Analysis
-
max time kernel
95s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
07-12-2024 09:47
Behavioral task
behavioral1
Sample
d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
-
Size
66KB
-
MD5
d1cfc7d645f1480a458deab931d69c9b
-
SHA1
d0f2513dbae79c174f94aad30a7f468c944f8d65
-
SHA256
809ead42b86ac24d93896af74f2df781ff40e2157e33d47912202fe95510cc64
-
SHA512
d4365ffc48cfa1fd9c89f1899d192a2ad7b3539c0c30f93d9e35df6730284ec1b725485ca0d370abe83c9b387a638d7ccaf07ea8ba95a41ac8b4b05c70625b2f
-
SSDEEP
768:j0FmBkpKjPYpiMQyfErDvh66fNAcnFEVm3kxq4ucJaYnpIs4KbRRPM5vEvv31fal:jOhrt8rrs6fN2sUcYas4icst2QOaJK
Malware Config
Signatures
-
Renames multiple (2184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 9 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\uk-UA\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj5.inf_amd64_6f327fe9ac4fdb28\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0409\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Dism\fr-FR\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\amdi2c.inf_amd64_d7ae71f8eb52c084\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ja-JP\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\DriverStore\de-DE\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdkj7.inf_amd64_161e1375bcff85d9\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_144351277838b429\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\MUI\0C0A\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\spp\tokens\pkeyconfig\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\InputMethod\JPN\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_66614bed5c0a20d8\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\Com\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthlcpen.inf_amd64_a2917ed464cbbc93\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\@AudioToastIcon.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oadggilooaddfiad.bmp" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-100_contrast-black.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125_contrast-black.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_PigEar.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-400.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\cs-cz\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_ok.gif d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-100_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-150.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60_altform-unplated.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-tw\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNG d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_contrast-black.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-150.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MicrosoftLogo.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\tr-tr\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-lightunplated.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-150.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-black_scale-100.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Sunglasses.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\moe_status_icons.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_contrast-black.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\tr-tr\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-black_scale-100.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-100.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-150.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\View3d\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-30_altform-lightunplated.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-100.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-150.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-125.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\fr-FR\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-100_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-200_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-24.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Program Files\Windows Photo Viewer\de-DE\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W0.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\pris\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_kdnic.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f6e47ebd97310e42\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-400.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_multipoint-wms.eventlogmsg.resources_31bf3856ad364e35_10.0.19041.1_es-es_c93c280113f48e62\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..lter-mime.resources_31bf3856ad364e35_7.0.19041.1_en-us_6987bb3917153259\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\http_500.htm d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-refs_31bf3856ad364e35_10.0.19041.1266_none_1b3c5422d217d4a9\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_20c03dba2fdc67ac\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ngerprintcredential_31bf3856ad364e35_10.0.19041.1081_none_1acc3ea302a542af\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_10.0.19041.746_none_b32819b66e95bdf3\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.964_lt-lt_ce47d201c53c798b\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ahcache_31bf3856ad364e35_10.0.19041.928_none_11616d60b8a0cb9a\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_10.0.19041.1_none_481addfb5cac00db\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_security-octagon-enclave_31bf3856ad364e35_10.0.19041.153_none_2f115aecc2351c2b\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windows-application..ardserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_52167fbdea8017f2\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wpf-reachframework_31bf3856ad364e35_10.0.19200.101_none_2be23204f0dbc355\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-w..ows-web-diagnostics_31bf3856ad364e35_10.0.19041.746_none_db2530a245901d66\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingui_31bf3856ad364e35_10.0.19041.264_none_ac46cb7f60f8a602\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-oobe-policies_31bf3856ad364e35_10.0.19041.1_none_6747b7a3667513bf\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p..ns-platform-library_31bf3856ad364e35_10.0.19041.844_none_648bdd4ee187c820\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\IME\IMEJP\help\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.19041.1_uk-ua_a64ea9441dc59b4c\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-o..re-security-webauth_31bf3856ad364e35_10.0.19041.264_none_35bf65fd1268e64b\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-web-app-host_31bf3856ad364e35_10.0.19041.789_none_1ab57d24625888e6\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-s..erclasses.resources_31bf3856ad364e35_10.0.19041.1_en-us_aca9a2feddb3667f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-t..vices-configbackend_31bf3856ad364e35_10.0.19041.746_none_bee2ecb684c7fdfd\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-48_altform-unplated_contrast-black.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.1_none_b719750f25d4cc37\SquareTile150x150.scale-100.