff47900562801dfabb10c6509150d7f27ec6a7b3cbb37cc083f6c2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt
Filesize63KB
MD550b7cf475fb2d0ad450bf50a2f005317
SHA1a2ff43390930a93a659a2087721fb622451eaf24
SHA256ecca729ad0a0220cbba68c382a41888ff8bf24e67cb481b78028b2d92cb93024
SHA512f47a476d896b76a90eb5f6df7590c48106e889cd78fd282c4c2fcddcd4a14af0b5fc8fbd51c29dce40e4f19cde262879935a94a941f9e61497ecacee1da1cdf1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt
Filesize74KB
MD5846ef99a07817367aef26f9816124e5b
SHA1a4283be258f4a7145287992d702a325c5c36ee69
SHA2568741558ba836d32e285d243d67efb897a2e9248d31a51ed7f8bb8570bf1bac31
SHA5126abc70939d3c115f57380c4173de91556cf2888b2bd977fdf4bc4c585bdabbba11cc393a0baed674d7eff7a7626b6d6dfec5818ca6c87316e94930802eeb376e
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD54f207950942959bd9b3f27557b2a5af0
SHA125e0a3667cd28f6ef655719589f700e5c9ba03b2
SHA25623fda9ba118ed1d18230ce57fa3ac501feeef6a4ad358769d85182f4689cf402
SHA51290d06580fa81be2f8f706447c9203f03e77f65b35e5ff0cba997bdcabbc8100b9ab229301186fa970f9819bc4640aa0a9e917ce38f6413871377d56562e4f576
-
Filesize
21KB
MD522f5a98fbc9a514a6af4b534d9f858d9
SHA161a13f66428b2cdcb12663de5a7cdcde242f7623
SHA256484c3a3de2737011645a444353f1bac4a8b91a6d93d2674701670eec5fde15c4
SHA512294fba00000734db4bd30e70f7a140b4e61522db398cb2a0e9dc0ff858fb1f90fdbb9b8de4f19db4e73be33c508ea8b68cde8f3e81e20b4ad62fb75f326e1356
-
Filesize
1KB
MD57bf832e1e4a15c7541c1ad1b497c9033
SHA1f86c704f119d232182ccdc2beb21c60ff28296cd
SHA2561b3fc6cf0caa18c7dc73d19c0b36586a9fddbf8c1e206399b5d782bb51b5c6e6
SHA5120f983931bd91e3f5e8f2b0d456577a41023a985fcdd7fb93e36300b3f7c570bde038fd9f2e632d07b538f01947e0d6ac2ce54b71aaea1ddb95063c375165646f
-
Filesize
952B
MD558589a00e2a4e1f192eec7f63e881bea
SHA1dc9cbe9a4c87f424ac6ff15863e85c82bad5a192
SHA2564723a146f2b903ba09a324f4c5cb4fed524780669caa28181c49d17e9ec8b006
SHA51269fcc5489d3dec0ca7b03cc41104a1a909b36f969a76d8bc21f30483ff307138e902f4f07223617490a5cb03c620055acce79bcb9e555e6e0ffa227f83872eef
-
Filesize
121B
MD5c42eb19e9bfec339ecc9a2f684527016
SHA13c381644a2bbb526e2ea6e11e6c7d0396800738c
SHA2569fead7373d52b3a037356621f6d47a9cc530f25576c64912341d66e58ad50543
SHA51202607f8686a5a382bdf1ede1737b0db07f7f2c4fe48f12ad266facc84c0924143e001a64bd5c10a6b5360ffae7b81b33d442c35603cdc3d556b1133c82227666
-
Filesize
1KB
MD5f2bff720a852de2db4d9d966b83ec09c
SHA1964037d7c4b64137fb751fcd918cd52d752acc58
SHA256201ae8ed2b563bcda7d689aac7ab205d88adba9dda3e6fe22e33f10397a9ab04
SHA5124e5463dd2251fa73a5caa303ae031ade95b77b6e73168c5fc65d89f1ce90e4c67d45383c042158e96589fc03cc919d650e1a9e592748731d41833c73678872fe
-
Filesize
8KB
MD578fb30cb23c7d887f0834301a56d844d
SHA1b8b66be59d4c4b49f79c6359518388f9e15662ef
SHA256d97fe1636de39aa5130d057e56e855a58c7a33994f27bc411b7ebfef480f4645
SHA512b8c5590ab998f43867c7f030e6a2b78f232b0ebfba9534eab10c798b9ec9f4e19b7e7fddcc2a4be544c75e3775282033ee32cf17247dfabcc5c643d1ee09df12