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_27faaee495997877\branding_Full2.gif d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_product-onecore__dual_c_sensor.inf_31bf3856ad364e35_10.0.19041.1_none_c6c2a6d63bfd1fd2\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\x86_microsoft-windows-ie-controls.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_de2fd7a0fcb62ecf\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.resources\v4.0_4.0.0.0_fr_b77a5c561934e089\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square44x44Logo.contrast-white_scale-200.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_netrtwlane01.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_5dcfa29abb99d37e\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_ja_31bf3856ad364e35\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\TaskScheduler.Resources\v4.0_10.0.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-100_contrast-white.png d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-network-setup_31bf3856ad364e35_10.0.19041.546_none_85daa5cc47312f83\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-onecore-inputhost_31bf3856ad364e35_10.0.19041.906_none_85591a36bd9d4cc6\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_hyperv-vmemulateddevices.resources_31bf3856ad364e35_10.0.19041.1_it-it_fec29a5a647fcdac\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.1202_none_881548dfbfc9556a\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-powershell-sip_31bf3856ad364e35_10.0.19041.1_none_1e5fae61a2104eff\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_wsdapi_31bf3856ad364e35_10.0.19041.746_none_9cacd79fac25e4e2\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\msil_system.serviceprocess.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_dbebe761a1ca0ae8\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2928b4fb71c9c50c\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1151_none_90fbce7e9cbb300b\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.746_none_b0a3ebd117ec81d4\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\en-US\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73e85422933e8c6d\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-recovery_31bf3856ad364e35_10.0.19041.1202_none_08671dec41b43968\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.264_none_8bd2f5fc0c992e06\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework\v3.5\3082\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_10.0.19041.1_es-es_2ddce787f20ccde6\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-s..r-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a26b530d64eec39c\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ehome-tvratings_31bf3856ad364e35_10.0.19041.746_none_018bd87238d2bd7e\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_sisraid4.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_53c7a4ea411a31ac\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_iastorav.inf_31bf3856ad364e35_10.0.19041.1_none_58e8bdd69f5f0192\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-c..ement-wmi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_97abc80a0d55485a\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.264_none_4af4dcf0ae8245e7\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-msctfp_31bf3856ad364e35_10.0.19041.610_none_a8f1165b4dada058\f\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_dual_net819xp.inf_31bf3856ad364e35_10.0.19041.1_none_1aa025fd91929f24\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i...appxmain.resources_31bf3856ad364e35_10.0.19041.1266_en-us_532c1727b299ece8\r\HOW TO DECRYPT FILES.txt d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open\command d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\ = "CRYPTED!" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\DefaultIcon d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\20h0qrWAF1yJNAB.exe,0" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VNTEIYXIWDWJPFL\shell\open d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VNTEIYXIWDWJPFL" d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d1cfc7d645f1480a458deab931d69c9b_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5832d445ee294438bf842780496e5eb39
SHA105bc28dad0ad8bf7e075db859f0fa57e81e9b784
SHA2562c161e0ba1b46f7c28f03d0b6ee281201c2e8334538a27cc9de6a347e30200a3
SHA512b40db4b5479050e665961d2f72f1634c59653d131ecf667740adc9d76ca809105629ce843651318ed8a61f496f8696c6131310b39b4e43647060723c6b3acb24
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
Filesize1KB
MD5b6cdc51503f7b149dfa89600ee709054
SHA13868b648811e06a32b07e3ddfae21ff1ddca6e50
SHA25672c1b54c43f7388dbaa7aef2755efecb03ba5ccf2776d824281019f60125b589
SHA512c10e7cb7300659956aaea13a69b697ca8513e9dac36bd13f9a5d40c8cbb55ee4f09d3f00250a4c7f325f51ed3891577f5b0bb7d804eedf785ee90384a9cd33b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
Filesize3KB
MD57cc13bc2a94f73b6c457345589956384
SHA16f1ab39396018bc8d0fd8c6511ef579026eacc1d
SHA256f2b7e6baccc66d8c2584785e248d789a5df356e6e5b48eac8368d64b9c7343ec
SHA512f3b5e4badfa4f7ca57b696b1fcd88347d6b1fed6d045c6a5530e0998bb6ba75a1850fba9d094151a5ce0a7dc6bcb0a4d9f83f3fcd15cc89c8af74d0b4c725ac1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize683B
MD5bf1bd1176bfbfc0b3fb0514e432838d3
SHA18ce7b41353674b2ed4fd3674388c8ec9634afb24
SHA25655aab609b7dcd236f20256f956b9b8a376a327540798063af096a79cc8731bfa
SHA512fcd2a33f2c1049f0f819d4e1265cd7d4c661dbba14a6cfb805e970010349c59b200e8c18c95c56a71522c8ca5ef695604911c3886ef7462171a0c6eb49f9332a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD5fb835deba00f23766079d795023f9e9f
SHA1f6aa671d2208eab845f706b36487d4da2d7f20d1
SHA256d629cc2de85a481f5f1cdc1ba6f0cab364489cd77d7fd1e3f7a5c87c89b9eec6
SHA5121f722a2679b9cc4f283e3fa4b7145dc63fbb566699ea7cdb6e69f10db4a458a989e86d10c7092ca735caf6c1643f682ccfdefb543327101ec520dd39eb639338
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize445B
MD552f923dbfb75405fa66ccde79f3a771d
SHA1d3e9549721bf183ac3e8ff9a7f899aee0a8bbb07
SHA256ec31ed6a8733cd5ba7aeed87b02b2a74829b9b32f293c69edae912c641cb95d7
SHA512aa5c7e4e99c92dedea7c280168690d482c13b1ae1bb263dbfab24f873b26869bc879ca8a488ff033e93d1a590d46be9daba5e196df73bfd9e6fc6b9ddf638def
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize611B
MD5fcce450e563236e5b1d84bc264dbcd57
SHA134ebecfde50e513795d2d9c9030dc0ce986ede32
SHA256bbd98aadd39abf54674b97796ed998f01e607e2d19954d8ec43523e96df0c973
SHA512f7f7169e7975b669f4048231742628e7582f006ba1b9f067e404c2cccdf2fa6cf8cb6ea4fd00099de10c06b6da6395be1913e8a6358da5f04b9a3050a0c2ac6b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize388B
MD5f9a9929a29c99c9f01d1391f46402083
SHA163ded065af3703d0f85445bedd6d1b73c3c2abbe
SHA2560cbcc2634a83eb4855d82e52d81fb42eae1751c3d54a09014422105d74124bd7
SHA512556a53783b07b5ef2d0254103feb59ddf2c60084413b23eefb3070236b94296174de84884e8b144ee212b2f1741ac5a1c37aa90a2ab69de81991233a17c32518
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize552B
MD5c747412e1295122215e0c513a923abfa
SHA12893c5cabc8356e4f20ebe026b7f32f55f786d41
SHA2569c4fcb3bb6a25bb29be34bb68f040bb58a1b2bb17c4fd5fb4da8592c64c1aebd
SHA512d4f47403ebd6b973d2fe3099da9de350621509d34b0af77d46b44c020a1f8e4725201986fe4f034a6cb8ba1dd86bf9773af0cfe36fd609ce74b95aef59c7d4db
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize388B
MD50eeaf1ba0b1539b37a25bfbabfc8c6ea
SHA19f5f0c18001bc100b54f2a5cc10f38342364452c
SHA2560c66a8d9e2082fad599da9404f376a7e5d266078d578937c15037b401aadf6ac
SHA512ec95ae921bf1845d758b1b0f5a7586ed00638fde572a6caff0523b55e95e26e620a27837d86a6e67083215719d2c83a8e905894652a23872937f317e3bc274e5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize552B
MD53eb84e776af7c263646ef933147a82d7
SHA1eed99ecbddedfe5b8e9d5c6526eff286f163d311
SHA256adbb1ca98db548251d386f9b9bc5108554385f9ca29a6589905dbc6d58e19075
SHA51260b76238530c489236ae79b84d2c36d14a908e94295ad7cae10d084a7ec8773240c54de8ff12112b77adfeaab22b2ae7ed126a2be4debdc57c089cf21cfa8c80
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize388B
MD58f42985dda56f797c36244364906787a
SHA1a8829f7847ca7710198c271393ec11eb69005fed
SHA256b94fe4a7c8fc09e16594736034b66b6eac5cce475c473f5f45ddafa250f457fc
SHA51253b983df3b15c0ad29edc9989b2a84c302930c209046a48a8c26f0d67df9dfb0ec64b5e8215931c5e4fcc543ef5b912f7ebbcb42d37a989818555dba79a403e3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize552B
MD53ea7a2c979f025288767317d61485356
SHA1f5efb6441f38f23bd586ed188a72ef97efdd18c3
SHA256f5ae6f210ca677a859014e435bf4443667f660cea29e81c00db749b6cfe089a5
SHA5129882fa804682c664eb0704dcd57f29fbcbb83b00a38bc29584900bc06a03f0b5491938352bd07e3e81713d5ede5b9a7bf46871a57ef23f4e2d087488007510c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5be4f2b5d760869af11a8cf8220349f87
SHA10ada7e8e7eaf3de5006685c2f13eb490d608ece7
SHA256c4976c08568e08854e367eb243c678e57171fd42d42b3e70ecd6d0643dcf53d7
SHA5120ab29b5a6da124a526e17a336ad6bc1443032daafa095bb4605984f2c8f12b1dc1fcca22a793db7a69a267aae41ef69c13929e97d6148140bced26d963ae4ec6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5169ba4293c4aa97ea4f68cf2ce1e6fe0
SHA18c9abd917aa6e309eb026df0ea307b8d9e808a34
SHA25668830a5fd28608171206e25bff81fbb9c55d1af664fda542eaddbe110b69d941
SHA5128f025b74700a8f92941492791a4e73e830fb30073ee7e70b44a7375a9f385be0cab96be748b12faa5e33c9bd05044cbae1a5102f761aedd045e164f64f616c23
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD53d946a70dd9dabd8fb91be399ac1664a
SHA17b57420cf4d37e876ded6b40b735853383ef8bb9
SHA2569ef85eb0996648a6ec7a84dc9e64a9008d678c8bf1c0b87befa373dd4ce5c701
SHA51218f3f5ab3ec3d01f8936d121b53bb6727de4d2353e19e03f64a12970ceaf454c6993e3714dca6b302826b1ca48f1f6f2428c9b3919aee802ca7f1a15137b8244
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5d8d0e3f34c6a2e3b06e40759eeafb744
SHA1a469405853adbdbeae63f2eb68679590bfd7ff52
SHA25684a28c0ff19b2a6d2be402308dba9e27908b9a5eabcf0d7331f4b593a264f63c
SHA5127bfea3ffd497070db3f2229a2c3e037ca290261c791b951c35423699196f51bed045b07b9451e0bf40d733319ccae4115155344f4fba3ea3f8aec8c9bf1944c9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD51023774b43edc165e7630224a5092350
SHA183c85e58bfb918af6c5ea649edf640e9ef068275
SHA256937f4d4de37f1fa145ca5c43b985adc6912b659e70b16d9e7c16e5f978f82147
SHA512c8e575ac1cb8750460f32e43fe9856b5b0674f0429eb1c7b1585ac72514469866a0232cf59db9d50e798dbe82ca9904e0102a4e10b7f8dd0da6cd9ebe9fa20c8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize179B
MD5713e09d06d5ce8c37ff1807e5188ab3a
SHA1b6ac7415874dc4fff488128ae2461b531d8db59b
SHA256cd10a6df2eb2d93ad38f1f98c63bdf83a275eeefecb76482501001045c12eead
SHA5125a565a9a895676e46d9d3d6a8b14647ae87889fba2c5bcf5efa30227752d49eed3fd8643a44a503af5aa3993229212a02b843b3c1b5f9f59531022fd5c19466c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize703B
MD517b1cebff32148a90b3860fd685817f2
SHA1b240acea360fbdece9374b1d286da571420a5caa
SHA256042660129ca5ac5fe8b05b67dd8fe06241e1277d68c0ed0ffdedc0df8a3098ec
SHA5127f6e79ab21023978824f9ef8a3e9eda85d452f974ad7db309770294a69074021a6ded74579ba983cd6b81f2bbee91cc9103bf7093f76605e3a4b20b2d6025b5a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5ad52d9dd146592198edeb1cb52954806
SHA17cff6dc53ed33a154f09fd1d34c7c545e4c41093
SHA25651006e5ddfa50597daa72ae36c8175bbb8335126f93b621727c50a252bedac42
SHA512924532e8590cdce2ca89c283137d3384a3339637ba9d8e3ea52654736d76cbd9342410337e8d3569e7e339d876a4016f2ffcf9dc0ec90490ce8b6b0fabfa6fd0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD59a73d91015adfc4973e12209bead9802
SHA1d93ccfe7aee563a7e78c5b7971d8bb6693cb43f6
SHA25602529f5b460b7be9375fbf2797358f7c9e105089f2d1924d67c16d8e40921d1c
SHA51279e5bd85e7a3fb9ad68fb8cac4b86d1d3a1f33da6d4dbbca1debd5434ee547a157710b28f43eb7320402ac08e4b5e61c9744f54453e89bcd4007c81bb7f44e00
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5b8bb053fd4941b3fc3580304a9008b7c
SHA120fb828d4d6f4c90aad2eee255d16525fe18e30a
SHA2564ad10a9e8a3f4c3f324c94be99c0e4c1c17e263ef409360a9ba49a0c5fa2d4b1
SHA512af1f4347342c48b39d90f36f3b4c7eee0fedfff1f1d133948d52a23ff1f4e84ecbc7b5051b4b59d0a782dbb041dd1e08942c27faf64f58554580aa6870b9ba98
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5d1c5af5c148058f9aa30aac45b1b0f9e
SHA1947bc7181b3cfea69ae15c865cc4d13a9c54688e
SHA256310c66d1dba147193dcbda03f0d5f4ae6fbd96e5827a20b91d23a91530395d03
SHA512cb02d7226c6e63ad0dde88dd3eed4c65bd6ca20d1f61895399b97dbc714ed3b95882a9f7fd09a491b06eaa7a5b258d1c0ca685a6ac725ac0c8029785656fa93c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD513d7835019fdc9163b34843adc88bf10
SHA11b48cd29750aeded6a37ebb39ae28b0c11bbe430
SHA256afff5f1a649f81955240ca775e07d04c06adc39889c9b8c3665c2fd3e879554d
SHA5126afaa19d46d4bd1b1146da0087310ea122e79836440416857e462d141edcbb6408522bac106b9e47dabc47f97021dc5ed2fd7a3edde572f20a815178605e0984
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5dcb94323f99a39c369ff97e3daf1615d
SHA135cd90602c179a14acc7816b8af0bf35e252c994
SHA2560421ab55739f5ce0eeb365833c21ecbb107ea1f67d11d002c8482e3f3f1942c6
SHA512037f377f4a4703f76083ad7e27dce6ebb38929109700a6ecaa20e021021ad9ce608a3057116aa92d076ef367c3ee14a8f128194430a4360ea30b309795c5f8b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize289B
MD5329c20c3622c7ca74dcf27ae0e977d35
SHA17f94dba75b989ead672fbcbf8537c3d67c5de6fc
SHA256da62fc2c06768f1d2496d50e130e8d648fd975012ed278e7215603d2eb3a412e
SHA5125c5b41e5f4f359140a7674cce5f2bf90318806ecfa5b5bfdefc4adf7297dbdd15f0ec5efea4af866df4213c99e5914080c3792bd5fab91be12936c84bb07111d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize385B
MD5113a6c9cfc717592736e4061a6f81741
SHA1ba6197771a9ab32ddd99bff844240c62b7ba54ac
SHA2569a235d67ed230a7bcfdd5473f58de5933a28e4a0ec1fcd2f2824749678e05a4b
SHA512eee1d1d7b3f6fa70ff76e1c3afd9a8ac1925f61a31ef44b3e451afee2037c0a60fc99acdc6d307e12d9a893501e7805d02f012dfbf1ad1df67f049e37fa367d5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD589f9df5b9c27ce1c39defa199a18c7d8
SHA1838db6ef6744bedf041bc812b52fb294b219e972
SHA256e693f05cc63fe8a41dfe4c2a4999c5e6bb364cd8ed28ad52a007c007395a2c71
SHA512d2137aa8ad9f26865d2e46206ad1012ffe05444816261d44981ad3f3298a77577c39bd0eca30cb322ca43156874efbe063758ce4596b031a50f5f31d0e039c4a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1003B
MD508233b6e1e8bea69b5c440959392e3bd
SHA198fd1dce05d2d4c509fddbd5ce813b83d25dcbe2
SHA25678a93b2c087205c823ec300e7a8bb069981cd4038fc64517fdabbe35f3b3271a
SHA512a59a3a88f7b1f5d78f857f74231d91bbe09ee0175620fbdb977d802caa84b3b44825605abd35714bd01b71f5b94f822d16c08dc5dc4ec234aa97f98ec43160ec
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD57c21ddf0a0e5c4a70cf3cc114a3befb5
SHA1ed15d74ad536a006ed4339bdbd1ed80d4952fcb2
SHA25667b7ba959c5161d5e01e3bac3018e9968628edb041785bb4aec1fdce4f1d3047
SHA512a4fc859bb0db654d98fa3ccbe2fe33e7d0666ac0354e0876018f85c9eec1390a5e06c04d4e4e0ddbbef58ed68696441fbcd4db6013e8340817c83e42f9f55bb1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD538f35eee00114d29cdc40cd8022dee76