-
Filesize
61B
MD56c27c510cf634ee915ad98efd33fa9ca
SHA1a391e0979dfe65984fd8990f6cda0b3b06fcd846
SHA256ff4f15a96944093e4546deb6c1c11c61f9c580f6a128d0aa24f573105c456332
SHA5120adb07d3b20e8a9beeb53ef222c0d51ccfb28a1bc1385946082bddfcce7231f07dff4b563c0abb88ca4ae998410be77f34e0177fd88678afd7e2d769ae9f3399
-
Filesize
914B
MD5e513abe9f14f466896e76af3e5114673
SHA1bc9f0827c7660b66f3fad82aac2dffcbdfe81b59
SHA2560c771e01ad21685545b7626b3b49a4809da76700a366f3507604fba7a9287f98
SHA512be3f83a388b0d6513a82d6e86a480620830c1223292a5ae3523185f810f6db45e6a5e16ad746946b406999f3c8804407ce6434ccd3ed2c5c6cf8dc1416500428
-
Filesize
90B
MD57d4dd188901227cc373fcb2d46b092e5
SHA10c14fe61e10eefa82f9b0bf3ea2cd273e2d4b268
SHA256f092a6b2c56ec9bc538ecbb73cc4a46b507836e9b313ba0bc30e8ec59d2570ab
SHA512ce2621ecc35e4e24e9e121eb2d6dddc7a329548fd17af09fc862356ace3af406cadb816191f9d6379052a9ba74b72e7ba1fb4b5d628935d49f288cab6ca32244
-
Filesize
90B
MD5ec12a35e08fd0d01249d0cc6812c2dc7
SHA10500f53476d9fdddd6d6a6f2007e438076ebf2df
SHA256a749ebbb124f2ef8746066872e6a9c7f04f5f58227942fe4e9692875d58e6885
SHA512fdfc5b96a69a1d772ab67ec65f1a442cc1ccdee8070e39acaaf48063fdde05b84f56a3bdf9c21575a83a93e902a46a7132c0bcc4ed35f99ffea34c31cf4f5735
-
Filesize
328B
MD592decd1691e704ea19c543566b711d80
SHA121d4832ae76c917a4ef22f9fca665d93990d369a
SHA256b5e5e1d3184ce7fe656363dc47e3767977d7054031b379968ca3394eaadd6a06
SHA5129c70ca28df33bc497bdddbdf5d02fbfba760108d476d70a943ec92c04d2832784498ed4ddc2abe9e4b71e61e6ccc136081216f57a8d5a8edd696d1ad26edba5d
-
Filesize
1KB
MD598bf9d09fbc7a3e20d4222684f1755c2
SHA140b68681ee2f2f01c7b5b39583ed2687969718bc
SHA256a96ba78ddf0547c62a46480c77e4de3352dd7abf114ff493c80b9e11c2e35006
SHA5120014308fd3b52f59c661dcddb7e40c4a6f96cd0fb61b0a8efd441a41c6269fd4cd93991ae42a1cacd23212441b49a0791e0847bb55f2257bee164ae9df91cfbf
-
Filesize
162B
MD5bff5530f721097a58df0a1da0a33848c
SHA1575839c4b2e0cb5114e17c636cf5caf0c0f4773f
SHA256df436280ca5fba18da991f17aa398c8e4668fe54e94a791409a85db520c47be0
SHA512f2c48b2c72ec90fd52c32eeed63f665dcfe4ac846edb63a234d49dd95acabe5078eb001fad24eece7e2b6f0e01c005a6c6644c460a5774600997c2ca46996e4f
-
Filesize
586B
MD597dc13899e4f46bb38f5c20482d67420
SHA1c5d7aef68a3486a9531a085c0de827c01afdca6a
SHA256a6c1254fbd11376d4bd5ba2700d80b0934c059d08f273100a2062b7124777e04
SHA51202e4c25943eaf88625dab92a930d7b0675358781d0f52feba0c9c56af09b735537e9d5ac1574b58490d6370b88bda8788945f960e86b3368ad9bb61566c81b8d
-
Filesize
124B
MD5e5519bbc60d8f7f24f26659d3e107059
SHA167b4bd8f0fa4951a1e44bd1328a965a1e3138bc9
SHA256ca903e47300e739bc8ed20de07a5fc3b4416091dfb148f4f55c4ecbd807ecc0c
SHA512ffe14dedb94795f0f8383aec4559bbb6dbfdcaf9f5c39b304e42354312fa84bad0513459e257693072583e459625ee9d8fa343ef93eb16de1971f4c384e3b068
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5e81b5e68e84b6409b741515f32902582