SHA1e3a3d8b0ece0a68acec3185ceccdd822d953a718
SHA256cb18404e3078d555656085984922535ab97ad9c2d71ec42074cdb66d7bdbbcd2
SHA5124706e66470600698d7aaefe111c48dab64663553814eb3be4ec840ef0a76235663d456f7001844465717a3b7e860f2c3f733a23bdbd097d068726a06b74a51af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5422a0525c6d273c6fc92ca26deeb382c
SHA1cb924ad062d264975a472d1c15774aec87ae1d9f
SHA25652560c5b394add89bce18cb41f1cb286d854db5f697bc1e09b806308687d3bf0
SHA512bf483dd49dbefe42c2278b2151dfa5731872b8d6b4ec761d68f8875d08dd0dbd79998f855e0b809fd15f31bfc0b4ef8f1d7efd18c4dfe2f2470a200bb4120fa7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize556B
MD5ca19dad92feb2a96e29db1281b6ef2c0
SHA131ff7854e66cbce04ddb58ad7fb4fc5216368a0d
SHA2567edd8ff1bf564a8b98759b82047561a9718557f5d541e58d8bba75735bd7d551
SHA512955c0c91c379e9de31382a981e84c14f7a254fe96e8bc69d5ed733068102c434dd63303dcbb475a1d31400f74078ae155d4c81a4c1f9544f77da90e38d6490b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD582c3f0dd1e451ac13b531f967f977732
SHA14f7fc2ffe69f68ea16be1720b48f460ea8bfa371
SHA25660fcb7df2c5f9e0aecef2f37f437f4bbdbbc65cb3fa5e409bf820d8f5005e310
SHA5123da1badfc4a02a1ed484bbfb5d7cb3ac8cffdd3225b8152ed7ad8e54668872411ee2b7079311a0e0e9f2686154fed3aad278e580fbf21e4c78ff57e0bf6cf4d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize826B
MD526d492bf345b11baa79272a3625bf4ba
SHA19d9d47aef106a38acf3b739d54d616722eeea661
SHA25633305ec0576d874322f2b27a2a7040fb2862774752cc02cf56ae876397c150ca
SHA512f4a4ca6ddeedb9d01ff6dbf781a9f1072cbdf0cc7cbbbdeca03fc3e1725554fa8905e7ef56ce7a02f849d06951960ff69f4895a1bfbedd3cbc73911884f1084e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5a361acfbef1fba2287c54ff52f84765c
SHA1609281da117d4e90fab036be4a9c80cbe5983148
SHA2566caebc152f0114cd53c6f5a12e6795d9098ced6274d74ea4d5d70704ccffee2d
SHA512daf7a2f22e9788e1227ec4e93aea801d5575dbbd2d39eb0d4a83c85bcc1256b99a93a65451bdc4b46f12de0d969be6cdb3b9c368d58011b633eb408a6b1d1d73
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD59a5468f2ccc799d5a0620837f4317e92
SHA1c2e23e60c8b18d205da6273d67d48b5377ca634e
SHA256bc216c51aeb58b50661f4677808d7e94f6aaf884b76975d930c97dc0c87215e7
SHA5128ebad6edeed809434598e939a4ccd1de63d74c8ccc3458cb65a2649e3a887600996d08da2b668a991a228654a8f2ce23ac95ebe903eff5b54667687087e66f35
-
Filesize
26B
MD5b2890cf3bd97aac347746072c7028e97
SHA19a4c919126522232477ddf93e487dfc1b51ba5ee
SHA256460c888926b71d1f00952860ccf79815d24a8d45597206bb31c4f5bdb8bcab63
SHA512655857fbf4091f7a610edf1bed2733398cb100767f1fbd2ca163c8b145233217c939083389cc651c5706eb86beda310282ca05c3bb44a2b26fe2d6f90f39ad80
-
Filesize
153B
MD5abf131c64a2d252f05d00b5aa36a9dcf
SHA1e75ed214987bfb40242ee790c883c7bd878dc107
SHA256f3062f4ef55bf421da943473aacc8ad237556e8af8a5c10646ad65215df0dcdc
SHA512d9e307e3b5f111f8c3ddac85d0315470b62e5f847cfdaa026cd28af326280aa35c2013340963d97cdc0ebf1b7d3692768b85cdc66d869e371ae7c38c25268fab
-
Filesize
190B
MD527d05a62a36bac8ae02bb602cbc113af
SHA13d5d3869e9b7a790b917c857f2d053b758188017
SHA256f151ded4a929600c9f155f098c9a95252fec3349225c2da6336fcd4487c47a49
SHA512acdaa219a6fb840c31a968f21f2fd12bcaf963ee0a913b1b4a303e729918d355d705e4f9792e64836ccb951a644c4b9549901fb7be251fc843a9ce1e9f441a4e
-
Filesize
190B
MD54cc175fd678dab2e0792f644fcd57fb3
SHA16d7a901faf33ece9b0840cef892bb1bfb4757544
SHA256532cc36434cf77de679068d9a5e66d12f29a59084c66f7431bde9c4eff1b5b9b
SHA512e7df9a111323f1d5e608163ccc6145779ee2bbc8ab026d5ee612d91f3e7c3b14353f38f4acfab5c93b056363b6568a135396c5fb233207801632f4e51a4ff1ae
-
Filesize
1KB
MD594633d4a7f5c54ca8c4c80a7cf72d9f5
SHA1caf48b2a2f956eef54cb665a9b75ac76f74955d1
SHA256fcc05025bd1f714454d437148ade7b91cd1201ac3632206235d2d638b40cba4c
SHA5129f774db63fcd26134e7691f4ac0b7bb130990a611bf5e6f5e79379acb85a0bf49f32dd0be42cda8fbb0de8272d2cea68f503637e64fccc0eb40b41f984e0370b
-
Filesize
31KB
MD516717eb5a65478f0b472f0a52282b55b
SHA1fbeae55d5808cad6dfaad782e57c0b843f1e8f17
SHA256d7e7ecb6b481d17c592c30eccb2e44f72016b3ae2b1e4fd5439da6294ec03890
SHA51234bf2d0c2180d4323c01556bd80f81341ca9cd2c83bc34b375f44d245594eab99a30d364d993bfcd607a9a980aad37ad6bbeb411185b87719e1daf99530d1cfa
-
Filesize
34KB
MD5ce18ee24c35898cc6827e359f6d66f57
SHA135ca34a2cb2e8940e767ee8164c70f4d9e4d88d8
SHA2561f6308af428f878595539da9aae936789a9b6fcdc0d2b712edba88692fc3e0e2
SHA512fce9607b0f5837c0be0955573363c778ec83cfa18ebd862de4e615ae31a21ef55f34baf8966b042b41a732d185fbde5171987c2166598a35f24cbf612c1a509c
-
Filesize
23KB
MD5db5ed01279b296fab0b16328ba35f1f5
SHA1c391c3cfe5c9fce75d8d5678774d8aa56519ae6d
SHA25637bc3657222a8791e6b70c3d84faeb379921373bca7ed50c94e39b872da8ed38
SHA5129a0ef97ec458cc978357457b399edd35cc580cea0efe009008e255f016494c7321904b3651697cb689d21a28510b2189918da3897a697c3535647356eeaa25b9
-
Filesize
2KB
MD55f7ee0e9026a1653360344fc688c2a2f
SHA11657beec21c6398b52def972aeeb690077487eaf
SHA2560de71fcbfa45baa3b89eb88c00b190c4fef23cb0cd9236192c4d60c03fc56319
SHA512db9450fcf3bf0315ae496e2d08226d2b63988f4299c89777704381bbec9acb633ff9f1aff71a19d402ed8319775d9793db189788813c86095fcf86a78416ae80
-
Filesize
1KB
MD5872e1c2b65d97ed78e12c21a8719344f
SHA17b7286bb8c7504f88ba4c266dc08351ff50abb23
SHA25646c4b7cc9c938838a6aab77256189d60dccd9e9e6012d814e60ef97c32cabd9c
SHA512344b8aecb4024a62de3d2c4c972ce66e762c2b1a034f16a163786e02b02d73aeb1112cf46e5f67264e306b2f2a886827ba2cfe1d817d3b8eb2a60c89afd11861
-
Filesize
3KB
MD516f4de1376eef897fd81f41ceeae4262
SHA1efef17bb07ccfb5feda2ff2d6db061ff6ee62a26
SHA256cb920ab9f326d06ba8052e68586e52b0fae33dee1eebe7e6b5460b6ae70340d0
SHA5128c56c49a5743f6617910e8e019d7090384ab95210fd24ff186b6566da372653bd87add153f9a0c9462d203266160db9e2ed01b9e43653ab38655f4f7c37042cf
-
Filesize
2KB
MD57c375e8a2a24f4fb98f5308e020da15d
SHA133b5f52433c8757942e0f25c75918c7542be2f6f
SHA2561e81bded22e4829fbb04c200519ea1ac0a4e8aa80e8d1c72bda58864c1f26c2f
SHA512499a49bfd276d6c96c541779ef8a60281348f36c98e81c627874023781ec842b109f84ababfd8eb244788648f308898e054f98238fbfee2c231915f3f3abfd67
-
Filesize
5KB
MD52c24a40b1b46b625d8ef276cb953af95
SHA1fa89f677b7f96bb144b861a050c4f3f2ecefae5e
SHA256f97da01627d90020ce36129aca0369e90f567c87661df42988de029835780ab9
SHA5121c98eae885a0d893dbb2ce3f9f497334f9362122965ececdd9f9e6dce7b1b54ec79e1ef1b0f4ee032ce4dd27d3cf760b74d7d4434fd76dacc60f6b40f3e0677c
-
Filesize
17KB
MD5a76458de2e6f13975c508db116e310f3
SHA110dcd232f283e9975633a665eac5e85aa4b206fe
SHA25688710bb4791d0476c2f4328c060c63a60437cc41ea5873f943065b407154d37a
SHA5124165e3a36d70a94ecc621cac13f2be517c273078608980b5611e58627c65e170b92a5fae054bd6dfe9d0ed5c966b21b5be113f3747c6a1dac787aa317ae8afd7
-
Filesize
320KB
MD5075d3b30098ab9777e109f8408c09d06
SHA1853c8a0d0b8a568a53ce9d946c0bb01e97f174e6
SHA2567e6aef839c709db1e6f462782dacac0a1a7affd01790cb7f48195fff16f4d6de
SHA512014897584b359a5f1ea7f75d71b96d496ffda045418fc85a654e280689d838f3aac99b0d3f6e01d246f44d81cfeec14ee39f1895daa37c1fa5abace09a291b88
-
Filesize
1KB
MD50b40135b4b1f833fdbe49e08fde053bd
SHA1df0b1b5430b2109b3f4af8bc16bd670ae796b474
SHA256448aad79f1a7e174dcecb7aa3be0c7d42a7bdb36a7c79497dca8890b7ee1bd18
SHA5129fb3067ed33f877588e4036fe13d5bac5ad4fb2bbf8ab8ea22a1dd04c465803baf7fe02b941daafd9575c79063d70a15cbb83c5bcfe0fff7ac2f8fe2a72680d3
-
Filesize
10KB
MD59744aba4b53f0814d04b7237d8734373
SHA18c3a1ef5f3f8ccda154477970960b24d5f8bb2ae
SHA256ad731ae80fb3e26ae7fcffa4d9aa4b7dab4164724a958ea0fc869076dd336d6c
SHA5127a6c035f9607a36c9a7742cfe3c80acfecf41b1d97b6eda04395b3386ebbd82884003e8b51b684d1dff49c48bcd198ba3032c7ad402f51e73717a1c7d7b27185
-
Filesize
3KB
MD5e25e104262cbe69f34a2a85535179e02
SHA12a49cdf1c299cb81a3f3a2a1919a08580ba90293
SHA256444930969f87144e8e9cf5c9d8b63a390b43e7bc659a6d29ad978d59070caea5
SHA5129cf2aa3f3aa6b83e0da2e71c9f898f6ceffbd1dadd1e88b02bfa7a54786e52a555bbba7d245bdcbadf20c53262f0f230013bade45a718f098217d700287478b3
-
Filesize
162B
MD5ecba2e1a395f56ec76a0a0a4cd0e3827
SHA1298e10ec77508e899e694055ccb6da28f7df8988
SHA2565554fa4b83f972c1fc932ef98cc5db6787c37f735498f2a0a7c72cf5b498d010
SHA512bf9423aa5b6be41cb830b1af3e924adcbb6a9cd9bf78cff04b3df9ef6a15746cc6aedef3bbd5a33c66e757dff8a2ec5184d941ca14c1b7d2142ff12959e9a6fc
-
Filesize
1KB
MD56a39deb9305cf5e7cb5cc6b998692375
SHA142e1f12611b6fe44cf0f52edf65a8370b6c8f84e
SHA25655faf5d6067d121f5a30acbbbbee756072d3689a63ae85442b87940d27905d3e
SHA5129ae073eacbd3de4dbfc8b243018e96535c7a1d0ce5e7f998a23f5921452b5f385cede19d80571b7c079c4cd69648756a79cbd40b042e88019c98483e83d009ab
-
Filesize
3KB
MD5054e622f012d803bee79ff4bb45ddbca
SHA155e04d64ebf0bfe7433d091b1fba00de0df35a67
SHA256e11296c0fddfc5241ce225f279687784b9c380a2b7d1f00aa2b5e57063f11374
SHA5124827d7c2c59d1be266672a20dfc40ffd19070a791f1b0fe5c584d9ae5dd36f88beefa0b22dac79316acc125f1a020146994cd13da08bf6acfcafb7ce10d09b86
-
Filesize
1KB
MD5a4dcff03073348d305a910f4822c0021
SHA14ea981e49c22cef5b845eef74b7509b7a5664894
SHA25662c224881ccd00b622d72edfb8c34669c3a9e0e2ddde57aaf5127e720db3eb44
SHA5129297dfcd2e087a0370770765e79dd67a71ec8e23a0169e909ee8ffd78298a38c93c0a11db7b71edfe21455e61d968b3b601e43068eb0bd0d82af381ab2e9421a
-
Filesize
28KB
MD5163c8fbaf76b8c0b007242d183bb5935
SHA1084ea8e734d19cc100dd0d3171ae355c7838695c
SHA25631a0c5cc3d04c04431f340f43cbeedf4e4bbbe0fcf8aa4c9b6c23162c8d316bf
SHA51260be1cccea7fc5f42173974f33cde445e759fbf7e8a93dba7854419afcc4a2184fe653ae87da4cf1273b1a1d047a3bab3efeedb0f2457974570dbf16e0586bb1
-
Filesize
2KB
MD5713273fd7473b83e38d8fdb84320bd9f
SHA104816cfb84112e8b0f520a7711773c48c2078b83
SHA256e48d171ab74d24bc0cbbdf146f44515abc7d5f059788f5b5c19862cc673f289c
SHA5129ec37eb9a93b7331a64a2c57021241793e033a4c909691c897bc0a516ec7dd6b5aef3402e4ec7b15b0aaee29f850bd519d84cc5622669479e9f86d4f1b94710b
-
Filesize
1KB
MD5645bab50a2c20a8eb95e27ea1a5a5a19
SHA12b2a630b37524edacbee156c308af6d1c5b7977d
SHA2568c65115808f6f6a41d7ad03971ca6a6b360c718d8d76e57f2801b0e2927c611c
SHA512595814d09556667ee0df32fcdc08115a05c512224bcaacf4b2d2a9c67da4204de739da48715437d074abf503fc15b64a02d6f219ad27a731b297ca4675d8f218
-
Filesize
2KB
MD5f8b196577aff0d87eedb0d58477f7e5e
SHA1319735000c26bc208b3024c9b66dee58080063d7
SHA2560bd7db0178691be8e43d6da299e6a0641127887d93f2dbbd6e17ea13dd6e6595
SHA51225513b1107e7a5830808977508581631ca5fb0fcf813303e3390f21caf37d8318aee8cfb1d521e1d6ce2437fb1016d85c73201b107e85afa4b7102bf86363e8c
-
Filesize
1KB
MD5bf966e3b991cc1de92603906fc2c09f5
SHA16c6f9e4fdc17a7e13dcfdd914f32708c3e89aa6b
SHA256da24531e470d86ae187ea762626008c41b04ddaebef5d70990b66a2238c6eecd
SHA51232e4af25c50220a70b1d6fc19ea7c39f97d9e5463d0ac09646784f29b30a77442e53e2fc973a6687b1c5efeda493f78f05024859515a3f82f062f2ab52337ab9
-
Filesize
1KB
MD5706e41711fea6b7ed805439384781130
SHA175891e06e51602a83d83edab22e1dfaff9edacf3
SHA256bb6624279c9dc7f7a0ed2e4897dfef652e33108aa1cabc86ac291955008ee1ff
SHA5127f1e64361355e608b07d3de747f346e536e5eba63ae87ca312765a3b720ecdbf51c3ac090a262d549f5d732b735dd720ef2ea1e40ed98351b5146c6a57396d69
-
Filesize
1KB
MD5df8f920f5b44ddf1617bc32c043520ae
SHA111a3dbf29fb8cb41c7dec4f8b04227ffd3c3e5aa
SHA25638953af4facab7a9dc21283299cc348aa1c088901718233ed3ba96e6e09e334b
SHA512b936bc58729e9473bcc465bfb4e449619d1639f647e06722ec7e2876d4557e84f608f57119147e31f1a5ff242b66196034a85cbf4b19110b5d86dfcb2f3edb33
-
Filesize
3KB
MD51dc6113f3d58f1f2834da10a30256d0b
SHA100ef072adcefac1d9663d829e34c6ae1c35867d6
SHA256d869d014d6813d57ab3e9929e929b4b4fb78a9c05c95481a23b04dcacaab1d09
SHA512a902fc2566031019ef22c12936659efae8ce3656669b1602b50a3bc6263e8ed072d13cafc71bf81a1467a02a411fb3186b6a24353d4c775d0f5f72c94eee6b13
-
Filesize
2KB
MD517b5d079c7b27d3bf5f6940d3261ae3d
SHA1e6600eb5302a108b32d146efcd00b5872a7214bb
SHA2561752b5cdc66ac311449ebd88e49d1c4615082df23e3089de43666f0482ee5ac8
SHA5121086eeb3b1555df9637ded0096509ce2444cd928f154d5182151c16502a94fa6f4285b86871dfb85781402dfcefecc3902bc03aa1e09378a26afcab9d93da21b
-
Filesize
6KB
MD55896928bba4086daec598d133e1c822d
SHA1006a0908f6af556559342d898d90a2cdc02e508c
SHA256fa8e03a54650dfeaf5d0fe6fc76554c83f1287fb8e6564f01e3a54232735f9f4
SHA512382ba70f1b9ad34b4b8e546169d0ef913feb70b8ccaa30be93e376a9588823b4bb1f31b37d1d2709d32ea1e46c2e01540aa1e762411f51a55218a5f1958fe1e8
-
Filesize
5KB
MD5cc2df707031d942cd0706cd2056a1988
SHA19a6d1ba277a6c8090f0fb222b74ab553beb6fd87
SHA2566d1104801007eae8d4d2e3d17da9c46322d4e30bf57b70f9c7cdb6dc1e0365c4
SHA512db853bb5edac54e34e7357d78789e60c7a44c5f4f747fcabd26291b3346d009082098f2abbc8d8333412262b0d18e6551d067a5a784ad843c7d2a8dcb0ff289f
-
Filesize
3KB
MD52f18788c5ed30f51d66f35375004cef7
SHA1a062117b8c61330a526a81afde6c5c8e5c1aa84e
SHA25663c4cd188ffa3c02e76dcc03fa0725042ece6d8598a975f3b41293fca440e8af
SHA51201b0ec427fea83eac916b6de18b2216c1c6f3b44581215539bcaa2bc58cb61aca11061d03b3a045db939c06efbc2efdc92e15891ce7c392d6f8aee2a5a23ad74
-
Filesize
2KB
MD5057a59f524e81b597e7645f597ecb0a1
SHA14b8e4dec0bcb6450a84d36d316cfc1de70924b1c
SHA25649fdca22bc1f266367ef135a99c842a6c3440e5f0c8b5aabdea08209bd362126
SHA512a24be0de4ad17485008419b2ee0d9e9894c3aba68165d351d300ce45013ed25b56e4f5586faaa614e1dcb24999a62679207c1a2bdd259e4ba352f75fdcfe72b4
-
Filesize
2KB
MD5518c0525e61a2063ac96248b40dd9be0
SHA13bbeced904d767ec2780d3d9f279721e4dd30cb1
SHA25620294f00c3aeeee2c51db1fad2613299453e1ad8a5e12673f3bb0dbef8c98426
SHA512d9a78ff27942d96ae14ca406d70071fafd676f68e58856ede62ce600df9c2b9c681082b55fbeaac51e9f10f896e9ff9590df3e21085ce34fb2f9924632eaf78d
-
Filesize
1KB
MD5816030fe9d6cf52a5cc35bb230ffb02d
SHA18f778d7a68cbd4ef9bad8e078c89ee66755c194f
SHA256292fc8d558126e59cf8e600612dabd442d32b601dee5c43ee2919a00c02ea09a
SHA5120b6756cab0f70905ae9847a6385c8ff48d4360a1583466d1553a4b32eb7e506d87162d8af1d99078b104b2bb259e1369c63ce88f1f433411b8146465e6a71c93
-
Filesize
1KB
MD51cc743b8857ab7edd1f3215018504475
SHA16230afb3639a5a792fcb2d097f7c70150a097165
SHA25654316ad41a60900b3d076b2d74589d65ef96f45813a8e5962708b06d1e4ff06d
SHA512bb51f69be3271a74c12f9fb84896835dcb2679ce81372e1543a946fd16458687d84f7cd0e111fed9d9fce745ff823e7c07ff8698e400a7ffd8c2933885ee6846
-
Filesize
11KB
MD5a6255bf09ae11e18ac613255101b6f49
SHA10b8fd2be3b78259421902581bd805a6bf6dc3306
SHA256a0337bd8a97fc296fdca11f7f52dc3763b46fe82cc61835f04f8f4dad4738c27
SHA5124eddbe10e3219ecdb272eba28919536419af433da8b4dc10ca142cd785994f3ef17a50f8d3fa95a3d31e274160ef9e3d3e5edf4328c33651a158202bac136611
-
Filesize
1KB
MD5295600963d8a9f3d86bce9dd9a83b929
SHA1ace0f2adaa63ca7131353565230118900ae46a62
SHA256746097ccba3a32696538226e804b16c3dd17a736c11c1211e0314b1127047801
SHA51249a361ad7c4a8c6cedb8d20520870e177136d8bb7827b9b1f177bc13c230f8af583e344d2b304d0f37ac741c8089c2e2abcfd38c8a4292bb9d766a05b3489843
-
Filesize
2KB
MD534c0130b19b8e12abd0c571f1f9ab4d3
SHA1176c884bd44ecc33168bcce600f6dc052c091f6c
SHA256c116e06b93e041bcf5b3953a80b58a9edd62e87e4d484a40d99cccc6ab5485a5
SHA51224329a153cd96b445a879b02d37f558db4e7105806c22a65ed2322c0dbb360b38f5ece42484d1620316e0728d96517386ff8723d4e0c33c7f062d2183cea2ca1