SHA1c0f1d1a432f1f677f68d5eb197e5c72261f3d107
SHA256ff8a00a2c1674ff1c2a5f54f6ca95a2ee8e14c8c450db38657ab52706e832244
SHA51299c5e05498e70ce6bd5d693756a773289b59c556a54019b3b8cff1817918b0bfdd8e2f61a4c458afd6447df8e6d7e67bca438fbb091eda826828694fcc4d80c9
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD5bfba1bb7f641e484400a18b43c4c3055
SHA1675f94ae0b9fff7c4466d3095a378d6b02fd2ce1
SHA2566aa7f5fbd44eee209350cc1ccbff391290407010c949971c9a17cedcdf3446b8
SHA512cfb1ab92146e41c1402e19a02bfa33f44b55aad51346b44eb416b6d3bb0b90c528a1e8aae1390cffd03306c959d81e1de6fce87fae16156506963eed52951c60
-
Filesize
8KB
MD5cc825fdb421e84c5138a3e87765aa762
SHA136bfe68cf55c30cbdf3ad342d90cff4e9bb7af1e
SHA25671eeb4beb23c7e39af9ee58b214b827888656bfeabef74712e3092f71fd06635
SHA512c99bfeccf8d651f278497933f042a0910fd415efe9b427a06ca84a6e17aa54b28856387f628b507382558d31754a86ae92fde3ad03269375f244964d00ba098e
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5b423830b9e6c372be85a0e2f6f304e03
SHA1c8825dcf392c8b6a076a4832a92a88d06a4dd700
SHA2568e513700926b74daae8482ba9ef17b66860ed6070f2be53d6f8e2ec499189304
SHA512346d0fec56fae8a4e2eeaa4b09d974ac9a7745d470c24fd5b1476f7aeb600db60928b1876fd19838ee5945ecf80440d50cb47066ff52eb4f79f53283cfbb60e8
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD560f93f3f3cf6a34606e295981a7e5b85
SHA1b941ac3eb49c93d08ee2c043e2d643fd943ed91c
SHA256b75a10a248a26d182a0310a7cd4db02d066bca4127e9fece732e1e965b5ac202
SHA51212b68512db831fc7ce4f1e63fac7aed1447c902806274954d2271a546b296a3d66a49df9b9691d8205b24ab9beefe2813a02d76f7d7dd18a77f352fb93430710
-
Filesize
880B
MD51a27d7cd6bdd8bd487c1da1b1be0160e
SHA1cdc21e2ab05f39cd002618886457ed6ee8c16e5b
SHA25617c6bcb5ca3ca05840c2b68d5d2d94924e270e9f0ff6f93a7334a3db01461b67
SHA512d008331e145696a15edbe3cb6a13bb6fe38d0063e2ad66a6ab81d87e3b27b1184b006f1611ffb6028588cc74d93e516c72803a6c21a195f070f6990e2fd1fee6
-
Filesize
49B
MD520f2044701d0923e013515d7b32b4928
SHA130d30544445da6513071b08b1b962cf81993006e
SHA2568d68b8781d83f14ac66efb2f8e9875eb8c06bb03129772908eb1d76bb6745b64
SHA512560ad7494939bb91fc2df2bdb8a0f7b025ec2a9c47bb8dcee76e534066489f2a2fb73cbb8cc0e1b41b14a89948faabde72f65c7374d8d03faed21d76bbba37ec
-
Filesize
1KB
MD54f1f465e71da2b33504cbba42555d6a5
SHA1b589ad7de79bded4ae941a8e2c27b40443319264
SHA2566946ee3e14b2500dcde6972a251896f87889e7f5bec4890cf36ea26e472aa956
SHA512c922e41e6ec1ee755e9cce7d72c7ffb4878964b5586bfc17108149e35bcc2abc5219fe0a1cd43b013b5b2170fcd68cced202463ac5a8febb8f05787cd6ecb45c
-
Filesize
1KB
MD578189ca0d22aade111ea3db7eec538a1
SHA100d771fa9ec796a61a19ea71b431a31f7d6ff792
SHA2562c1688ac753d83c4e03aabe1f381958bd475a7f254b811815a7dfa3f66be1ebd
SHA512fd5f93bbce9fe57239256097a8017dd5ce6ddc7eaa80b19ef5bc723415d84165601f382ca84a437c05039dce1b7871d96dcf6108aab1de0612e3874acc5c04ba
-
Filesize
1KB
MD5879aca6b50d92f9c7e155a547318ad0f