-
Filesize
11KB
MD5c54467c780ae5c3880c88a2dd2656cf8
SHA17046fd2c8bf7552c08231b2a770f9c076cdcbb94
SHA25603813358f50e7b42312b62ef651c81e78b16f4f5746dabefed2ef12f594ca72f
SHA512bd3d779a1436c9b866753b7b2e57292dc16edbaf8c882d444423b236edbd3b73b84ce61553dc5d3b39f551fbdd59fbee5e05f9b630dea414fab8eecd99242e58
-
Filesize
11KB
MD593b1625aa15449e060d42086995967c3
SHA16a7fc6ec0558d7ee0dff7deff50cc46d267f1e72
SHA256fb292f61ffb4ce7939cfb79b56aca7290356e6eac114367437a76c32d222d3ac
SHA512ffef10384a50a40909229625f0ff8fd2271c28fe1cd0fbfab850f34b6ff96aec25e63bd648a5709399ef573e9f5668ebe0046e9bebd789affbef605613ae10b1
-
Filesize
11KB
MD5a80715b5623a9b0ea6576dcc51b30bf0
SHA1a7c49ddb244072b3d2c7d3399772b891636b129f
SHA25657d3e50d2337a8473c17351cb9612e196f940b68e6d7b0162b0d6682217a0229
SHA512cb713c065ab5056ed334d8c4d4b2b621d53f6ad1c849e7d4a7f39f4b2afb3abd192f02eff6c9b8e6f3f8244cdcf51fc14a00412d2baa9ecb1d1e055c52d1a6b7
-
Filesize
1011B
MD5bc96997ed3a23e06943178c07844e8f4
SHA1206f15231754348587d4b397276dfae3fa869bd8
SHA256646584335bdba3fbb6ac8784ee0a4dee874a8cd20ccec9c68acae99e7bd777f9
SHA5124b67bb0f4a607ce410ac914a6480b0a94de129540ceb255972b5e4b7f938ae23817b84e0ce70851dcc3d130f259b147860222b47d0c7e7b2a7698f1885c6bf96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt
Filesize77KB
MD5f924652ceee90ba4024b292f50606d51
SHA1ee70bcb8d0eb3f848ca066e59db569d99d73ac3f
SHA256fd32b52d6fed808fd472401c60d30ad0d658a15a9f1246de1ca57a3d0519ca43
SHA512f55249f6d837a09d13e3879176cc52cfb7792ed938ba1891c33f2382e5f6a15d20321118fa39a27529f1d7e742d89134c10f6f514a9c23d948a2098b69338b07
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt
Filesize47KB
MD529b8aeb04b2522bae278b72e3041f5e0
SHA177063b991395fc66835a4548868f3a502add1453
SHA25694709ad139e1db7734c27b778809a3bd873664a506d3833143d2c6d531ac802a
SHA512c64162d6e58db396233eeac9265a8e343eb0c6c4a7b7a0b26af89d3dceaf2e90e3bc736d71d93e99b8c2f30d9b40e7aedec1b0979a53f4ecdf8100237b99cddc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt
Filesize63KB
MD5033fd518886dc804edd45a60480f9aa4
SHA1ed42813e7f68d8f1059d5054ac54720e55c9e62a
SHA256129420b445bd23b1596cfe058458481a218bd622110d2e455d42ed0f098a06d2
SHA51207d12c326a22f73a8042710d039be315d9553967942aff4e5b598f56484b44b62ba01323d16414e1556b3eb2d222eeb7515ef4e07be76b4aa37677969011b21a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt
Filesize74KB
MD5f0cb2b89fa33d6208c7f1254bdf90c20
SHA19ec14e8cb0f8f35aeb64f49f06addf65f107544e
SHA2561a42cfd06c624ea5306b552f7d29e8c32b36404d0adb7b7fae7d300265d0c14b
SHA51290678afd8878ccae494094deaa9fec350e440ee15dabf839d1d39120534b6c2f2f297e4d52153380871d558325fb29237688735906684514c0c52cd3edefea14
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk
Filesize407B
MD57bdebef23629a746d74076f95b67493d
SHA1d7643d8895c22e3cd60f9621ad1476f4d3517d16
SHA256bf5d0e547e1c0a3f31db052b6b8aaa9b5c7881c81528f75ca40d2f2e68303c9d
SHA512598a30dbe021da30dbac2f1e607d4f566f9ef1c85b4bcd5c6cd6e2745d7dc0edf602d13b4a0d3bd0181681f3821d9bf8b3bd4cbcd6cafc47a6caa4737b35e908
-
Filesize
21KB
MD564a17e4677a11daf682876bab435f60c
SHA1eb4319b6ff9dc50a02f1f18eadbc42cbfcbfb030
SHA256626458ccab34b338a130152e1bfb49a4dcb775c44eb2993228ae7b5cc25d7879
SHA512bf0dad5c9754b2299d831741e8458a04189f7437cd97e007df311246c065b93f7594058a9d2844a9ead4b9f0b5f036a39aae8c02f6aeecde8ba913735f4de668
-
Filesize
1KB
MD52456e8cc81424ad20c7583abd7ebcf3d
SHA166984f2c3b3d6b83b3321964562a5503039af80c
SHA256aba18b205c1ee14d9fc1516b1f7c37899b0b22636f472b76c8b133a5d883e5cc
SHA5125b87f2166a188437f9609bf5cc02a5e7935f97b0488726f944401b7c3565b7765551f66a207e233a182ebf64418bf765229a16314e0b72481cd93e29f79f6161
-
Filesize
952B
MD5728a877bc0e0dab33ad7a53dd390f3ae
SHA1a52634b80fb864a8c2b9976339b48b14cc6e496f
SHA25696b486df3e3a20f03413bf19127ee30f9318c667fc0e37744e6dfaff9eed8fc0
SHA512c928d114bd3b552197413a211a29c9c5b4fe559e395e19921dacb73802a812c4776c98751bbe015635a92882841053397abdf45106abaa32a4467c10e2ab0dd8
-
Filesize
121B
MD506628a9043b71f0c8223e79441199dbc
SHA1c3c325a2dcdc1f347f1cbc851f225ae0565eafc7
SHA2563d6d3c6701e638291aadc809ae0818395a679d9b1ecf69ed8139cea170973504
SHA512bdb39bb9ec7e6993af00757bc0297e8a24376fd610f207c4765e4fd7a7a6cc6dfca73067587c9260d9915783d68f5e2145a5fda265bca30012bf8c0a3fd1b29a
-
Filesize
1KB
MD580c8a00e9a20e65d667f438ff3e2265b
SHA1c2673cc25a79a31748b11d0c23cfc5102ee5bd80
SHA25647e38060940b64686464091d68a69e89273f0c02b8a3aba9b6c16286704ad8b6
SHA512602ab1e665209e05cca352403745b1e77b6eb1351daebb98db62a9b56c81f9a387c1886c7d99335d2f733b64663171678cef80909701fd9c5cbe77cfddadf451
-
Filesize
8KB
MD510a6a5e7200f30919d71a050b67562bb
SHA109126bf0836f86afdaefcf66483587a59e8197a8
SHA2566bedbcb06f00ba762cf6bad561230f861ede6c5cb3a9a06d926911f581c35a1f
SHA512af54227d119395fcd3c766e266f37b292c7a985500e11fc90a60ea5746762d99bbb749aedb0aebe4eac01a4c1575b0e3b0ebdc394c0caec9ef0bc9ea334b0fb6
-
Filesize
61B
MD5f27d7642e7baa968d3eeb206cdd0db76
SHA1e68d462b2d4ed1c4f2481ad02a8470c9e449c56c
SHA2568b757b53eaccbf645d159b056fccfd440f2380f7795436e0129d546bc3c4ff2b
SHA5129d26a1c19ebe50bda2a2f51b78f6670570a6186f2d58d0f7ddafa1bed851c82647c6d34e2866e25b4d08691ce12abdcfe8dc0f60bdedfa8f370a524d8fa25291
-
Filesize
914B
MD503092a426842ee9e3d196d1b74596966
SHA1e879f6639a1bce1e2290e28900d7d8af8bd9305b
SHA2568bf67ca7df0a534f3d0b789987c15982d8d145f9ac84490e06498cd67f95e67b
SHA5128a898052838b78beceee239cd368e00bc9cdfb3efe7e316618ee3990b3a84f319af69c0ef8b3d147a446b964aa7565681a8124a8398243c44918fb7493837e80
-
Filesize
90B
MD5e0898a5539776a45c76b0b57e2e0a0b9
SHA1f14f44ed15f43cc34593aa1dfe7295a7ce827cec
SHA256f9c3b343e309b313297b17040d06f6ebc13d41b756d26f3f3eca8510994a95d9
SHA5128c08a58e6f96e1be515a414002a16f48b51cddd62b8d37568812c9bb2d37b5032c0c6b25b19cfa67f5c5b6438aa5dbd601ff9ee4e4997575446be27b8e43a436
-
Filesize
90B
MD5d608c80ceafcd95ee0ad5bdc9e642ee5
SHA1ef5f9fc42fcff6926116860f2f1ba5b93d0cc49c
SHA256fe445fc9fab544110468fb0e7e559cf7f2433ef272b55a1c6fed13a46040e1bd
SHA5124c363f83be59249c096a79fe95ed18bf5763619f0e915a80194684b7a8a1f57bf10d4d1708f39707e66cc63204d94c279bb24b703a7a06a6e0ac8ad6bbe45cf0
-
Filesize
328B
MD5c12d2e4f40b88096c4758be33ac64e1c
SHA1a26d37b2483286cce7dbb9de53ee62fd26c9b60b
SHA256980d2d49f1ac8fdab75280d7544a2e1abd35dbdfeb0f36f2b81fc47a846a4951
SHA512a46e2052e7db86bad8c5851018c501ef28a673385d02d3a561fa5b6e2da7cb122501d07e3c94e1ea95021f2734b24ab630bfac77854457008d6812198fe058e6
-
Filesize
1KB
MD56518e1d11419ae837dc954f10c0edd95
SHA1e127d480a466a27d8a049663c126205c2de21be2
SHA256dfd90058d7b750d7e009785bbbf4f8e89339b3140ebac1c87557609f45e11dc3
SHA512490c629c5533a9aac192ade552787e2df9c4bd354d7cdbf6df999d1b667aeb7f0a35393ef344ac501146e293a51cd366d291d81418ef3b7bdec4c7df106a05ff
-
Filesize
162B
MD5201267ab2fc0eb112e47835b0c00c2b1
SHA1b1594fba5859fcd5ce9c2db95053531258f6dff3
SHA2569b706fa69bd03fbffe76005d514d7fe8f6135bb4b9f1fabc382b54a49b947acb
SHA512d7059606acec0c1aaad4e3dae5496fd3ffb79469cc71c2f0d9a409098dcfb6aed04926a0f74df9f6aa422858ccc3b097f1ef5e75c854b4f3cf5eef49e3b7714a
-
Filesize
586B
MD5ef382c75f8375be0b022c39c7a3e6833
SHA196782f71324a65c05d0104b15a0253437f1a514b
SHA25647b1dbdcb542dda5d441a7bda72bbba53f2a8c92916d6aa1373ddfc01be6928e
SHA512f0302c46f736fd294737faabfd9f0cfc5a94cb36370824a73c63b08146892dcaabd9bb6b6231f7fd8f9ae6edadebae507fd34148bab94998c4e9971532789e07
-
Filesize
124B
MD52ae2ca819d90bfe1d4fdfb4dca7c8278
SHA180c7d721c784605e2b0f25f6bfa0c8e3b1873fa7
SHA256e2dfbe2587e7cf3db39a5605e8995413e1a9bf32cd86d367bbaaed9b4cd2487d
SHA5126aee7695875a4e4880965b3ce5e5ddf17ac81070be58b91364344a4bbdc56ee4ee5fb13af56b0c95444be58138c7f5aa8f4cdb97f2d277b2ac13ae0071a0323c
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5f6620f62722b20fca3cb6a922f5fbab5
SHA13c0aa2a32268d80880f68a89efc88eacbe65dfcc
SHA256656c5a7cf9c06f80135e04422dde55b731be6a7914dfa0a1e63e9d07da2cabb3
SHA512ad1d4fedee12ed92361c3a4cdb891cdc51c0026018bd9bd6eddd083f318307522846c6bac9e73769c390b9c50bb8513fee59fc2421e9ca4420c2f53172f0fee0
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD525eb9e798f42da709c61b7c05c221059
SHA18188fd960cbe5bdc25814d2dd8bafc1eb453f3b3
SHA256474b695a3b249f47d27e9476adcfb2441bbc1fb8e589c4752fa3f2c2a0151792
SHA5129318bebd0ee55fee5992a42445596c3e04d19a7a97d4aff92eecbdcc8a51a40d57bd7b6deae7778dfbe6db6c08b709d32b4b9f3a14d492c905229fa92461d4cf
-
Filesize
8KB
MD54f9d63e49b5f4a1f0ef366d942df50cb
SHA1b17887011dec1aefdb08fafb57831523e5e79384
SHA256ee18edb2bbc106838e4a3b1e26240a7cc0ac14e0ea6b901c4fe7da4a1ad444d0
SHA5122e16e3bfc67eb99b1435c5503de10561c87ac15f51d8b9b3eeff7368c8b2431c3c0086da49d00500dfa638bca843a06cf9e22960be1e8e2e16d7da70714f1e93
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD509ed5362331faa56504a91f31257810e
SHA1ceb5d57752995307ba490fc6d29ae539c93ed603
SHA25674303390f4f247f14f7ae4f45ecf0d80ab30be3bbbac07ee01b515f22f01fce3
SHA5123a8e0b22ae9ef43578e87b873f306fa83d7f5c6a92222e6b41fc9e75ddf195b952b6e26ee65e5b097344fda2dfbbe6a51d8d36aa1bcb582cda38b307a9352b89
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD5ff6e5a956f62387c3d0880cb5ab779e0
SHA11489841af8f734caffd092387c14cc75b7b36558
SHA25681edad4e48febca40de66e451bb3506a524c09e2b6fedbb03704a2ded1b7188b
SHA512c53fdc85ec540cf9f4e3e20ea1c5c19a2a5801f33fffd5e66e9910d4d250f28680bcd77dac684d822b4fe5a03bf000797745aeab23aab9313a77b70ee0eafd38
-
Filesize
880B
MD5b101dbc14d0476d9191ae64dfaad86e3
SHA18002768ad413083aceab39070c49c20f4fb7079f
SHA2564bfe7a54c943837970bcb499d1d3f798253cb528b89b43483a0058157cf37215
SHA51235f40e63457388bd144961c83bfc59b40c66530136c05260a4c822d05fe79cb06dd8932ef582dabdff93f998810bd06e99f1a9b58746a8c117a068238f4fa259
-
Filesize
1KB
MD5bd6dc7328a37002afd6b00d16d35fed1
SHA1dec2aa92c2be3d98517117598dcc6ecb01209f85
SHA2565ebdd92776e6bb0f11eb22443ff02449cc9d6f933ba196d20775876c2b3daed9
SHA5123b881d3297fc7fab14c8347273dbd0b582133f811b323a60cb80ec305e51856fe6c10c0a79ec1a100714ecb0a14c38da452bf9e69d6022caa8f426ec25f0fccb
-
Filesize
1KB
MD5574cbd73bf83ff8ebc8628bea693637a
SHA150b127b189c1bf94582ee977491fc769f71c4448
SHA256273b344622bc49746a6cc8385c0b462d8ef8b24e0a8fe30ea5b2cc9d069b57c5
SHA512e2ae399aca9af76cfecd7359f05a7cc709c4dadf5ea523287e780a8bbe5677d27f2b2b99e3603936ada053ca81209f985210b59bf15b40c0ad0283a903f586ec
-
Filesize
1KB
MD5f29b816b0c123004548784ecf53b8eaf
SHA10faf69a7194cb0365a055ec1c8768a8f70145d15
SHA256b64f3007f5125e82e41572fea15b14857dd7bef772aa4363811bf78584b7d61a
SHA5125c9771afa47c70ef701acf9df01126ce32b74ad467b25e9ffd2d1d77fc21a060d9661997bc9afd654169bc00246853b4df2f886f9d4cac95895623dcca547815
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk
Filesize1KB
MD557b62bce450f82a5bfad38328d8467d0
SHA1848ba339a47d0ceee4f6ed4021dcdd5144e485ae
SHA256e06b281f4680522356bdd3956acd5f51e42b3d50b5f9a7a751201de7ee358bab
SHA512104680da6935642096f990497d9ee84540dde151e12f1bdf0ecb56f25b857ead3607845cfb8a05775dc4c76fe14c6c6cf0758d5f6f922db377c0e9c54c136060
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk
Filesize1KB
MD51a3cea5d9014a182425bc83d1a3e56c4
SHA1bbdb714c94375fc8dd757ac0dd98720c908e2958
SHA256d798dd13531ff5804da4c9a416f5b610c08447b62ff893960bb31b1b55d0e5bc
SHA5127fe961da2f1c161448cbac7a1dfec6dac4ceaec01431c42f296b24f5d63a443131aca91fd7277ac8b1ed407b9e629843923d4ee7647466426738d3b9456c0aa0
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk
Filesize1021B
MD52ad5ececd264bc401c84a7eed2419cd8
SHA1c7f8cad127b8ca880645510925f93d6179293810
SHA256b3cf0f41ab64d20842d4cb5bbadde9a63d1000cdd641a180895147757e36ebee
SHA5121c6fcf24ded6339d4f0899bf8645f6c73337a8bc9eedeb04af2e0f7425d46b18ff522e2403a37b2d3478866a3bacd4d031f2a62988cc781321ad2a71a23ab1ab
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk
Filesize1015B
MD5543fe06d03460a1c355790e0bbc3e3f1
SHA1d8607c78c0f71eddd3044c747487e088b66682d8
SHA2567fb56c7167e9b01cf27cfbac4998d7b21c44c08283bb0a9ff622f4027a2075d9
SHA5123781871f2e6be75951c76d49b6831efbc362facac6efe14021e60314ccf56c32ca252585ca27d2a2cb10b5a5a5f2c0002845c1e2cc21d8378528796d1808f626
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk
Filesize1KB
MD5bea9da0cd1ff2c1de17686dab1d4db97
SHA1fb3dd0578dfc6f941a8cbd5fbabd515bff720e00
SHA2561b7a1751b9da646d95d28ac80c1e4d92beb51d86f789be3d8d918f8297c3407b
SHA512d1b8843b09497e38e5ca583aadb6080ec518c0097f14eacb7eb96f1bb00cc287b1dbff912112ccf1e341a8f96b47f9ad88d475e72b118e758333a04daf3b5dad
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk
Filesize1KB
MD50c5ce1efc9b4bb43236a827017d646ac
SHA11ceace44ea29c28e9169677db960ddcc78812f28
SHA2563049f1484d3b2c265c135372d3599d08633681cba28ce0451e88598e3666b505
SHA5127291e1d0236506bd33d6a36f7a3e5676729217cc50e6a7192cb6b3a0ac8cba5496f1457ded14cfc256a39b0527ae01dcbf7be3be0e5d5d2a963150a84759254f
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk
Filesize1KB
MD5fb18353e0b6ce6bc9594d0778cdddcf4
SHA1a49db3138a11595e8b1ae38c109e97523e0e51da
SHA25676f73fb0777847117dcf6093bed75e30543f7147a7436586802e04415eb435f9
SHA512d99da948ce36b1bffe93a1cbf15ba3b298569c3c1b431e6c8a39ef37e6eced285a6f48bd9139660b391c6b19a58e30e5f722bc094c27e615f637d07c2ab7290c
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk
Filesize1015B
MD5e1641996e5ee8c90e65e26a20eba7650
SHA1689272364ca28c33c0522a61fcdfd2193b0b7dcb
SHA256b470c8dcc89c50c4edb46a528a5bb6647cdce0894d4faae8c2a2d06db02358ab
SHA5128945920b5137d442d86f657d306b06facec3dd6a523b102743c10b30ac613eb4df133c63d9651a5c7bac6ce7f0443e301763e6ba2b643cc3241b910c9e037935
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk
Filesize1015B
MD50ff327fa3750cf2ed9250110b8f8b119
SHA153e27d5cc758493e5fa7ab67407d62ae7fabedf1
SHA256c24956ad1817e89a7fedb36b26ca1f2b61482f43ca8e24ef450fb6e449bc31f0
SHA512b8620971c9c35782bd89b20edd23d4dbb1039905854b8fc5eb011a80b53849dda3cba696ab6965e118b73093cb0bf63dd0c0be354248be3df7fe43d9401d0984
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk
Filesize1KB
MD5f9de65e4d7bfcf3d8e7f5660993bd86c
SHA19155fd8e3a0a13ac0f7f9a5fd69bbd7d4015a645
SHA2563e241711bcd395c695e93d91260ab2b46112f35f6ae388a46192f320f34109a1
SHA51251ca81f2916d800b20527675b56bfbc3a8c32f49a7dc1d7edff21af6048bb0163e4af10a3e80721cab7338d0d9685f9ac4b94bae52a5be0169fabee4a8d97b51
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk
Filesize1KB
MD51c158b44ced1762202a3d5a1f2aa58ab
SHA10d8397a744d563755a84a579ea3858aa6b612b54
SHA2568d63831a9f8b1bd50b871e3d0a11a867e4712c7a03332c8dc7fc7612203a5ed1
SHA5124ec73420529403585cdd23165db99f932cee7d00a88b8804c5cd8912ecf85eac4c747136c5c5805b661f4475b1cd4cd2a50b8342fb484abd2513b795498ca1ca
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
Filesize1KB
MD575074fb79479009c35d85b7d6dbf9b82
SHA1c4bb2b50980efacb6055e66bdb18aee39dd4a16a
SHA256a527f92607ebc08a14838630c0f20a3674540771581fc660b6721d737f65d076
SHA512d2df00a05627f511811bbd92257a9710e3941b5e19fefeae6632052df21fae354f09d9be0138a726de6fed2af5c117ec4de4b7969da3c13d73c5fdc096d1f373
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