SHA1678c19fe5b90dc59e8b723583f51e949d75841f8
SHA256df9ddd172bebf146365afaf796fa38cc82012abdb3fc6f9f86f408a5c2f41a5b
SHA512bdeb3f5e5b96ce206bcd8cf3b27693a33f46af5953e23e3bec6ef77665ff8174971b7abb063ab6245da7d9a5da759465d7b9c3bce98005429682ad181b3c3039
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD57d98d3671f02d816ad19bd032bbe1d69
SHA1512cfe99e3c84e18b2a616033fc5e83f31eebaf7
SHA2566717d397e4262a1d0fed54e82372c197ad3344cf790d3c06e5f81e1d5d045d23
SHA5127b5074e99a7e0e8af5ae72737af9e97630b03dcbe88f961438a6b46618b9def9cb6da371e049970158ad48ac473b36918d9b478564345a7b1bf9ad21022718fa
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD53b72a540829e497cc943caf47ff41033
SHA10b8d1daec2041bf8e86f57b1a08db0edc7a0e080
SHA256e35deb8e13ea48c1597120aee3134b9c6878163d4a53f2e8a385826f350d4da6
SHA512261f064d13b450e9768f39d3f6aeabd564d3d4dcf6975969cc0066a5f70b3487f8a9d2eb0889d8af7d59473a342467cc8061f165333baadcfc89228b38ece004
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD5fd921cb882601745cdf4033db4b42abb
SHA10e7f4bb05aa9ea73003466a59ef5c218f2fe221c
SHA256ec0d569dd7285718056f14036bd6b7baf64cdd2d07c40fdb690e19c19afe16ab
SHA51294d4b7a9ebba5fa328b332000e3429af4f18a66da2bf12b0a61cabf5f310902145c1969c81e056633014e2cb10099c9a771f18a8eab2f120fde904a75f81116b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD56ee911b1e3c488298536d1babce0ef0c
SHA1caee67de4acfc49b455895f214a5cd5b204b30fd
SHA25681495d9543d501c7ee9910978aba4e233dca306efc0e3b3031bbb6ead6f87b2e
SHA51232fb878d82b4428c0ec35611fe7d35b98251d1d76fde8d4d7a2c0bb8b1d34b4a08fa24ef04147d7b3e60b44d5548db59d0b40ca40413c21b07b37a1890f8ace6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5f85b6d175a7a341e77180f6de867605b
SHA1f8d6ce91bfaa03b6399c492e58f1d377f25c3fa5
SHA256845f4ea4bab89fd164485e75aa9943f1d609c89c005b8c941add416c89c197c1
SHA512e37870d4c90de9ce41c2d2d74826b0c701b5ead704c63a5637a018dab817cfb26de19cf5751f6c288786366f4c8ec7023b8a97ffd7614b261dfd9a9adb02f8e1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD52d14e4da4653da77fd4fced30a277bb7
SHA154656db787c100824d7d13d8d152abdc66dd0106
SHA256c674192311bab5a3dc4de840abd6e5dcdd3fccdea39ee3c44633aeec82562d70
SHA5125b3f41b12ae8e945398f7d273e89d7e3f91340c88703a7564ca14c6402bbbefc477f01d587be83c936860a003affc6a02e199b6009e1d6e5ad2c4fa297017d9b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD53c464ad758eb7d7a0faff733bf58f089
SHA1457aad8ba8903feea6f5cb571ac2b8027ca9fe60
SHA2564792947546fbcd2fe726a31a9f49fc2182d7206ca4b5dcc1de8beee9b100daf6
SHA512d5a5f0bdf955c46158a888c0903a6c0983c747f19dd860bf2d907c1324bb9449b6b6cc9b680f473c76efed7e4247f9a61e523fa4c9a89bca61e9baf0b4967b9f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5fe215f48618af7829fbde107df412c1a
SHA15919686082bd43c1efa4d569b0b1eae7a7290f5a
SHA2569e346a2df57dacc74aa6166d0cc2ba9d522046cfb52b8e0b337cb40eaa3324e0