Filesize1015B
MD549b84bb4c7b7bea8fb7a85df343945ae
SHA1472238e072c30e1dad5de5a8557f2354eeddcd0b
SHA2565fb4dcd268ebaea360588480cc7ad462742a09b822bcc7b81f8d9a7fe352d8b8
SHA512dfcb962cd3bafeb330909c99ec297cea819a2ce911c751b769d10473488352a0d89d5eece722c131da74af7e8f63076060b8e48d81377312b1c6c4eb56a2e977
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk
Filesize1KB
MD5b7ba2519c7c8164d5792a3cf101aed7c
SHA1da538d9d12d81cd74248d80e99c430222add9d90
SHA2562d2bd8a10ffba791250c32639b2fee2378d724475b5690db70c09b9957a2842d
SHA51228b81eceaf99abd60badccba3f1610518e8cb6072c48d458c3c5d0b8efe35d722618f5cae3ae4f0a63b451b5ea75b70c6a9172b427270ca7096384a157cce8f5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk
Filesize1015B
MD52d9d36cfe73533b6c1e6fe702cb10633
SHA1bba2848bbc13914dcc06312de75b15dfb5293f34
SHA256f62861a0e033e06db865376a8c394f7dcad063e96e99cb08ba7da72417c6fd87
SHA512878663496365acea2f22107745c29cf6be6732d1d97dc28e53233b1dda997d115b2dad72b2d9453125f544a303ddf7900ac200cbe5f7432b9c7247e8e4fe12af
-
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk
Filesize1KB
MD5149612303199c754d46f776bdf98e8e6
SHA1cbb71dc486f044f26f25c2d95dd28a0d63ba512f
SHA25636f12556678050723306f89f344a46f19edd94940f2acbdd28aec4bf2d026b59
SHA51218d7003cf1909fe520d729492a77c7bbcf022d10c4daa27846fd13b4230af079b2f5ca258a66c1a7e5309a212b7b4609d274123a80e242ab71763072149c802e
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
Filesize352B
MD52a438a5f98a10119d32207ccc87b6ccd
SHA1f5c50fa9e7297c0b0ff4edf311b1b7c7911bbd21
SHA256b984f9a2545c16a289f678a72a25fbb432cd20c613b7001dc340e24e2cd99868
SHA5127d296f577da0dafdd39bb361e8638ae089f1350daeec28207ec96818bbbcc29ccbfd32b6e1553af3d3e50a27955c77beac2b3bfe356cb0ac2b8986249c62c2b4
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
Filesize334B
MD50201c385089305aa78491dece91cdc27
SHA1d844b643110ba8a570888c5a49b6d05b549521f3
SHA2565528995f347dce21c43dab0e440773e030d505acbff3e70c11b9f0c737c03d9c
SHA512547b9dfdf8b2df26ac53de54e4c7d79fd9ae0b86c9d35b4b6836efad3bc145f8b1fcf14067ad7b925d177368071b8995820ca89a76913a982d24ac41bd7772ff
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
Filesize1KB
MD523c0cfa5b7a2d3322c59a1bfc55c8e2e
SHA183a76bb50cfd90978760bad79498b18aa455a7a8
SHA256fbb44b95d4968eb9ce67d204a4ae3358d25c4b1deb0b4e7780615b7fcb9b9764
SHA51212d4003b97dc36bcd1afccdc2fed949f4b8b126dac160f82abc25480dba9891f72fbf09eefe26b771252db61cbba56b789368f6c6aa67045a65facdd9fce30ea
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk
Filesize1KB
MD5c164e42e3b24243e9217f5f94d56c6c6
SHA161d2bbbf918d611ffa0749372d1d92ecd478bc0e
SHA25675a42af8770d94fb92d4dbe5327d7fffd0eef7a77e91a722627f01383d2cc3a2
SHA512e1c27e8fa62f8c5f5e8fa46ebdcbdb68ec00e159749cc0eb781a02eea982295c1c8c06293481b61a4b702e0db6107955ae2712d55e7999b299118213d1d10236
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
Filesize1KB
MD521682f2b0ae7b76e48ade8036ee2f455
SHA102acd2145c91a52831d29eb174a555f60ee205f3
SHA2564db561128f327cd04164e80ddb97e018927752c6fa5deeb4861d271bc7e53728
SHA51207dd1a82b662cb625ec106b6013cd1ec7cfa256a10069f3606cf96e97497aec63669d47fac66421840f187c4164c3745a1ece9f199f916a46d30821d46ced487
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk
Filesize1KB
MD5116e3e4e17104338cf0ede593acc4300
SHA19ef66f7f3f55270e5eb66d0911504702a4f92b63
SHA25606f4faf75c236f29f6950e05b193f3097060e2a057aac8707d9978d77eb4b40b
SHA512eebeec8ec8737e0052ea21b9e3a68102c3d271f36c234392145436e9243e437a168947e41dd157097066d05fd96e0a6b9ce954419f4bedf4b32930ae76b164f5
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk
Filesize1KB
MD5a278410cb79844292ad5265ae2f63d54
SHA142e19a7fa63ee048319572869964c5ca06c88e2e
SHA256f9cfa7cbc7e852993e6e085470bed6a235de41f0cb27c16662137725650788ac
SHA5121dc1d78033dc13fa612b39c114978cc44ed31e7a65716c240df93788a6f2847c4195699a2b0d21e614b3dfa69e3ca9a9f5c5a80ef951a35bbdeb90d17364c352
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk
Filesize405B
MD52eab5072ce48d73e2879ecbe0872ecbe
SHA19f02b2130e881599da947a58c5949d3d08103dfd
SHA2566bf4060ce246951df8e8d10662bb2e817764f1b01fe3d38bf2c2b59b2b1fe838
SHA512d1953ee1e0521bd55cbfaadb3e74a0e8b110bf161d4b506ef419bd9458b581dae1e7c4c4d9737075b65d7d3c393a983af5f4ebf2c77ee22cca8cc461c9384b45
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk
Filesize409B
MD526192ace9321830331f550dfaa74a86d
SHA1bb2fa19d4239cff914e7ae1cac03fdc52bb1a56a
SHA256f0fefc1cd09c08e4da57a04fd02bf3002d54eec5ea23ef5b36bf75b1942c7860
SHA5120fd5aa270d2de45c334b920db3f49d7bfce325b5db7239be384964cff1a3cc19839798db15ca42c311b9ad3eaf058aa7df165738fcf1139bfe6ff9299bc3f83a
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk
Filesize335B
MD5860fc5613086de3fe464f2f5c7d91053
SHA14c39e2b8007c6ff74b90843df29f7816df5133f7
SHA256f8b90b120983430fd81af98b339d0db23240d5f6f1696f6f1c63336c206f8aa8
SHA5125dd9d5e87997885d800d507d9757727c34d190b6a4810d7260f626fa730337c48809360c17c68fb32dd37b5674af6208ab5fa42b536bd3f4f4a25764e8aa5f7b
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk
Filesize2KB
MD502029c81ac98ed3460244fe9605e43f1
SHA15a0cb359e4026354a81b6dac140e31db80cdc25b
SHA256a983d6e61da4972d23d9731133785a0a4ba86eb66cf567616207ea342c70af2c
SHA512370bb50638920bcd839abb98ddb3e814b89ee37d669f35ed01e539cf4a92e10230192ad6d847513be2a7fbc0ba01a6100009aa7852bc8d29bd1df9c266fe0103
-
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
Filesize2KB
MD56d2aa32014aa454d9644ca02575eb775
SHA1ec56634752878b015e253abcae425be74de66434
SHA256bbea9dbd451e1596c66495aa45d429950eeb1344e2d1bae83355cfa5d7156891
SHA512530693b827da6908208af4e370a46f6675feb466c336cddb84d89f959d5463a8e859ddf75368b5a3fa1dc66a92a3714d9a9020c99f216d60ab5cecff5f8285ac
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD5d511d2aa2c21b31d13580cc3d52cb43b
SHA1379c28f14ba8fe8556f8301fb61a9da79491081f
SHA256e1aba88ba529f3ff043a550af7c08007bc6c7b6420316d8dacdae98a9d2071fb
SHA51229688c843db7d6a4a655f24b23b7c24623278471b96af77b900674b04dfb25672986feb82273b50642705f780467c1d4b3d52511893708ae66b2a66002034b0b
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5180a37865c0ce79ff72bb3bdfb6e4b81
SHA1a347aa4ebad7d8282e62b7fe6b13d67dc8786d71
SHA25690297750659f4403c54d10504c2d1b0560e2b685fead1a3ae3f0c2058c06108d
SHA5122002fe5360084cd839e70c3aa7630fc2e56b45f1a022fa798effd4f9deb86ba1946ebd6d45fdc32bd736098fc37656129987d704de6323a56b7ecbfba8b4d569
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png
Filesize296B
MD59f567fffd94dfa6d50f1d1a2e55d4aa6
SHA1627a866271bb8c05baa5bf60aa9194d7a5964293
SHA256e5f56337311af9e408a11cff1ffac295a519bd1837f53f24ab058c45712abfe4
SHA51275070bf1da2886ea015c2af7710bc94212ca9b503261032ca6eae9db6241c5dbd848cf38dce18df7c07e95dd16fb6f50623f3a1a9e741093c10b7789ce7aa1ae
-
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png
Filesize276B
MD5dd8810e75e1aa8029dfb1d875c6eab43
SHA1768064dbd2a0c76610aa655628582812307e51f0
SHA256604e90c6d156cdfded92fd8440c8277f9430de6e0a2808d00c2e50192f395cb9
SHA512641a121e5079853cc0061d6804169f21aff79405658c3f795fa01a243bc5086ce01ff7b66381fdc972d7719cedd07067ce7510d97c3cb4c458718a0b2a3489c6
-
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk
Filesize1KB
MD5815fe160b34dca45b55e73fcd4e50e65
SHA12c7f318356774730dee3e30e7ca52167ea73b871
SHA256aa1d953aa31e6b05ca914808241398fb75669df836b150dc6b0c142c0f672d07
SHA5120f6838e580ccc7eb992b6e812c2f1f1af53837c6726b5c73ee35dc202afdb19605efa9caf332322e75784ac50336a44389a5ae0660970e7c6cd725a9b37e52e0