SHA512d5869ada749bf869f7701679396fa6664f94188b5ead29fabe5119e83b6ff606a386b4ce085fa7c00b387f9077e36f2e835ae7258ad4e5817e3983c59e0821c1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD586b8878ae2e6fb1f92c8677fb54f4042
SHA1fd85f11b64e7d769bc9c4aff13bdc9cae30a32a2
SHA256d7e87adcb4fc6ec0c8b64c2cf61f7cc1b70193527ba1cea9692b3475f08fe28d
SHA5126eb8086a01230586cc41c160780534be36ab11a1e756efcddb54fcdec36d4571017dc7def83fe8a41aec060c8b38a9dffa8ffe64bbd4176bc687dd91bb9e5e8c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD58bd5cd6129fefc552a2f1d3372626d32
SHA1e81aec6dab953cf780545989cfc5398ffb823356
SHA25619cd09cd9f0648e59e9e4fb8dfd48c12289f94b8955943f87a68727fc5def682
SHA51205e2eeb6b497873f244fc033a5830f4ef39326a5016709913b644ee8a4afa9e1314ef60e6aab27b6a365af6e67af1a4fb86a1b8a2cf1df324a74b874866fbfa9
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD5214230fd15b61f1b818518adb6e919a3
SHA1159d9f65a52005f5b244be23068e7f1c1896ca88
SHA25632d45c18d9d9d1deca38908347a7dca67ebeeea4e29b780d2860b862fcc0c320
SHA5120ccd2a98a734cc53698282d13d832ee3c0784029974d681833c34932cd8587f778ea96d918067c164187eaa93cd84b3719e8990f1842dc03c5609d386ec1d67f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD5f25a998b1009516a665d9b1f03e239f9
SHA11d8b84dea239eeefab8d852610a11998cc1e70b3
SHA2568292784acce78fc68beb9073e14b6b65024ad3dd2c470ea8319dc8cbea529233
SHA5122d24bb33246face8b8197361990a13d8a159c39c376ee18014d562829a00136ebc155014a986a237837dddb77f8cb76710376583ed48dc5396bd457be2254109
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD574129860d7d910013aed0146fe81844c
SHA154d373c926aec868f6889a59328b70309346f321
SHA256ede01ec16197829ea189f1c1241c241ec7eb2b501fc10e456a17dd811d7250ee
SHA51218dc199c5186ef3dde2d6f2e5f820fe4ecc6cbbe2f79f3b57588a064e1124e311c6b0bd3eaae1ef20d912747fdeb10b451fcbc6858f11ffcf182a24db361af65
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5feb50d690d25cd7865e187a2d31dc87b
SHA1207645fad6f4e3e5c50a6962e2acae5c72355dd4
SHA25603ddadbe3e9e72f4b3824b12094e87a97cddce4ac97ab578c81003adfbbe943b
SHA51256767f49387555555d4371e9a1cee91b6eae355b23ded99727657f74d348a4a95693365dafeb0b43c226f066e021adc1a7ea734813584eb9d7e998855dc51039
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD59bc44c64f4ee0acf544f1b2db439420c
SHA141426856d5a81003e9a36f1f33997bb814532034
SHA2564941f3c0126ce90073f0a663403e6b16d9f1e73ca80b117c1c09be6018821113
SHA5127b5638b4d217c0ddfc63b14dbb8961b9b702b8e982ae5ef33a6f859436cbd802213c7a16d09931e449798d858a31a4e5e172b3ed4da78d55affd6238d1564fc6
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5415ee77566c2375e57a222c8cf5f1cc8
SHA15c58c7f2e844dbfe3ea96b827be5025af64799ab
SHA25627fcefbaac6a0e35ab78d2d3a3c579250c28744675f17e2ed153abe7e6d6583e
SHA512921027012315a4640f75114488496633c1b03474a4af27cb96addce3dc2e89dbfc117bb62f110c6f77a566c49fec16d6ab596dce374c9f826c2719a6e8c55398
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD527ac88650adb01f80e7c0dfd047a8770
SHA14e5fb36f747979173e53d35fef8bc5a98fce4a2a
SHA256de139440fdcc0e6f6d5a43abff8a3da329efa4d3b2b3d465c984d7e52d71bb8f
SHA512e0becd29f6d6dd94bc2d1fddf82e3b6aa59c0dc99b1d48de01a198360675596979687cb087b862caa45c25f0e59d940f129cc9737eddb0303ce42e4af7e25dc0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD5bbf58f742c678a77c2ce049812094015
SHA1b7f1446c979e644bc601a868d8f6eabe4781ad77
SHA256f088d50e9880e1b6841b09cd445d2f622d7b31b9b73434daffc94eadded8ecef
SHA5122dfdcd7bc17cad21b27200267c5572cf671634e6d2bbd1ff278e64a05baa83a72f10d8e993bf1a2b2fb9e02af179b779e35fdb615b5be6e9a543fead4fea966a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD53b8d645f47ddcdc5256ab0bf718653f3
SHA1aef184c61db9052e1fea80d4d3f8c17f9bc6dc73
SHA2569d7727cbf6de0f73c45dba40cea36d1cc9db3c7ea477e98d35d99322264c79d2
SHA512645fd195bb97b905187f1fb17877ada3cc4994fc59aa0b24fed60ca02b75cee68508e82612722af5b35fbffdb9a536ac9ff1790903061404b54492b2a17cd4f1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD505989bcb6b3bff2a06f1ef556d60f155
SHA16a489cafe89fa543e76700fb0a7ec0d9815e6557
SHA25668ace7354fa1361ed7ff51d837167a41771602b9ae4f352afbf125d08a8f3927
SHA512f17586c9ca15926f220c6e32709ab7bee6bba42f39d5a73689a57d4437c3baecc9531c70183c8d2e6951ae2a2d0a620f3be489b659dfa427e04a0f878ff5b693
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD5e54fad0b9012ec25196545928b06d3c5
SHA189a7447273198e4ae7f5a60984a2162e2c8da583
SHA25689ad599d0d33fd56c7ce08903a01674f66d2947a8636b0269bd091f4577bdc5a
SHA512d1d21ee253601d607ef4d537ce181344ae5085c36b4d888d57b286adb737a85105023fd1bc7ef5441b2409a14e5f27ebc61e19683a18020d8a51ac5ad80499f3
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD56cb0d2df42d8a9e6854ce18ba407f2e3
SHA16e69e81d5bf607b9ceb3934ffcbf9aadfee12dc5
SHA2561d22e1d5422ca24b564812de304ee3eabd7979112ee3236ac66b098659ab16cf
SHA512ae5f8b460cfb92c9dbb7b6463ce64abfa43b7d1a3d5b144e7054162dd122dfd508bb091388ecdc699478c4bbbb0798668436beb7e3fb2c4d961442069439a975
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5c6e942b628f962b9688ba7a82e75b6f1
SHA1412a13dc3e32fbca6d896151e8bfe01aac066b5d
SHA2568422b39c786ce95e5fb1dc91814e0bcde426d69e32bfb7b842196f8c4afba7b4
SHA5126ad4adfd7bac3f2dce3cf9189105bac5bbc7868edb418d091866817460075a82fcb4a7cd70d869457bc4b9c6fe72185660e690085ba96a05e13474a812170622
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD52725c134b6d085ed616718ccf31cccd5
SHA181f905ed357b3672de570c5799c4952b5a703bf7
SHA2562a320f252cb9a446646be08b4cd0fecdab46678b7ea57b9dfeffac5d4e12edf6
SHA5126cd637ff399758fdbc68f13b0bb02add7d96fead280f4a35d0983e492f9dd96ab582f102bca43d11b8a00ef7d5b1e0581f49d8a45e4ce8d004f5a5164c3db642
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD5f64656e2b55ee7b5ccb7186153441bf3
SHA1a5029a2a3f8d16a769588f6c3732022f83b823ee
SHA256fa55be564701a76a7d7b207a16a463d000d68575a0cead187d4273e76203234a
SHA512c23834cedb2c6ab2246f96087f7ce36f317b41578c921518e9f29efc46d66bbc6e6dfd43a856cf2ecd67f0945d38df1b67459ab229efe67c37371a0ddee0bfa1
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5a7e5b11ead6985e643f33c5bb59adecf
SHA1b6ce5537cd2f41d001d29220ddca8c13e332e783
SHA25688c2a85d8f54582798b571491c5ae8d7b457a8b892d49c6857b6f1e70d93f65e
SHA5128f5934b88048df4fbccf2617ae1b747f31ca9d8a53e3d3b477a362693c6a045af42df907bdbad48609bc0a3af1bfe6dd6cb31ceb0ef83e886f600e993eb71705
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD550a032195f807956b6ccc71edb653ae8
SHA14ce1f6dcb76a44c0fb9d0706f72855663c701787
SHA2561bce72306af71ce6a840f384cbb1cffd99815c978a9b8a5001fc1431392f603b
SHA51294c96237d98223d768c5180ce25496f2fd58723f8afd2a401dd047513b1b05990f4d1995322c9488c6032427779a695372e3f38d447eb7b293767c6957ab3b3a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD58dd6cfad8391ee359365f577b723e1a1
SHA18545791d4ed0cb38b52ca19ad59c03150fb1f7f5
SHA256aaacf067fdbcfb10288bc34161098f4c43add68e545aba825e57e6a81658a203
SHA512cb5124e8aab0069136c73a75d03e3ff07febb4518208454a3b88eb32bdd5cea9bd0ce06c229c01eb1ab25b46e0f5f6eb7e451ec17bbddd9beaddb64f456184ae
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5da777ead9ed12618aca65493cdc5260a
SHA10d7290d23396ff10ad2d4c88dbe49b31e5393ff0
SHA256f70531842da2978a4dd18cb43e8adbd00784470edc4592b8c5d9fb05bcec1cc5
SHA512d25079805d77377551fb6046eba22fbe6e29709996bef7811b1e2507c9937006a81f6df093eff4d7cc3d2e51078afcf2f504d9a0a4ebfae7101123d10e857970
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD516a205b0dd2a3f47a4335ba0a84ca88f
SHA1b81adf764f3cd5b307dca35330a890ab59236b45
SHA2566b7fe80a887aff7aa41c3882c9567a171fe4e5aa4a29dfde3e2eb9a24876e4e6
SHA512c4ef25062d4295781b9ef4382cc33cbf3092d5448522a6e99b09f4175591cae6c1ffda88773cce85a44ef43acb150947ae738c7aab8a31700f50abf986b29bac
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5af00ff08b827f41788f2419b790f103b
SHA1d2e4ef4709b0c0618fa698f40a1e56adefd233ca
SHA25632b86dfa5a94002c4511df2b58287105e860fd0aea85474ea665386dd691e63d
SHA5124180a9d20b001206819596ffd357e64fdc567718f95cca2d9864e9f98c3bfbf928db4d993347ed8766d9bd307ca69068ebfca1201f8f45422c870e396199fd5f
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD532e93bddf646c37b48f189900f375ed5
SHA191a31ec240cd0abaae52242b58a0e67fc23bc5df
SHA25602e667131f789e63a1cca99f811c8359b4c561a69327a066e7aff24a01b3dab6
SHA5121521666a2b57ce9e42f250348d636256b1af997788b13919a4ae34eb3cb4f6e37b8b770f874e2a3f0ce24dc579793911786c711c886f9a681a01ce84f4de6585
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD56cc52a595c8f7fd766eca220eb7934f8
SHA16a2d3b7e50a189e726dc5dc6dc8bd922a6aec0ae
SHA2566aff259f6f035d5ca015f43c5dc9ffc872246587f9b25a5560bb7cd10f2fb6c0
SHA512cbbb3c75c345f8e0e3fabf11f30c1db781bf43863dc9d595e141fc0e54207de9c1538dc3d1d866d3e8b9c17d2ef8fcfcefa0e8bf1569000dc2ebd86219786756